[English] OSCP Certification Exam Experience
Update: Since 2022, Offensive Security (OffSec) updated the PEN-200 materials by adding Active Directory content and removing Buffer Overflow (BoF) from the exam, so some suggestions in this post are less relevant. You can read OffSec’s announcement here: https://www.offsec.com/offsec/oscp-exam-structure/
Intruduction
Here is my story about passing the OSCP exam, which I hope helps anyone taking or planning to take the certification. OSCP is a widely recognized professional certification in penetration testing/red teaming and is often requested by security recruiters. Beyond hiring value, OSCP sharpens a pentester’s approach to analyzing each engagement—what to tackle first, how to enumerate ports and services, and how to assess vulnerabilities across services, web applications, and buffer overflow scenarios.
Anyone pursuing this certification should already be comfortable with Linux fundamentals—especially Kali Linux—because the OSCP course is Penetration Testing with Kali Linux (PWK). A basic understanding of computer networks, ports, the services running on those ports, and some familiarity with scripting/programming is also important.
Learning Resources
Below are the study resources I used to prepare for the OSCP exam:
-
TJNull - NetSecFocus Trophy Room, a list of machines similar to OSCP targets—great for practice.
-
HackTheBox – a subscription (min. 1 month) is recommended to access retired machines.
-
VulnHub – you only need a strong internet connection and ample storage for VMs. You can download machines from the TJNull list.
-
TryHackMe – study rooms like Windows and Linux Privilege Escalation by Tib3rius/TCM, Buffer Overflow Preparation by Tib3rius, and try both free and premium CTF boxes.
-
Offensive Security Proving Grounds – OffSec’s own lab platform. Proving Grounds Play (free, includes some VulnHub boxes) and Proving Grounds Practice (newer, OffSec-authored machines).
-
IPPSec YouTube videos – walkthroughs of HTB machines that showcase enumeration methodology, avoiding rabbit holes, and privilege escalation.
-
HackTheBox OSCP Preparation (Rana Khalil) – clear write-ups of retired HTB boxes with easy-to-follow enumeration and escalation methods.
-
Udemy – helpful courses from Tib3rius/TCM on Windows and Linux privilege escalation. I used author discounts announced on Twitter/Discord—follow or join their servers to catch them.
-
Hack Tricks by carlos polop – an essential pentester handbook; it helped me a lot during OSCP, especially for per-port/service methodology.
-
Payloads All The Things (GitHub repo) – notes on enumeration, web attacks, and privilege escalation.
-
GTFOBins – documentation for Linux privilege escalation techniques.
You can also discuss and learn in the Offensive Security Discord and NetSecFocus Discord. Many of the lists above are commonly shared by PWK students who passed OSCP, but in my case, participating in boot2root/jeopardy CTFs also helped a lot.
Exam Preparation
For the exam, make sure you are solid on enumeration techniques and privilege escalation (review until you’re confident). Also aim to reduce reliance on write-ups when working through retired HTB and OffSec PG Play boxes.
For note-taking during the exam, I recommend Obsidian because it’s lightweight and easy to use. As an alternative, Joplin is also good. Before the exam, read the OffSec OSCP Exam Guide thoroughly, prepare yourself mentally, and schedule the exam. I chose a weekend (Saturday) because I had cleared my workload.
The day before the exam, I rested completely—watched movies and some YouTube for mental prep. One hour before the exam (06:00 WIB), I woke up, prepared snacks, water, and coffee. Fifteen minutes before the start, I logged into the proctoring page and chatted with the proctor to verify my ID (ID Card/Passport—have scanned copies ready). You’ll be asked to show the room, your desk, and under the desk using your webcam. VPN and control panel details, along with exam machine IPs, will be emailed to you. You’ll then test your OS and internet connection with the provided VPN.
Communicate with the proctor and ask permission to pause the webcam if you need a restroom or rest break.
Once cleared, you can begin. Tackle the machines you find easiest first—often BoF back then—then lower-point boxes, and finally the hardest. When you face a target, start with network scanning, document all open ports and services, enumerate each thoroughly, and follow leads until you find a vulnerability. Avoid jumping to another box prematurely unless you are truly stuck.
Most vulnerabilities have documentation and public exploits on exploit-db or elsewhere. For privilege escalation, use the resources listed above. During the exam, you’re allowed to reference command lines from Hack Tricks by carlos polop, Payloads All The Things (GitHub repo), and your own notes, as well as IPPSec videos or other references.
While taking the exam, screenshot every important step in your Kali terminal and keep everything organized in your note-taking app with brief explanations. This is crucial when writing the report later.
Reporting
You can use the template provided in the OffSec OSCP Exam Guide or the Offensive Security Exam Report Template in Markdown (note: I used the Markdown template). Start writing when you’re well-rested, then upload to the OffSec submission link. Make sure grammar is correct, screenshots and source code are clear, and your steps are well-documented.
After submission, wait for OffSec to announce the result on business days. In my case, the exam ended at 23:00 WIB after starting at 06:00 WIB (almost 18 hours). I rested and began writing the report at 08:00 WIB the next morning. Try not to be overly anxious—stay calm, take breaks, do something that refreshes you, and pray.
Result Announcement
Results are sent by email, typically within 1–2 business days. About 1.5 days after submitting my report—on Wednesday, August 24, 2021—I received the email confirming that I passed the OSCP.
OSCP Pass Announcement
According to the latest information from Offensive Security, the badge can be accessed via Accredible.