u/PeacebewithYou11

Thank you u/Tyler_Ramsbey for the HackSmarter labs. They are great fun.

I understand some people take OSCP for job and livelihood. I took it for interests. My profile first for people in similar shoes. I am academically-inclined. I have been in networks and security for 10+ years. My role is security engineer not SOC analyst. I learnt c++ programming before. I can understand python code somewhat but not 100%. I did not know cmd, powershell or linux. I do know a few basic commands. 'cd' 'cp' Total hours I spent is around 500-800h. 6 months of relaxed learning, 4 months on 15 hour weekly learning. I completed around 10 machines on TryHackMe, 0 machines on HackTheBox, 5 machines on HackSmarter. 70 machines on Proving Ground, OSCP A,B,C, Relia, Medtech, Secura.

I have not seen any one mention it but OSCP materials for effective learning and the mindset prep is quite good. When you get discouraged remember "Not Yet" I do not know SQL injection. Not Yet. But I will learn it this week,

My number 1 tip for passing OSCP is to read through all the passers post on Reddit /oscp that already answers almost all the things. There are many hints that can be gleamed and information gathered from these posts.

There is no better or unique tip I can mention that is not already shared by others before me. I will just list a few. CPTS is not required. CPTS may be helpful but it may also work against you if you are not clear on the OSCP style. Lain list is more relevant but TJNull list is also good. It is good to bear in mind what is OSCP style like as you practice the labs. This is highly important. Helps you avoid rabbit holes and focus on what is the more likely attack method.

Be prepared to pass OSCP only on 2nd or 3rd tries or more. Don't stress.

I have over 300 pages of notes, I only used 30-50 of them actively. Googling is underrated. Always ask yourself could my Google search be improved or more precise. When you missed things, ask yourself why I missed it, how can I add it to my workflow and how I remember it? For example, when you see an .exe, always 'string' it. Directory busting? Always add a '/' to end of URL.

I took OSCP exam like a battle. Before exam prep, consider using Google, ChatGPT and other online resources to gather information a lot. Try this on ChatGPT give it scenarios you are stuck with on AD and ask for detailed commands and steps for 20 methods to try, sorted according to likelihood. I had 2 backup computers - a lousy laptop and a friend's place if needed. I planned my timeline and meals.

Time management is very very important. Do not spend more than 15 mins on a single method if there is no apparent results. How do you know if you are giving up too easily on actual lead? You don't have to. Come back later after you are done with the other leads.

I shall not ramble on. Feel free to ask questions I will answer if I can. No discussion on exam contents.

I am seeing many threads on Singapore and Malaysia. Anyone who thinks the same as me? Malaysia would have led and lept Singapore many years ago from the start of not for UMNO corruption and its policies. I am not surprised they are doing better recent years. Of course I am also sad for my Singapore.

And a Yishunite friend told me herself a lot of strange things happening there.

Called in to NUH hotline for enquires. Automated system. First message states system has been upgraded to new better system. Ask me which hospital I replied NUH. Took 3 times and each time took 10 secs to "think" before it replied and got it only after 3rd time. Then ask what enquiries. It gave all the options. I replied "bill" it is one of the options it gave. No reply. Repeat. I said clearly "bills" still cannot understand. Then I said charges, also one of the options it gave. Still cannot understand. I repeated charges then it understood on 2nd repeat. And each word took it 10 seconds to reply. My goodness. Then it went on and on about it has no access only access to charges if already on record blah blah. On short it cannot do anything for charges.

Workflow options that was not optimised aside. How is this even an upgrade?

Did anyone even do proper testing? Goodness