First, what is the OSCP?
If you are ever curious about what it takes to become an ethical hacker, you will most likely find yourself googling “How to become a hacker”. Within your research, it doesn’t take long to read countless blogs and forums that point to the OSCP certification, by Offensive Security. As many emphasize, the OSCP is the entry point for all aspiring ethical hackers as it teaches penetration testing methodologies, tools, and techniques.
Course Material updates??
Like everything in Cybersecurity, there are constant updates to the ever-evolving threat landscape, which includes new offensive tactics and techniques. As such, the creators at Offensive Security pushed vital changes to its certification exam on January 11, 2022. One of the major changes was the introduction of an Active Directory environment in the exam itself. According to a recent post by CrowdStrike, “fifty percent of organizations have experienced an Active Directory attack in the last two years, with 40% of those attacks successful because the adversary was able to exploit poor Active Directory hygiene”.
Exam Structure
The exam layout is as follows: 3 stand-alone machines and 1 Active Directory environment that contains 2 machines and 1 domain controller. As you can see in the table below, being able to exploit the Active Directory environment plays a major role in passing the new version of the exam…Gone are the days of an easy 20-point machine through a simple buffer overflow exploit.
Number of Machines | Points | Notes |
3 Stand-alone Targets | 60 | 20 Points of each machines compromised (10 Low priv user & 10 Points for system/root shell) |
2 Clients1 Domain Controller | 40 | Need to compromise the whole AD set, which includes obtaining Domain Admin to receive full points. |
10 | Bonus Points (Must have 80% correct solutions submitted for the PEN-200 Topic Exercises for each Topic Must submit the proof.txt of at least 30 PEN-200 Lab Machines |
Practice makes Perfect
Yes, as many find out when taking an offensive security certification, the course material alone does not help with fully understanding the vast number of topics being learned. SO, more practice is needed. Especially with the newly added topic of Active Directory exploitation. In my opinion, the two active directory lab sets that come with the course labs are not sufficient.
After finishing the course material and your lab time, I highly recommend purchasing the Proving Grounds Practice labs. This includes additional machines created by offsec that closely resemble the stand-alone machines and Active Directory machines that you will get in the exam. In addition, TJ Null, a well-known contributor to the offensive security community, has created an in-depth list of Hack the Box, VulnHub, and PGP machines that provide extra practice when preparing for the OSCP. The list of extra practice machines can be found here. Prior to taking the exam, I completed the whole PGP section provided by TJ Nulls list and felt very prepared to take on the exam.
The Exam…
The exam provides you 24 hours to exploit the environment and obtain the needed points to pass the exam through the submission of root.txt and local.txt files that are gathered after successfully exploiting a machine. In addition to the fun hacking phase, you are provided an extra 24 hours to submit a report that outlines your step-by-step process from Enumeration, Exploitation, and Privilege Escalation of each machine.
Pro Tips
Drop all material related to the OSCP 2-3 days before the exam and RELAAAAX! The exam itself can be time consuming, so be sure to have some coffee ready or your favorite energy drink! In addition, having scheduled break times can really help refresh your brain while you are pounding away at the keyboard. During my exam, I had an alarm go off every 2 hours which was my cue to take a 30-minute break!