search

cubeOSCP / OSCP+ Review

Accredible • Certificates, Badges and BlockchainAccredible • Recipient Portalchevron-right
Accredible • Certificates, Badges and BlockchainAccredible • Recipient Portalchevron-right

hashtag
Introduction:

Hello again, I am Obaida. Here is my review of the OSCP course and exam. First of all I have over four years of experience as a CTF player which mainly helped a lot in passing the exam.

hashtag
Course Content:

Before diving in, it is worth noting that a significant percentage of the content overlaps with other certs like eCPPT, and CPTS, also it is meant to be for beginners so you will not find any advanced techniques, etc.

Here is the course content:

  1. Introduction To Cybersecurity

  2. Report Writing

  3. Information Gathering and Vulnerability Scanning

  4. Web Application Attacks (SQLi, LFI/RFI, File Upload, Command Injection, etc.)

  5. Phishing and Client-Side Attacks

  6. Public/Fixing Exploits

  7. Windows/Linux Privilege Escalation

  8. Tunneling/Pivoting, Port Forwarding

  9. Active Directory (Enumeration, Authentication Methods, Attacking)

  10. AWS (Enumeration, Exploitation) (It is not included in the exam yet)

hashtag
Exam:

The exam includes 3 standalone machines (2 Linux, 1 Windows), and an active directory set where you should get 70 points to pass the exam.

It took me around 4.5 hours to reach the passing score (80), and more 6 hours to get full points (100).

In my opinion, the course itself was absolutely not enough to pass the exam, and below I will write some resources to practice before tackling the exam, because the exam has some tricky stuff.

hashtag
Tips:

  1. The most famous tip, to be as thoroughly as possible during your enumeration

  2. Have your cheat sheet and notes ready, to avoid wasting your time

  3. Always search for low-hanging fruit first

  4. Sleep well, take breaks, and manage your time effectively which will help a lot

hashtag
Useful Tools:

  1. Nmap

  2. NXC

  3. Gobuster

  4. MSFVENOM

  5. WinPEAS/LinPEAS

  6. bloodyAD

  7. BloodHound

  8. Impacket suite

  9. hydra

  10. and others...

hashtag
Recommended Resources Before the OSCP Exam:

Since OffSec is the one who created the OSCP exam, and at the same time Proving Ground practice, PG practice is the best place to practice and get the knowledge and tricks you need to pass the exam OSCP, and the best community-created list out there:

Try to hack as much as you can on HackTheBox and PG practice.

hashtag
Conclusion:

Lastly, if your goal is to pass HR filters as the community often says, then go ahead and good luck. However, if you want deeper knowledge, and more realistic examination, I highly recommend going for the CPTS.

Good luck to everyone preparing for the exam!

PreviousCRTP ReviewNextWeb & API Penetration Testing

Last updated