All Episodes > Episode 2

How To Pass The OSCP Exam | EP 2

Play
Video URL copied to share!

Show Notes

Unlocking OSCP Success: Strategies for Pen Testing Excellence

Join Sean Ardizzone and Nathan House as they delve into the world of OSCP certification. In this episode, they discuss strategies for mastering hacking skills, overcoming challenges in OSCP, and the importance of practical exercises. They also explore the realities of penetration testing as a career, the differences between red teaming and pen testing, and why persistence and proper methodology are key to success. Whether you’re just starting your journey or looking to refine your skills, this episode is packed with insights to guide you on your path to becoming a certified ethical hacker.

  • 00:00 Introduction to Cybersecurity Diaries
  • 00:19 What is OSCP?
  • 01:05 Meet Sean: Background and Experience
  • 01:44 Discovering the World of Security
  • 03:13 First Steps in Penetration Testing
  • 04:14 The Journey to OSCP Certification
  • 06:39 Understanding the OSCP Exam
  • 13:26 Who Should Consider OSCP?
  • 18:55 OSCP Syllabus and Study Recommendations
  • 30:26 Real-World Penetration Testing Insights
  • 34:08 Personal Stories and Company Mission
  • 37:48 Kids and Cybersecurity: The New Age Hackers
  • 38:27 Expanding Cybersecurity to Small Businesses
  • 39:14 Tips for Aspiring Penetration Testers
  • 39:51 OSCP Preparation and Community Support
  • 41:29 Resources for OSCP and Other Certifications
  • 43:52 Q&A: Personal Experiences and Advice
  • 50:15 The Day in the Life of a Penetration Tester
  • 52:22 Red Team vs. Penetration Testing
  • 58:06 Challenges and Ethics in Penetration Testing
  • 01:00:58 Career Pathways and Specializations in Cybersecurity
  • 01:04:47 Final Q&A and Closing Remarks

Related Resources

Transcripts

Welcome to Cyber Security Diaries by StationX. In this episode, we’re diving into everything you need to know to successfully pass the OSCP certification. Whether you’re just starting your journey or fine-tuning your final preparations, we’ve got the insights and strategies to help you succeed. Let’s start by explaining what OSCP is for anyone who may not know. It’s the Offensive Security Certified Professional, and it’s a hacking certification. It’s considered one of the most sought-after certifications because it’s highly regarded by industry professionals and appears in many job listings.

To discuss the OSCP, we’ve got someone who’s heading up our Hacking Red Team focus group. So, tell us a little bit about your background and what you’ve been up to, as you’re doing some interesting stuff right now.

I’ve been in technology-related fields since the mid-’90s. I started out pulling low-voltage cable and worked for a few big companies like Motorola, where I got familiar with infrastructure. Then I worked for Nortel, where I learned voice systems. When convergence happened in the late ’90s, I had to learn data because of the shift to switches in telecom. That’s when I got into data routing and networking.

Throughout all this, I noticed security was a common theme. I started dabbling in it, especially since I always had a habit of building things, breaking them, and then trying to fix them. It was a natural progression for me. By 2010, I really focused on security, landing a defense contracting job where I was required to get the Security+ certification. That opened the door to even more security certifications and led me deeper into the field.

While working in defense, I stumbled upon an operating system called BackTrack (now known as Kali Linux). Anyone here remember BackTrack?

Yes, I remember it! Does anyone in the audience remember what BackTrack became? No prizes for this one, but shout it out!

Kali! Correct, well done! Sorry to interruptβ€”go ahead.

Yeah, messing around with BackTrack was an eye-opener. I didn’t understand the operating system fully at first; I just knew it had cool tools. I remember joking that I was in β€œscript kiddie mode” because I was launching things like Metasploit and Armitage without fully knowing what I was doing. Nothing like what you see in the movies!

Then I discovered the Certified Ethical Hacker (CEH) certification and went to a boot camp. Part of the CEH boot camp offered the Certified Pen Tester certification from IACRB. They gave me a disk with virtual machines to break into. I had 90 days to root them and write a report, and after 89 days, I submitted it. A few weeks later, my wife called me laughing because I received a certificate in the mail that said Certified Penetration Tester. She couldn’t stop giggling, like a middle schooler!

From there, I got more into pen testing and OSCP. One day, I decided to take the plunge and register for the OSCP, and that’s when I came across some incredible training videos by this British guyβ€”Nathan House. His methodology really enhanced my career, especially around networking, operating systems, and hacking techniques.

So what inspired you to go for the OSCP in the first place?

Well, at the time, I was considering whether to continue down the CompTIA certification path or switch to something more specialized, like Cisco with my CCNA background. But I realized my career was headed towards cyber security, and OSCP kept coming up in my research. It’s not a multiple-choice examβ€”it’s practical, hands-on, and pass/fail. You’re given machines to hack within 24 hours, and then you have 24 hours to write a report on how you did it. No shortcuts.

