OSCP preparation: 6 tips to help ensure success
Preparing for the OSCP exam means setting realistic expectations and spending a lot of time on research. These tips will ensure a smooth learning experience.
Summary: A large part of OSCP preparation involves balancing traditional research materials with hands-on lab work. While everyone has their own learning preferences, there are various habits that most successful candidates have developed to pass the exam. Here are six of the most important.
The Offensive Security Certified Professional (OSCP) credential validates the skills necessary to perform routine penetration testing operations with Kali Linux. However, despite being an entry-level credential, it is by no means an easy one to earn. Candidates are expected to have deep networking knowledge and familiarity with basic programming, encryption, and information security in general.
Here are six tips for candidates looking to start their journey into the world of ethical hacking:
#1. Start with a networking and security course
No one can expect to jump straight into a course on penetration testing without first acquiring at least a foundational understanding of networking and security. Before taking the PWK/PEN-200 course, which is required to take the OSCP exam, candidates should first understand everything covered in the CompTIA Network+ and Security+ courses or equivalent. While there are no official prerequisite qualifications, the PWK/PEN-200 course assumes knowledge in these two areas. For a more structured and goal-driven experience, it is a good idea to follow the penetration tester career path.
#2. Always keep official reference materials handy
Offensive Security, the organization that maintains the OSCP certification, has a wealth of study materials that candidates should keep readily available. This includes the 850-page PDF study guide, over 17 hours of video content, and more than 70 virtual machine environments where candidates can conduct simulated hacking activities. These official materials align closely with what is covered in the exam.
#3. Practice using the same techniques as the exam
By far, the most effective way to learn how to hack is through actual hacking, and penetration testing is no exception. The exam itself is a hands-on experience that involves attempting to hack into a simulated real-world environment. Enrolling in the course includes access to the virtual labs, in which candidates can practice their skills ahead of the exam. This experience is easily the most important part because it puts one’s skills to the test in a way that traditional study materials cannot.
#4. Focus on improving time-management skills
The OSCP is as much an endurance test as anything. The exam itself spans 24 hours, although candidates are encouraged to take breaks and sleep during that time, provided they inform the proctor beforehand. That said, it is still a grueling experience that demands careful planning and time management. This is especially important for candidates already in full-time employment since they will probably need more than the 30 day lab time included in the course. Extending lab time to 60 or 90 days increases the cost but ensures ample time to prepare for the exam. Lab extensions cost $359 for 30 days. However, candidates should not be afraid of extending their lab time should they need to - failing the exam repeatedly can cost a lot more in the longer term.
#5. Write the penetration test report ahead of time
Penetration testing is about writing reports as it is about ethical hacking. Reports are the only tangible outputs from a test, and they provide vital insight for clients into vulnerabilities found. These reports must be crafted in an understandable way to less technical audiences, although all supporting documentation should be included, too, to sufficiently explain any vulnerabilities discovered. Passing the OSCP exam involves writing a comprehensive report that summarizes the project, provides details of the processes and approach used, lists risks based on severity, and includes a disclaimer. Candidates should ensure they give themselves ample time to focus on honing their report-writing skills ahead of time.
#6. Prepare the examination environment early on
Since August 2018, all OSCP exams have been carried out online with proctoring to prevent cheating and uphold the integrity of the credential. This means that an Offensive Security employee will monitor candidates via web camera and screen-sharing. Even though candidates are allocated a full 24 hours to pass the exam, they must take extra care preparing their exam space well in advance. Most importantly, candidates should ensure their software and hardware meets the minimum requirements. Starting up the web camera and screen-sharing session at least 30 minutes before the exam should provide enough time to diagnose and resolve any issues. Having a sufficiently fast and stable internet connection is of utmost importance, too.
What to do after the exam
Candidates need to get at least 70 points out of 100 to pass the exam. If they fail, it is possible to retake the exam as many times as required, albeit with a cooling-off period of 120 days and an exam retake fee of $249. Exam results are sent by email within ten business days of submitting the follow-up documentation. Those who pass the exam will be asked to confirm their delivery address to receive their formal certification.
Becoming an OSCP comes with lucrative career prospects, with salaries averaging $95,000 per year in the US, according to PayScale. Furthermore, penetration testers are in enormous demand, especially in the finance, government, and healthcare sectors. That being said, the journey does not stop there. Certificate holders may want to take their education even further by embarking on the path to Offensive Security Experienced Penetration Tester (OSEP) or a similar credential.
Cybrary for Teams is an all-in-one workforce development platform that helps organizations develop stronger cybersecurity skills, prepare for new certifications, and track team progress.
