My OSCP journey

Whoami & Cybersec background

I'm a french engineer in computer science (network and cybersecurity). I have 7 years of professional experience in cybersec on both defensive and offensive tasks, including a significant number of pentests (web, externals and internals).

I do have very limited background in CTFs and CTFs platforms (TryHackMe, HackTheLab, root-me, etc.)

Pen-200 access

My company paid me a 4 month access to the PEN-200 platform. Unfortunately I had few constraints during that period so I had less than 2 month of effective access to the PEN-200 platform.

Training

I organized my time in two periods of one month of work on PEN-200:

  • 1 month to do the course and all the exercices of PEN-200

  • 1 month of PEN-200 labs + walkthroughs

Initial planning

I changed my plans a lot during me training period, because I knew that I would have limited time and I would miss some time to do the perfect training. Initially, my plan was to take the 10 bonus points (exercices + 30 labs) then validate the remaining 60 points with the AD set (40 pts) and a standalone machine (20pts).

That was the best formula in my mind because I already have a lot of experience in AD attacks.

Eventually, on the second month of my training (labs), I could free enough time to do respectable amount of labs. I also planned to add an extra month of training on PG-PLAY/PG-PRACTICE platforms to continue after the end of my lab access. However I did not took that extra month in the end, and pass the exam right away.

During my 2 months of training i regularly took notes during courses, labs, walkthroughs and fed cheat sheets to prepare for the exam.

So right before the exam I had the 10 bonus points (exercices + 30 labs) but I was not self confident so much beacause I felt that I didn't do enough labs during my preparation. I was worried to get trapped on the standalones, so I kept my initial attack plan: AD (40 pts) + one standalone (20 pts).

Exam

Finally on the exam day, I was able to root all of the machines (full AD set + 3 standalones) in about 10 hours (root access + proofs + screenshots + notes + every elements needed to finish the report), includind few breaks (about 2 hours).

I lost some times on the AD set that I found more difficult than expected. At the opposite, I had no major troubles exploiting the standalones, that i found easier than what I expected. I was relieved and very happy at that moment, knowing that besides accident, I'll pass the certification.

I went to sleep and finish my report the day after. I got my result by mail 24h later. I passed the exam with a 110/100 score.

What worked and what didn't

Before the exam, I was not feeling confident on some labs and I regretted not to speend my first months on labs instead of courses/exercices. After the exam and despite the 10 bonus points, I still think that I would have been better prepared by replacing 1 month of courses by 1 month of labs. I do think that 1 month of labs training will bring you more than 10 points.

Be careful though, because 10 points is still a lot and might be a difference between a success and a failure on the exam, your call. Exercices are good, but they make you pass through the course part, which is really not the strenght of the PEN-200.

All the advices that i gave you in this guide rewarded me a lot during my training (or would have!). I did implement most of them, and the extra one I unfortunately did not have time, or discovered them too late in my training journey. However I included them because I know they would have been very valuable. If I had to go back 4 months and start the PEN-200, that's how I would prepare for it.

I hope my advices will be valuable to you. And I wish you guys a lot of luck in your journey.

Last updated