Right, so for those unfamiliar, the OSCP is a practical exam. It’s not multiple choiceβ€”there’s no ABCD options. Can you explain how the OSCP exam works for the audience?

Sure! When you sign up, you start with the PEN-200 course, which covers the fundamentals. It’s not about giving you answers; it’s about giving you the building blocks. You get access to labs, and when you’re ready, you schedule your exam. On exam day, you validate your identity with a camera and ID, and then you have 24 hours to break into a set of machines. Each machine has a point valueβ€”low privilege access gives you some points, and full root access gives you more. After that, you have another 24 hours to write and submit a detailed report.

And this report is manually assessed?

Yes, it’s manually assessed. They check your findings, whether you successfully identified vulnerabilities, and how well you documented everything. You have to submit screenshots and detailed write-ups.

So it’s more of a simulation of a real penetration test. How does OSCP compare to other certifications, like CEH?

OSCP is very different from CEH, especially the traditional CEH. The OSCP exam is fully hands-onβ€”no multiple choice. There is a CEH Practical exam that’s closer to OSCP, but OSCP is known for its intense focus on real-world hacking scenarios.

And there’s a restriction on what you can share about the OSCP, correct?

Yes, you sign an NDA, which prohibits sharing screenshots or specific details about the exam. You can’t disclose how many machines you’re tested on or the specific exam content. You can, however, talk about the general skills tested, like enumeration and vulnerability exploitation.

Right. So who should consider the OSCP? It’s expensive, and it requires a significant time investment.

Anyone serious about offensive security, especially if you want that street credibility. OSCP is widely recognized, and people know you’re not just a script kiddie if you have it. But it’s not for everyone, especially if you’re early in your career or not planning to focus on offensive security. It’s better suited for those who want to specialize in penetration testing or red teaming.

If your career path is more in the defensive side of cyber securityβ€”like SOC analysis or malware analysisβ€”then focus on those core skills first. OSCP can help later on if you want to get a deeper understanding of offensive techniques.

Let’s talk about the OSCP exam itself. What does it actually cover in terms of penetration testing? Is it more infrastructure-focused, less web app, no mobile?

The OSCP exam primarily focuses on network and infrastructure testing. It used to involve buffer overflows, but they’ve moved away from that and now include Active Directory takeover and Kerberos attacks. There’s web testing involved, but no mobile or cloud penetration testing.

As for preparing for the OSCP, what study materials or resources do you recommend?

There are some great resources on Windows and Linux enumeration. As a pen tester, the ability to enumerateβ€”finding out what’s on a machine, identifying important information, and avoiding dead endsβ€”is critical. Learning how to prioritize vulnerabilities is important too. If you don’t know how to navigate Linux or Windows, you’ll waste a lot of time on things that aren’t exploitable.

For example, if you’re unfamiliar with the Linux file system, you might waste time exploring directories that you only have read access to. And with Windows, if you don’t know PowerShell or basic admin commands, you’ll struggle. It’s important to spend time building up that knowledge before taking the OSCP.

That’s part of why we emphasize foundational knowledge at StationX. Before even diving into the hacking side of things, you need a solid understanding of operating systems, networking, and how systems interact. Those are the building blocks.

What about toolsβ€”any specific tools people should be familiar with before attempting the OSCP?

Yes, be comfortable with Bash and Python. You don’t have to be an expert coder, but you should know enough to read and debug scripts. Understanding Windows admin tools like PowerShell and basic Linux commands is essential too. Tools like Nmap, Metasploit (in limited use), and manual enumeration tools are key.

How important is it to do practical exercises before taking the OSCP?

Practical exercises are crucial. The OSCP labs give you a variety of machines to practice on, each with different vulnerabilities. Some machines require you to solve other machines first before you can break into them, simulating a real-world environment. This kind of practice helps you think creatively, which is essential for the exam.

The OSCP is challenging, but it’s also rewarding. When you’re done, you’ll not only have the skills to pass the exam but also practical experience that will help in real-world penetration testing scenarios.

So what’s the biggest tip for someone preparing for the OSCP?

The biggest tip is to practice on OSCP-like boxes. Platforms like TryHackMe and Hack The Box offer labs that closely simulate OSCP challenges. If you can afford it, go for the paid versions to avoid spoilers left by other users. Also, stay connected to communities, ask questions, and stay motivated. Joining groups, like the one we run at StationX, will give you support and guidance throughout your journey.

It’s important to approach the OSCP with the right mindsetβ€”try harder is the motto for a reason. You’ll need persistence and creativity to get through it, but it’s worth it in the end.

