r/oscp

I wanted to share a quick experience post for anyone currently preparing. This certification pushed me to improve not only technical knowledge but also patience, documentation habits, and structured problem solving. My goal throughout preparation was to understand methodology and keep practicing consistently instead of chasing shortcuts.

A few things that helped me along the way:

• Built a routine with regular hands-on practice sessions

• Focused on understanding enumeration and systematic troubleshooting

• Kept notes and documented findings to improve my workflow

• Revisited weaker areas instead of only repeating comfortable topics

• Practiced managing time and staying calm under pressure

• Used pass4surexams as one of my review resources to reinforce preparation and evaluate readiness alongside my regular study process

• Stayed focused on learning and improving practical skills throughout preparation

Big takeaway: OSCP felt less about knowing every technique and more about applying fundamentals with persistence and a structured approach.

Good luck to everyone preparing — keep practicing, stay curious, and trust the process.

Hey everyone,

I'm working through the PG labs and have started building some bash scripts with the help of Claude to help with my enumeration process.

Will these be allowed in the exam? I am finding them useful for myself but don't want to break the rules

For those who passed the OSCP, did you get discouraged going through LainKusanagi's OSCP Practice List? I will explain.

I am on the right attack path for a box, but there are these little nuances in the attack vector that stop me and I have to peek at the walkthrough.

For example. One was an ODT file extension that was uploaded. Instead inserting the PowerShell syntax to execute the reverse shell, the walkthrough, via PowerShell downloaded and then executed. I spent hours looking for other paths and was discouraging.

Was this normal for you?

Hey guys, I've been prepping for oscp for a while and I have OCD and perfectionist tendencies due to which I spent a lot of time researching and understanding a topic using Gemini and then 2x the time for creating theoritical and checklist notes. So, I was going very slow and I pasted a lot of theortical and practical notes in my obsidian directly from Gemini's explanation cause i really understood it well.

So, if i ever forget about it I can refer to gemini's explanation in the notes instead of going through different articles. The issue is the notes look a lot like AI made, i've not put gemini response or you asked stuff in the notes but it is very well organized section by section and lists. So, i am kind of afraid will this get me disqualified? I've been saving for this since a few years, I don't have a job and no employer paying for this. So, I really need an accurate answer. Example of my notes

SMB Signing: The Practical Flow

The first step is Negotiation which is Plaintext, Client sends I support signing and Server says I require signing and Attacker in the middle realizes he can't do anything. If he sends Signing DIsabled to client and it tries to connect without signing, Server will block it. The server simply says that either use signing or don't communicate there's no other option.

After the negotiation, Server generates a challenge and gives it to client for generating the netNTLM response. At this stage the Attacker in the middle (using ARP poisonings or Responder ) can dump the Netntlm response and crack it offline

Now, the Key Generation process starts, Client takes its Password Hash and some constant like AABBCC to generate the Session Key. Server does the same, It takes the User's Password Hash (from the local DB / AD) and the same constant value to create the Session Key. Attacker sees NOTHING causing all of this happening internally in the Client and Server devices, It isn't being sent over the network which the attacker is monitoring so it has no way to know

After this the Traffic starts getting signed, So we'll see the traffic, we'll be able to capture it, we'll also be able to read the data being sent or received but we can't modify the packet cause then we'll need to generate a new signature for which we need the user's password or the session key which we don't have

I'm from Saudi Arabia and I'll tell you the details so you can better understand my situation. I saw the movie hackers (1995) at 7 years old and was fascinated and mesmerized by it and I wanted to be a hacker ever since. I graduated high school in 2012 then i got into local 3 universities and dropped out or got expelled from all of them due to attendance and low grades. in April 2014 I got an opportunity for a scholarship to study in Japan. I spent 2 years at language school and passed N2 level. N1 Being the highest starting from N5. Anyway after that I got into a Japanese university (computer science) and then i got my scholarship revoked due to low attendance. my senpai at the University told me that something is wrong and I should see a psychiatrist. i went there and was diagnosed with ADHD and everything made sense. I got back home empty handed in 2018. but that made me think, what's the best thing that could get me money fast? upon searching i saw a tweet for a government platform for bug bounty hunting and I signed up. that was during covid, it said it'll take 4 months to be accepted. during that time i did a lot of htb & vulnhub machines and got myself into cyber security. it helped from time to time but I'm now thinking about marriage and having a family so bug bounty hunting doesn't cut it. I need a stable income.

