OSCP: A few extra advices

On August 25 I received the email announcing me that I passed the OSCP certification exam. I did the exam on August 20, it was a crazy long day, but super fun and very rewarding.

It took me about 15 hours to hack into the five systems, and I used the extra time I had to write the documentation and make sure that I had all the screenshots I needed.

There are plenty of resources online where you can find advices about how to prepare yourself for the exam, and if you’re ready for the OSCP exam, you have probably already found all of them.

I just wanted to add my two cents, as it looks to me that these informations, specially the first one, were not easily available.

  1. We all know there’s a buffer overflow machine, right? I was super surprised when I was reading that it took a lot of people 30-60 minutes to complete the buffer overflow machine. That’s the time I need to setup the testing environment for the buffer overflow. The night before the exam I spent a lot of time setting up several virtual machines to be ready for the buffer overflow and Windows machines were a huge pain in the ass. Don’t do this: you will get a debugging machine for the duration of your exam (like in the course).

  2. I don’t want to go into details, but I had the feeling that in my exam there was a “metasploit machine”. I don’t know if this is a rule, or just a coincidence, but if you get stuck with a system, move to the next and don’t use metasploit unless you’re sure you can’t hack all other machines without metasploit.

That’s all! Good luck!