Now, let’s wrap things up by talking about what’s next for anyone looking to get into penetration testing or cyber security. At StationX, we offer guidance on building out your career and help you figure out the right certifications for your goals. The OSCP is just one part of the journey, and we have resources for many different pathways in cyber security.

If you’re interested in our programs or want to know more, visit StationX and explore what we have to offer. And remember, we have communities, focus groups, and roadmaps tailored to individual needs. Whether you’re just starting or already on your journey, we’re here to help.

Another question people have is about managing their time during the exam. How do you balance staying focused without burning out during a 24-hour exam?

It’s important to plan breaks. Yes, you can take bathroom breaks, and yes, you can sleep. I didn’t stay awake for the entire 24 hours during my exam. I actually planned to sleep for about eight hours. Once I understood the structure of the exam and the tasks at hand, I realized that pacing myself was crucial. It’s not about rushingβ€”it’s about maintaining focus. I remember on my fourth attempt, I even dreamt about a solution, woke up, went downstairs, and solved it. Planning and staying calm can make a huge difference.

What do you think is the biggest reason people fail exams like the OSCP?

There are a few reasons. Bad note-taking is a big one. Documentation is critical in penetration testing, and if your notes are sloppy or incomplete, you’ll struggle. Lack of preparation is another common reason. Some people go in without having practiced enough or without understanding the fundamentals. Finally, not knowing how to write the report properly can cause you to fail. Even if you manage to root the machines, if your report is unclear or missing key details, you can fail the exam.

Do you think there’s a big difference between someone with two years of pen testing experience and someone with five?

Absolutely. The difference between a junior and a senior pen tester is significant. A junior might still be learning methodologies and tools, while a senior pen tester has a more refined approach and can handle more complex scenarios. With time and experience, you develop a rhythm and intuition for where to look for vulnerabilities and how to prioritize tasks. It’s a continuous learning journey, but the experience you gain over the years helps you become more efficient and effective.

Let’s talk about career paths. Can you explain the difference between red teaming and penetration testing, and what someone might experience in each?

Penetration testing is about finding and exploiting vulnerabilities in systems, typically in a scoped environmentβ€”either external or internal networks. You’re testing defenses and trying to find weaknesses. Red teaming, on the other hand, is broader. It simulates a real-world attack and involves multiple tactics, including social engineering, physical access, and more. In a red team, you’re not just looking to find vulnerabilities; you’re trying to stay undetected and execute a mission, whether that’s data exfiltration or gaining domain control.

Red teaming involves much more than just hacking. It can include physical penetration (like tailgating into a building), phishing campaigns, and other tactics. It’s more like being a spyβ€”using any means necessary to achieve the goal without being noticed. Pen testing is more focused on identifying specific weaknesses, often within agreed-upon parameters, while red teaming is about simulating real-world attack scenarios.

Do you think there’s an age limit to starting in cyber security, particularly with penetration testing?

Not at all. It’s never too late to get into cyber security. If you’re motivated, willing to learn, and have a passion for the field, age shouldn’t be a barrier. I’m nearing 50, and I got into this relatively late in my career. I think it’s more about your commitment to learning. If you’re willing to put in the work, you can absolutely succeed, no matter your age.

The key is figuring out what your strengths are and how you can leverage them. For someone with years of experience in IT or another tech field, transitioning to cyber security is very possible. It’s all about building on what you already know and expanding your skill set in areas like networking, systems, and security fundamentals.

What about the downsides of penetration testing? Are there any risks or negatives to consider?

There are a few potential downsides. First, if you don’t have explicit, written permission to test a network, you’re putting yourself at legal risk. Even if a client verbally agrees, make sure everything is in writing and clear about the scope of the engagement. Going outside of the agreed-upon scope, even accidentally, can have serious consequences.

Another challenge is that pen testing can be highly technical and time-consuming. You’ll spend a lot of time scanning, enumerating, and gathering information. The actual β€œhacking” partβ€”exploiting vulnerabilitiesβ€”is often the smallest portion of the job. There’s also a lot of report writing, which some people don’t enjoy. You have to be comfortable documenting your work clearly and thoroughly, as reports are crucial for communicating findings to clients.

Lastly, it can be a competitive field. Because penetration testing is in high demand, there are a lot of people trying to get into it. However, with the right skills and certifications, it’s very possible to stand out.

What does a typical day look like for a penetration tester?

It really depends on the engagement. A typical day might involve scanning networks, enumerating hosts, and trying to exploit vulnerabilities you find. It can also involve a lot of researchβ€”understanding the environment you’re testing and figuring out how the systems work together. You might spend hours sifting through data or trying different exploits.

If you’re a red teamer, your day might include physical reconnaissance, social engineering, or testing physical security measures. You could be tailgating into a building or trying to clone an access badge. Red teaming is broader and can involve a lot more creative thinking compared to traditional pen testing.

