In this post I will detail my journey since starting in Infosec at the end of March 2020 and the preparation I have done in order to learn and improve my abilities which have also helped me to get OSCP.
My journey begins at the end of March 2020 when the world was in lockdown due to COVID, so as I had more free time I decided to begin in Infosec because I already knew this was the profesional path I would like to follow and my Computer Science degree wouldn’t cover it .
I discovered HackTheBox through some googling and ended up in Ippsec’s youtube channel watching some of his videos. At first I did not understand what he was doing but after some time I started to get the main aspects of the pentesting methodology, so Ippsec’s channel is a great resource for beginners and more advanced people in order to learn new techniques. For my Spanish readers, don’t forget to check out Victor García’s channel which has also amazing content.
HTB and Tryhackme
My beginning in HTB was a bit harsh as it took me too much time to solve easy active boxes and required some nudges to do so. But after ending my 1st college year I decided to buy a VIP subscription. With it I started to do all retired boxes ordered by level of difficulty, from easiest to hardest, and I ended up doing around 40 boxes which helped me to improve a lot. After this month I also got a Tryhackme subscription. As Tryhackme is an educational site which contains detailed explanations of their boxes, it helped me to polish some concepts . Also, its Offensive Security path contained great OSCP-style boxes.
Virtual Hacking Labs
After these two great months of learning , I wanted to test myself, so after reading some OSCP blog posts I saw that people recommended Virtual Hacking Labs so I decided it to give it a try. I got the one month pass and was able to solve all the machines in less than two weeks. These machines were a great resource to test and improve my skills, but as they were realistic they seemed too straightforward. After clearing OSCP, I see more value in doing this previous to PWK Labs as both share similar contents, but doing VHL first can help you with some boxes in the PWK Labs.
Dante Pro Lab
During winter holidays, I discovered HTB Pro Labs so I decided to try most begginer one, Dante. This was such a great lab which helped me learn a new concept, pivoting. The difficulty of the boxes was similar to the ones in the PWK Labs and there were also some BOFs to practice. But as introduced before, the coolest concept of this lab was pivoting, learning it here helped me when I reached PWK Lab subnets where I already knew how to setup my pivots.
After clearing Dante Pro Lab I saw I could skip Synack’s Red Team waiting list, so I decided to apply for joining them. After clearing all the assesments I joined them just at the end of February. Hunting on this amazing platform during these months has helped me to level up my web pentesting skills and my recon/enumeration methodology. Furthermore, my reporting skills (which are really important) were highly improved. Also I got the pleasure to meet some amazing people there which are always willing to help.
Once I finished my 2nd college year I enrolled to the PWK Labs for a 30 day period. The first day I got access to the lab environment I booked my exam just when the lab time was expiring.These labs are great, they have 75 vulnerable machines which can be easily completed during the 30 day period (it took me 11 days).
During the lab time I would highly recommend doing a writeup of each box in order to practice for the exam report. Also, it is very important to develop your own cheatsheet containing your methodology, as an example you can see here my cheatsheet developed with notion.
About the lab environment, I recommend doing also the machines that can be found in the subnets as most of them contain interesting things , now there also 5 exam retired boxes in one of them , so they are a must do . Nevertheless, there are some boxes which do not provide much learning such as the AD Domains or the ones focused in clientside attacks.
Regarding Buffer Overflow, I decided to prepare it on my own and developed my own methodology taking into account some concepts from this Tryhackme Room which is also great for practising.
OSCP Exam main point is dealing with the huge quantities of information you are presented. This exam can be described as misleading, but this is not a problem since you will be able to make easy discards based on your preparation.
My exam started well doing the Bof in around 30 mins. Then, according to my plan, I attempted the 25 point box where I was able to get user and then got stuck in the privesc, so I took a break. Returning from the break, I went for the 10 pointer to get a confidence boost and then started with 20 point boxes. Finally came back to the 25p to get the privesc.
After 12 hours of exam (including several breaks and lunch time) knowing I had already passed and checking I had all the screenshots for my report, I asked the proctors to end the exam. Last step was doing the report, here make sure you are able to detail all the steps so a person with little knowledge can reproduce them, also it is very important to add a “Recommended Mitigations” section where you explain how your attacks could have been prevented.
All in all, my advice for the exam would be to take breaks and analyze slowly the information, looking for out of place or suspicious things so you can start connecting the dots.