# My OSCP journey ### Whoami & Cybersec background I'm a french engineer in computer science (network and cybersecurity). I have 7 years of professional experience in cybersec on both defensive and offensive tasks, including a significant number of pentests (web, externals and internals). I do have **very** limited background in CTFs and CTFs platforms (TryHackMe, HackTheLab, root-me, etc.) ### Pen-200 access My company paid me a 4 month access to the PEN-200 platform. Unfortunately I had few constraints during that period so I had less than 2 month of effective access to the PEN-200 platform. ### Training I organized my time in two periods of one month of work on PEN-200: * 1 month to do the course and all the exercices of PEN-200 * 1 month of PEN-200 labs + walkthroughs ### Initial planning I changed my plans a lot during me training period, because I knew that I would have limited time and I would miss some time to do the perfect training. Initially, my plan was to take the 10 bonus points (exercices + 30 labs) then validate the remaining 60 points with the AD set (40 pts) and a standalone machine (20pts). That was the best formula in my mind because I already have a lot of experience in AD attacks. Eventually, on the second month of my training (labs), I could free enough time to do respectable amount of labs. I also planned to add an extra month of training on PG-PLAY/PG-PRACTICE platforms to continue after the end of my lab access. However I did not took that extra month in the end, and pass the exam right away. During my 2 months of training i regularly took notes during courses, labs, walkthroughs and fed cheat sheets to prepare for the exam. So right before the exam I had the 10 bonus points (exercices + 30 labs) but I was not self confident so much beacause I felt that I didn't do enough labs during my preparation. I was worried to get trapped on the standalones, so I kept my initial attack plan: AD (40 pts) + one standalone (20 pts). ### Exam Finally on the exam day, I was able to root all of the machines (full AD set + 3 standalones) in about 10 hours (root access + proofs + screenshots + notes + every elements needed to finish the report), includind few breaks (about 2 hours). I lost some times on the AD set that I found more difficult than expected. At the opposite, I had no major troubles exploiting the standalones, that i found easier than what I expected. I was relieved and very happy at that moment, knowing that besides accident, I'll pass the certification. I went to sleep and finish my report the day after. I got my result by mail 24h later. I passed the exam with a 110/100 score. ### What worked and what didn't Before the exam, I was not feeling confident on some labs and I regretted not to speend my first months on labs instead of courses/exercices. After the exam and despite the 10 bonus points, I still think that I would have been better prepared by replacing 1 month of courses by 1 month of labs. I do think that 1 month of labs training will bring you more than 10 points. Be careful though, because 10 points is still a lot and might be a difference between a success and a failure on the exam, your call. Exercices are good, but they make you pass through the course part, which is really not the strenght of the PEN-200. All the advices that i gave you in this guide rewarded me a lot during my training (or would have!). I did implement most of them, and the extra one I unfortunately did not have time, or discovered them too late in my training journey. However I included them because I know they would have been very valuable. If I had to go back 4 months and start the PEN-200, that's how I would prepare for it. I hope my advices will be valuable to you. And I wish you guys a lot of luck in your journey. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sgtdede.gitbook.io/hacking/oscp-2022/guide-en/my-oscp-journey.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.