MAY 5, 2023
When I first began my journey in cybersecurity, it started with obtaining the eJPT certification. Passing the eJPT exam was a stressful experience I had. However, attempting to obtain my OSCP certification proved to be even more challenging despite it being an entry-level pentesting certification. This is probably because the price difficulty gap between the two exams is significant, as is the time given to complete the OSCP exam. Moreover, I often come across posts on r/oscp about people failing their second or third OSCP exam attempt, and sometimes even their fifth attempt, which creates more tension for me.
There are many blog posts out there aimed at helping newcomers prepare for the OSCP exam, and they were incredibly helpful to me. So, I decided to write a blog post of my own to explain what I did to prepare for the OSCP exam and to provide information and recommendations for new Malaysian offensive security students. However, please note that this will be a lengthy post.
I have taken the 2023 version of the OSCP exam, which is similar to the older version except for the complete removal of buffer overflow. There was a major update on the 2023 OSCP course material, mainly about the lab and course material. Hence, this blog will not focus on those aspects because I did not experience them.
I am a former software engineering student who began my journey in cybersecurity approximately 1.5 years ago. Prior to taking the OSCP certification, I had gained some experience in network and web penetration testing.
On average, I probably studied for around 3 hours a day in my cave. In 2022 October, I began studying for the OSCP exam during the last semester of my degree. Although it seems like I did a lot of preparation prior to OSCP, I didn’t even know how to enumerate and exploit various network services such as DNS, Redis, SNMP, PostgreSQL, and MySQL, among others in the beginning. Additionally, I had almost no experience in AD hacking.