The reason I'm looking for a remote job is because I had an autoimmune disorder at 16 years old, with undiagnosed musculoskeletal pain. and I got another autoimmune disorder and neck injury at 28 just after the covid vaccine. I don't want to discuss politics but that's what I believe

so tldr

I have no degree

I was freelance as a bug bounty hunter for 5 years but i can't disclose anything

saved for the OSCP 2 attempt exam planning to pass first attempt

will I get employed remotely? and if so how much is the pay realistically.

Thank you for your time. godspeed

Hi everyone I recently passed the CPTS and now want to tackle this exam too to make my resume stronger. For those who have taken both, please tell me the definitive differences in difficulty. I’ve heard from the HTB community that the CPTS’s technical side is way harder and that it would over prepare you for the exam. I’ve been doing TJ nulls list for the last 2 days and must say that I tend to miss the low hanging fruit that tends to appear. I’m practicing on building my notes and methodology before even buying the course because 1 try for 1750$ is a pretty risky step ATM. Any advice would be very appreciated

So I'm at the last module in AD Enumaration, which discusses bloodhound (legacy version), but due to incompatibility with the latest Sharphound json outputs, I had to upgrade bloodhound to the CE version which seems to be less useful than the older version.

They seem to have removed shortest paths and analysis and kept it in the Enterprise version.

Community edition has less capabilities than the legacy version it seems..

What do you suggest me to do? Should I revert back to the legacy version?

Just took my first OSCP exam attempt and honestly I think it was a valuable reality check.

For context, I’m doing the OffSec Learn One subscription for PEN-200/OSCP, the one with a year of lab access and two exam attempts. My subscription expires in June, and since I still had both attempts available, I decided to take the exam about a month early as a “smoke test” to see the real environment, pressure, workflow, and identify weak spots before my serious attempt.

Going in, I already knew I was underprepared. This wasn’t a surprise “I deserved to pass” situation. I mainly wanted to:
experience the exam pacing

test my methodology under pressure

figure out where my gaps actually are

I actually feel decent about parts of it. The exam itself felt fair. Enumeration and methodology mattered way more than gimmicks.

But there’s one machine that’s absolutely haunting me.

I narrowed it down to what felt like only a couple realistic attack paths. One path I eventually wrote off as a dead end. The other path I hammered on for hours. I tried multiple variations, researched techniques during the exam, watched related material, adjusted tooling, changed approaches, and every route felt blocked.

Now that the exam is over, what’s bothering me most is not failing. It’s the fact I still genuinely do not understand what the intended path may have been.
That’s the part messing with my confidence for the next attempt.

Did anyone else have this experience on their first OSCP attempt where a box completely broke your confidence because you walked away with zero clarity afterward? How did you recover from that mentally and technically?
Right now I’m trying to determine whether:
my enumeration was weak

I missed something obvious

I tunnel-visioned too hard

or I just lacked depth in one specific area

Curious how other people calibrated after their first real attempt.

Took the OSCP on Friday, got my results today that I passed. Big shout-out to the community and looking to give back to anyone who's on their journey!

Finished AD set in approx 1:15hrs

Hit the gym for about 45 minutes

Crushed the first standalone in about an hour

Got the next foothold in about an hour.

Ended up with 80 points overall. After getting the points I took a few hours trying to priv ESC on the final 2 standalones but decided I'd just finish the report and hang out with my kids.

Hi yall! I’ve been interested in pen testing since I first started this kind of work. I’m a “cybersecurity” guy that got my teeth cut on IT Auditing and GRC roles. Made it to leadership and eventually running my own info sec department.

