The journey of becoming an OSCP — What to expect on Exam day

Offsec has announced an update of the course(PEN-200) on Mar 15 2023, although the overall process should be similar, be sure to read official article on the change.

=====================Update notes for course change============

I took my exam on Jan 14 and I received my result on Jan 17.(Please note, offsec stated on their website that the result will be available within ten (10) business days after you submit the report) I passed! I’m officially an OSCP.

Thanks all offensive security Discord member for helping with Pen-200 lab, TJnull for amazing list of machine to practice outside of Pen-200 lab, Ippsec for tons of amazing video on teaching how to hack, 0xdf for amazing blog also teaches how to hack (in text format), last but not the least, offensive security’s course material(PDF) which covers many aspect regarding pentest and I can assure you will learn something from that regardless of your experience in security.

15 minutes before your exam time, you will be able to login to the proctoring system. The credentials will be provided to you in your exam confirmation and exam reminder email. Please make sure you have those email before the exam time, if for any reason you didn’t get the message or lost them, contact official directly for further assistance.

After successfully login to the proctoring system, the proctor will instruct you to perform the identification process. I highly suggest buying a decent/quality webcam with auto focus for the exam. I originally bought a 30 USD one but when I tested it 6 days before my exam, it could not show my ID clearly due to not having auto focus functionality. I have to order another one with auto focus to replace it. I bought a Logitech C922 Pro and had no issues during the identification process and the exam. It is important that you test your set up before the exam and if anything goes wrong you have time to resolve the issue.

You will get your VPN package at the exact time of the exam. The message will also contain all information you need for the exam. Please read that carefully, I have heard that some students stuck on exam machines and failing just because they did not read the instructions.

During the exam, I took a lot of screenshots. Take break every 2-3 hour or whenever I have been stuck for more than 30 minutes or I felt I need some fresh air. How often should you take a break depends and everyone is different. So just make sure you will be conformable when trying to exploit exam machines. With that said, do consider take rest during the exam, we are not machines and are not designed to work 24/7. Here is a quote from many of the blog posts regarding OSCP exam and after personally experience the exam do I fully understand that.

You’ll run out of ideas before you run out of time.

How to write a report, that might be many students problem. I have heard tons of approach, some like to write it after exam(disconnect from exam environment), some like to write high level step during exam, some might write and finish their report during the exam. There is no correct answer for how to write your exam report, just make sure a technically competent reader could redo the attacks/exploits.(As official exam guide suggested.) Personally, I write high level steps during the exam and insert snapshots to support the steps I performed. I even revert the machines I have rooted and follow my report steps to validate my exploits and steps are correct and repeatable.

How detail should the report be is another common question. Personally, I go with the “you will never too detail” approach. Every steps in my report, I have a few sentences to explain what I was trying to do and insert console output snapshot(s) to support it.

Finally, I would like to talk about the proctoring. The proctors are nice, so be nice to them. During the exam, I left the proctoring chat message alert sound on, so I will be able to know if the proctor has new message to me or want me to check something. Personally, I did not feel unconformable with the proctoring. I think it as this, during the exam there are 2 works to do, first would be validate the attacker(students) are really who book the exam, the other is performing/attacking exam machines. The proctor will do the first part(validate who is actually taking the exam), I as student will do the second part(attacking exam machines). In other words, we are both doing our job and as long as I(student) did not violate any exam rules the proctor will be invisible to me.

Leave a Reply

Your email address will not be published. Required fields are marked *