The Ultimate Pathway to OSCP

Category: Offensive Security

Before tackling any goal, I like to read up on how other people achieved what I’m trying to achieve, the hurdles they faced and what they would have done better. I aggregate that information into a path that would help me get to my goal. The greater the number of people mention a resource, the higher the chances I include in my path, as good feedback from a lot of people means I have higher confidence in the resource being helpful in my journey.

This pathway to OSCP is built with similar intentions. The Offensive Security Certified Professional (OSCP) is often considered a valuable benchmark of penetration testing skills. Given the difficulty of the exam, it is daunting to contemplate giving it, especially for someone who has little to no penetration testing experience.

I made this general guide for myself. Before I started on this, I did not have any penetration testing experience, so if you’re someone like me who doesn’t know where to start, use this path to gently introduce yourself to offensive security and quickly ramp up your skills. I hope it is as helpful to you as it has been and is to me as I make my way across it.

PWK Course and Labs

For those who are unfamiliar, before taking the exam you get access to Labs for practicing. The Labs are accessible for one, two, or three months, depending on your subscription. These Labs assume good foundational skills with pentest tools and methods. Most of my path will be dedicated to getting ready to be able to start the Labs and have a good base so that precious lab time is not spent floudering around on basics.

The Path

Part 1: Building the Basics

1. eLearnsecurity Junior Penetration Testing (eJPT) Course
   This is absolutely the perfect place to start without feeling overwhelmed. The good thing about this course is that it’s free AND has free access to labs. It assumes no prior knowledge and does refreshers of whatever networking basics are required. Highly recommend this as the first step. I also did the exam corresponding with the course, if you have some money to throw, go for it! Otherwise, the course is quite enough.

2. Practical Ethical Hacking Course by Cybermentor
   I grabbed this course when it first debuted on Udemy, since then it has now shifted to its new home. This is a must-do so I can’t recommend this more strongly enough. The course does have a price tag of around $30 but follow its creator, Heath Adams aka Cybermentor on Twitter for generous discount codes.

3. Linux Privilege escalation for OSCP and beyond! and Windows Privilege escalation for OSCP and beyond! by Tib3rius
   These are very short and to the point courses laden with techniques essential to passing the OSCP. I haven’t yet gone through them so can’t comment much beyond every single account I have read of passing the OSCP recommends these two courses. Each course costs $20.

4. Advance Penetration Testing by Georgia Weidman
   If you have some time and feel you’d be more comfortable with some additional knowledge, a lot of people recommended doing this course, so I’ll pass on the same sentiments.

Part 2: Pre-PWK Lab Practice

Before actually doing the official labs that are part of the training course, it is highly recommended to practice on boxes already available. This helps with getting familiar with boxes that you can expect to see on the OSCP, build some confidence and get some oft occurring exploitation methods down to a T.

1. NetSecFocus Trophy Room
   This is a treasure trove of a list machines from HackTheBox platform and Vulnhub, that are either actual old OSCP boxes that have since been retired or systems like those on the OSCP currently. All machines are sorted into one of the 3 categories: Easy, Medium, Hard.

2. TJ_Null’s OSCP Prep
   Related to the point the previous point, this is a youtube playlist of videos comprising of walkthroughs of the boxes mentioned in the NetSecFocus Trophy Room list.

3. Rana Khalil’s Hack The Box OSCP Preparation
   Also related to the first point, for those preferring text instead of videos, this is a series of blog posts that also takes you through the steps of getting root on Hack The Box machines. These machines are also from the NetSecFocus Trophy Room list. This resource contains only Hack The Box machines, no Vulnhub ones.

Additional Resources

Assuming you’ve done all the resources mentioned in the first two parts of this post, you should now be ready to go through the OSCP course and labs with relative ease. However before or during when you do, do check out some additional resources below:

• The Journey to Try Harder TJ_Null’s Preparation Guide for PWK/OSCP
  
• Zero to OSCP Concise Edition
• OSCP FAQs
  

Cheatsheets

• Countably Infinite
  
• Ceso
  
• Noobsec

Some general advice, tips and motivation

• Passed on my third attemp and you can do it too
  
• Stuff I wish I knew before I started my OSCP
• From 0 to OSCP in 90 days
  

Goodluck!