For both roles, report writing is a big part of the job. After you finish your tests, you’ll spend time writing detailed reports that outline your findings and provide remediation recommendations. Some people find this tedious, but it’s a critical part of the job, as it communicates your results to the client.

How closely do you think the OSCP exam matches real-world penetration testing?

The OSCP gives you a solid foundation in penetration testing, especially in network and infrastructure testing. Some people criticize it as being too β€œcapture-the-flag”-like, but in many ways, it mimics real-world scenarios. You’re not just breaking into systems for the sake of itβ€”you’re learning how to gather information, escalate privileges, and document your findings.

Of course, the OSCP doesn’t cover everything. For example, it doesn’t focus on cloud environments or web application testing as much as some other certifications do. But it provides a strong base, especially for network penetration testing. In the real world, there’s also a lot more client interaction, scope negotiation, and teamwork involved.

Is cloud penetration testing a specialization too?

Yes, cloud penetration testing is becoming more common as more organizations move to cloud infrastructures like AWS, Azure, and Google Cloud. It requires a different set of skills because you’re testing cloud-specific configurations, permissions, and architectures. Cloud environments introduce unique challenges, like container security, IAM misconfigurations, and hybrid setups. You can certainly specialize in cloud penetration testing, but having a solid base in network and infrastructure testing is still important.

Do you have any advice for people who want to transition into cyber security from a different field, like software development?

If you’re transitioning from a development role, you already have a valuable skill set. Many developers move into application security or DevSecOps because of their background in coding and understanding how software works. From there, you can expand into areas like secure coding practices, application vulnerability testing, and cloud security.

It’s important to build up your knowledge of security fundamentals, though. Understanding how networks work, how attackers exploit vulnerabilities, and how systems are protected will round out your skills and make the transition smoother.

For those who want to learn penetration testing specifically, what’s the best way to get started?

Start by building a strong foundation in networking and operating systems, especially Linux and Windows. Get familiar with the basic tools, like Nmap, Wireshark, Metasploit, and Burp Suite. Platforms like TryHackMe and Hack The Box are excellent for hands-on practice.

At StationX, we offer courses and labs that walk you through everything you need to know, from the basics to advanced hacking techniques. Our lab environment lets you practice in real-world scenarios, and we provide roadmaps that help you figure out the best path for your specific goals.

It’s also important to join a community. Being part of a focus group or mastermind can help you stay motivated, get feedback, and learn from others who are going through the same process.

Final thoughts?

The OSCP is challenging, but it’s one of the most rewarding certifications in offensive security. It’s not just about passing an examβ€”it’s about learning real, practical skills that will help you in your career. If you’re considering it, start by laying a strong foundation in networking and systems. Use resources like labs, communities, and mentors to guide you along the way.

And if you’re looking for more structured guidance, StationX offers a range of resources, including mentorship, focus groups, and comprehensive training programs. Whether you’re just starting out or already on your way, we’re here to help you reach your goals.

We’ve covered a lot about the OSCP, its value, and the role of penetration testing and red teaming in cyber security. Let’s wrap up with some final recommendations.

For anyone considering the OSCP, my advice is to practice as much as possible. Focus on practical, hands-on experience. Labs like TryHackMe, Hack The Box, and Proving Grounds are excellent for preparing yourself for the real thing. Try not to rush the processβ€”OSCP is tough, and it requires both technical knowledge and mental resilience.

If you’re still early in your cyber security journey, it’s okay to start smaller. Build up your foundational knowledge of networking, systems, and basic security principles before tackling the OSCP. Certifications like Security+ or even Certified Ethical Hacker (CEH) can help prepare you for more advanced certifications like the OSCP.

Also, don’t forget the importance of community. Joining a focus group or mastermind group can help keep you accountable, and being able to ask questions or get advice from others who have been through the same process is invaluable.

Finally, if you’re looking for structured guidance, StationX has resources that can help. From roadmaps to courses, mentoring, and real-world labs, you’ll get the tools and support you need to advance your career.

Thanks for joining us on Cyber Security Diaries. Be sure to check out our blog for more articles on certifications, career paths, and technical topics, and don’t forget to subscribe to our YouTube channel for more videos on cyber security topics. If you’re interested in penetration testing, OSCP preparation, or other security-related certifications, visit StationX for more information.

Stay safe, keep learning, and we’ll see you in the next episode!

Frequently Asked Questions

>

StationX Accelerator Pro

Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Accelerator Pro Program. Stay tuned for more!

StationX Accelerator Premium

Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Accelerator Premium Program. Stay tuned for more!

StationX Master's Program

Enter your name and email below, and we’ll swiftly get you all the exciting details about our exclusive StationX Master’s Program. Stay tuned for more!