Well, with all of my preparation done, and most of the labs completed, it was time to take the OSCP exam.
I got the e-mail with all of my information a bit after 1 pm my local time, and it was time to begin.
The first machine was completely rooted and ex-filtrated by 3:45 pm, so I was feeling pretty good about myself. It was an easier one, but my exploit was clean and combined a few public exploits with some code of my own, and worked excellently. While this box was only worth 20 points, I was sitting at 20/100 with “only” 70 required to pass with plenty of time in front of me.
I managed to root the second box right before dinner (6:05 pm) as well, so getting 2 machines completely under my belt in under 5 hours was a confidence booster that would definitely come in handy later. Unfortunately, this was a fairly easy machine comparatively, and was only worth 10 points (bringing me up to 30/100).
Machine #3 was completely done right at 9:28 pm, so just under 8.5 hours of the 24 total possible hours in the lab environment. This box was a bit of custom exploit development that I could have probably gotten MUCH sooner (before box #2 if not #1) if I had a bit more attention or tried a little harder on it (I know) earlier. That said, it felt good getting this one finished as I both enjoyed it, and because it brought me up to 55/100 points. Due to the boxes I had already rooted so far, I still needed at least one more (there were a few combinations of 3 machines that could have hit the minimum requirement) full compromise to probably pass.
Right at the edge of my initial sanity (1 am, so right at the half-way point) I managed to completely compromise my fourth machine, and felt great. My exploitation of this machine wasn’t the cleanest, and I didn’t learn as much as I could have, but I still got it in the end. Once I cleaned up after myself, and got my required screenshots, I knew that I technically had enough points to pass at that point (75/100).
I spent a bit more time on the last box that first evening, but ended up getting too frustrated and tired, so I called it a night.
I got out of bed after 6 or 7 hours of break/rest (wasn’t all sleep as I would be thinking, or getting up and trying new things, but it helped A TON), and went back to work on the last machine since I really wanted 5/5 for learning, pride, and so that I could be sure that I would pass.
After another hour and a half, I had completely rooted the last box as well! I had actually written a note (and kept the tab open) for an exploit that I used on the last box, so it wasn’t a ton more work to finish that one up thankfully. With an hour and a half left (11:45 am) left in the lab environment, I shut down the VPN connection and actually watched some TV with lunch without thinking about the exam for a bit.
At this point, I felt great, and knew that I could very lazily (only took like an hour or two of actual work) fill out my report and get it sent in that night. I wanted to send it in before going to sleep, even though I didn’t have to e-mail it until 1 pm the next day, in case I didn’t wake up the next morning, but also to hopefully speed up the “grading” process.
Over a FULL DAY later of constantly refreshing my e-mail, I got a new message in my box on December 23 @ 7:51 am that read:
“We are happy to inform you that you have successfully completed the Penetration Testing with Kali Linux certification exam and have obtained your Offensive Security Certified Professional (OSCP) certification.
You will receive the certification by mail within 80 days.”
While I was pretty certain it would happen after getting all 5 machines, it still felt pretty great to finally get that e-mail!
Though the OSCP exam was definitely grueling (and with a short time limit), I was super glad to have done it and quite proud of myself in the end. Plus, I can now call myself an Offensive Security Certified Professional!
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.