I never got over the itch to learn pen testing.

Talking to pen testers for projects was my favorite part of the job. Anyway, I’m a CISSP and been doing the above work for awhile. Had a layoff and now have more time to figure it out. I want to play offense and do red team shit!

So, I’m asking what’s a good path to train up for and attain OSCP? I have discovered Hack The Box. Seems they have good reviews. I’ve explored comptia as well. You all use of of those?

I don’t have time restraints, however I want to make sure the time I devote to it is in the right place. I want to avoid training on what I don’t need to from ignorance. So let me ask the OGs and pros here! The sail just needs a wind in the right direction. Thanks open to suggestions!

I solved 2 Linux and 2 windows, but struggled with the last one in AD set. Twice.

I have solved many labs on my own, having extensive experience in Pentesting(6+) but somehow I am afraid to go 3rd time. I am open to suggestions please.

So, Last year I had 2 attempts and in both I did found the solution for the third (probably but could not tried) but by the time I did, 24 hours times up. I didn't drink coffee or caffeine to stay awake, just water.

Now my company wants to sponsor me again for the 3rd time this year with 90-days lab access and I can't say no as it would disappoint them.

So I know all resources in the group but I would appreciate if someone can say what one or many things that actually changed their style and helped with this certification. It could be few things related to timing, who gave recently what materials is most useful besides the offsec labs, or realization of rabbit hole.

How would I divide the task in 90 days, focus on passing in this short time.

Thanks in advance 😄

Edit:
Thank you everyone for helping. I don’t have much friends after I moved to different country so couldn’t find the issue but talking with everyone seems I find the mistakes I took. Much appreciated your support.

I recently started preparing for the OffSec OSCP certification, a well-known hands-on penetration testing exam that requires both technical depth and practical problem-solving skills. OffSec OSCP My preparation journey began with understanding the exam objectives, building a strong foundation in networking, Linux, and basic scripting. I set up a home lab environment to practice real-world scenarios, focusing on enumeration, exploitation, and privilege escalation. Daily practice helped me improve my methodology and time management. I also followed a structured study plan, revising core concepts regularly and solving as many machines as possible to simulate exam pressure. Initially, I faced difficulties in identifying attack vectors, but consistent practice gradually improved my confidence and efficiency. Over time, I learned to think like an attacker and document every step clearly, which is essential for the exam report. This preparation phase was intense but highly rewarding as it strengthened my practical cybersecurity skills.

I also supplemented my preparation with structured learning resources to better understand advanced exploitation techniques and exam patterns. One of the helpful resources I used was PassCertHub study material, which provided organized labs and practice questions that closely reflect real exam scenarios. The hands-on approach in the material helped me bridge gaps in my understanding and refine my troubleshooting skills during exploitation attempts. It felt quite similar to the actual OffSec OSCP exam environment, especially in terms of time pressure and problem-solving complexity. Using PassCertHub once I practiced regularly using these resources alongside my own lab setup, which improved my consistency and speed. The combination of self-study and guided material helped me stay on track and maintain focus throughout my preparation journey. Overall, this blended approach made me more confident in handling complex scenarios and prepared me better for the challenges of the certification exam and continuous improvement mindset overall adopted.

So before buying OSCP bundle i decided to buy the Proving ground first. I got some basic experience on linux and windows and AD. thats why i bought the proving ground first before the course.

So im doing the TJNull list and here is the problem, i dont feel the strugle from the practice. the reason is i keep seeing the "about this lab" when trying to start the lab. this is giving too much information that i can already tell where to go and what to look.

Is there a way to hide the description so that i can do the lab "blind"

Has anyone taken the OSCP exam on an unsupported operating system? What was your experience?

For the record, I’ve tested my connection from Arch Linux on a PC using Firefox, and the proctoring tool worked without any issues. I’m just wondering whether it’s worth taking the risk, or if it would be better to switch to a supported distro and a laptop instead of PC.