Hi there
It’s been an year since the last post.. just because 🙁
Today I will discuss about what’s the deal with OSCP+, how the learning path was, how the exam went, what the conclusions are and of course what’s the plan.
If you don’t know what OSCP is, I’ll tell you in short just because you can find 34723489 posts online about it – a cybersecurity certification with an 100% technical exam, in which you have to attack 1 AD network and 3 standalone machines (win/linux), without any details about them. You have the IPs, good luck. The exam takes 24 hours (technical part), and then 24 hours of writing a report of everything you did.
What’s the deal with OSCP+? If with OSCP you had the chance of 10 bonus points of completing the learning path and labs – now that’s gone. That’s one. Second, for the AD set you don’t have to find an initial foodhold anymore, because you will receive a set of creds for one domain joined user and you have to work from there (recon, priv esc, lateral movement and so on) – the target being the Domain Controller.
The OSCP+ expires in 3 years but that’s less relevant.
How was the learning path?
Annoying to be honest. I studied the entire year including the labs and capstone exercises, and the thing I observed is that you have to do manual research from external sources to be able to understand the content. So the learning path is not enough – which is sad if we take into account the overall price. I got frustrated also because I completed the modules and the technical parts were much harder comparing with the path, so I had to use my friend Google to be able to discover or learn something. This thing repeated several times in different situations.
How about the capstone exercises?
After completing the learning path and technical exercises, you have the chance to practice or try your skill against some OSCP-like networks. Not sure if they were specifically designed for practicing or they were old retired exams. Thing is, you can try to evaluate yourself based on those networks because you can simulate an 24 hours exam.
Attacking those networks I realised that the level of complexity is much higher comparing with the learning path. That was the first moment when I realised I need to invest more time in vulnerable machines from PG or HTB.
How was the exam?
Received creds – did some recon across the network, got access to machine 1.
14 hours later 🙁 found the way to reach the second AD account from the network – so you can imagine how it was. I needed priv esc and access to machine 2 to be able to grab the NTLM of some admin and use DCSync but I did not find the way.
My personal opinion – they increased the difficulty level because now they’re providing the AD creds.
Conclusions
→ the learning path is not enough
→ you need a lot of practice on PG and I think also HTB – just because you’ll learn a new attack vectors never discussed in the course
→ the notes need to have a logical structure – to be easier for you to go through; for example, I had a section specifically for windows enum, one for AD enum, one for priv esc, one for lateral movement, same for linux and so on. It does not work the trick with cheatsheets from other guys because you need your logic there.
→ it’s 100 times better to be consistent and practice daily instead of having 1/2 months of pause and resuming the learning path. At least for me did not work, because I had to pause everything when things got busier at work.
But you learn a lot of new things. Even if I did not manage to reach the points I needed, I know for sure that I’m a different person comparing with last year from technical perspective; and I’m so proud of that. Yep, it’s hard, it is exhausting sometimes, it takes you a lot of time… but the return of investment is there.
You can’t help but evolve if you’re studying for this certification, so from this point of view, I recommend it.
What’s next?
Considering the conclusions, the plan is simple – technical practice; machines after machines, attack vectors, new things to learn, PG and HTB, and after that, we’ll give it another go. It can’t turn out bad, because I inevitably improve.
I hope this helps you get an idea in case you needed one.
bye now.