One of the topics that came along during my call for subjects was that of preparations for courses, especially the time management part when having a full time job or being a student. 

I understand where this comes from, I’ve had similar doubts in the past myself. Many courses seem massively large and look like an unclimbable mountain or work. I have learned a few tricks that I will share and that hopefully will help you along the path as well.  

In order to make this concrete, I’m going to write this article based on the experience I’ve had with my OSCP, OSCE and OSWP. The latter one is the wireless course where the exam period is short, three hours, and meticulous preparations is key to beating the clock. 

We will cover five elements that I consider key in a successful course, study, bug bounty, anything actually… first we look at the prerequisites, are we able to start or do we miss skills? Secondly we discuss the importance of setting yourself a goal. Planning comes in third and we look at how we can tear down that massive mountain of work into smaller pieces that we can tackle. Lastly, we look at how to prepare for the exam. 

During each short chapter I will provide you with FAST action steps, a methodology I’ve learned to use thanks to Dave Kerpen! These “first actions steps to take” are hopefully useful for you to put theory into practice! 

Getting ready and start, really: just start 

It depends widely on which course or study you take what you need to know upfront. Many people ask me what they need to do or learn before that they can start their OSCP training. The nice thing though is that it’s a course with a lab, a study guide and tons of videos…  

This means that most of the more complex things are explained carefully in these videos and guides. You don’t have to know upfront how a buffer overflow works or how you create an SSH tunnel to pivot around for OSCP. You also don’t have to know how to do math calculations in assembly for your OSCE. They teach you that stuff during the course! 

A few things are good to know though. The OSCP is not a complete beginner course, you are assumed to know the concepts of programming, and knowing python will be a great value to have. The Python mini degree from Zenva academy is a great starting point or refresher for anyone!

If you don’t have real world experience with website assessments or penetration tests, I have to break it to you. Sorry, OSCP isn’t the course you want to do now. You won’t get from it what you should. I recommend starting with the machines from pentersterlabs instead. They have amazing starting machines that teach you the basics of what security research is. These are really great to.  

Once you’ve mastered all of them, try to do some bug bounty programs like Hackerone and Bugcrowd. These are perfect to start learning to work in the real world with real networks and clients. I am going to write an articles shortly after this one which will help you get started doing this! 

If you know a language like python and pentesterlabs is a walk in the park? Stop doubting yourself and just go for it, really: Go Go Go! There is no point in over-preparing for things that you get taught during the course! 

FAST; First Action Steps to Take 

1. Learn a programming language well enough to reuse scripts from others and make the work 
2. Get some real world experience, for example with bug bounty programs before starting your OSCP journey. It might make you some cash to pay for it as well! 
3. Just start! Don’t hesitate, do it! 

Set yourself objectives 

Ok, now that we have gotten to the part where we have decided to sign up, what do we want to learn? Just doing a course for the sake of getting a paper that says we passed something isn’t right. 

As we will discover in the next section, planning and available time determines what we can realistically achieve. OSCP labs time comes in three flavors: 30, 60 or 90 days. You can extend as well… I set my personal lab time to 30 days, but it can very well be that you can’t work on it every day, so you need more. This is perfectly fine, as long as you keep it real for yourself. Anything works! 

I set myself the goal that I wanted to own at least 75% of the lab machines and root each machine in the admin network.

Why did I choose this to be my objective? I knew that there are some machines in the basic network that are stand alone and more CTF style, I didn’t really care about those. I wanted to learn how real world networks are linked together and how you can pivot between these networks without having legitimate network credentials. Being a windows person pretty much all my life, I had to step out of my comfort zone and learn the Linux way to do this. 

After acknowledging this for myself I set my exam date immediately after to keep the pressure on. 

FAST First Action Steps to Take 

1. Acknowledge what you want to learn before you start 
2. Make SMART objectives out of your set study goals 
3. Set your exam date in advance so that you have a fixed deadline to focus on 

Make an achievable planning 

The labs are great, but the videos and guide are important too. When I did the course in 2015 I had to turn in the lab exercises as well, which may help in passing the exam later on. 

I had the possibility to invest about 4 to 6 hours a day to make this work out for me, together with a full time job. I could only have done this thanks to a great boss and an even better understanding wife! It everybody has this chance, it can be that you only have an hour a day, or a few hours a week due to study, work or a new born family member that requires a lot of love and attention. 

In order to understand how much time I needed to allocate, I had to make a solid planning. Knowing how long the videos are, how many tasks there where in the guide and roughly how many machines there are in the lab, I could make a detailed calculation.  

I expected some of the machines to be easier than others so I guessed that 40% would take me an hour to own, 20% would take two hours, 20% would take me three hours and if I couldn’t crack the remaining 20% in less than four hours I’d skip them. This was very tight, as there where over 50 boxes in this network… 50 boxes is 18 days with 6 hours a day… But, I set myself only 75% of all boxes, so it has to work. 

Now that I had then timelines I needed to invest, I was able to map this out onto the time slots I had made available for these courses. You will have to maneuver a little bit to make it fit nicely. If you need a lot more days than you originally thought there are two things you can do: either extend the time you set for it, lengthen the number of weeks or hours per period, or reduce your load by setting less complex objectives.  

Remember that had had to be SMART, where the T stands for time and the A for acceptable. If it doesn’t fit your planning, neither of these were correct to begin with. 

Once the planning is set, you are ready to go! Dedicated work is important. When you have the planning in order, stick to it. This is extremely difficult and hard, especially in an addictive lab as that of OSCP. When you cannot meet your set deadlines, set a timer of have someone call you after the agreed time slots.  

FAST First Action Steps to Take 

1. Calculate how much time you can invest on a weekly basis for the period you allocated (lab time), by the day and write this down 
2. Calculate how much time each of your set tasks will take, both theory and practical parts 
3. Map the allotted time per task onto your planning. If it doesn’t fit consider where the error lies, is the available time not enough or have you created too heavy tasks for the time you have available? Reduce your load or extend your allotted time if possible. Don’t forget to change your exam date if you do. 

Working with consumable chunks of work 

The biggest fear I hear from everybody is that they don’t know where to start. For me in OSCP it was clear: the videos and the guide. Starting with the labs was tempting, but seemed wrong. Why start with practice if you haven’t heard the theory about it first? This was a smart move I’ve learned while watching the videos. 

I granted myself a full week to work my way through the videos and the guide. I admit, this took me more than 4 hours a day, so my planning was partially off already. I was closer to 6 a day, sometimes even more. Mostly because it was fun and I wanted to understand the theory well. 

When I worked my way through one and a half chapter a day on average, it turned out that I’ve already owned a few machines in the lab by starting with the videos first, awesome! That gained me back some time! 

Going into the labs overwhelmed me, I had no idea where to start and thus started with everything at the same time. After a day or two or so I wondered why I hadn’t rooted anything yet. Taking a step back I realized I wasn’t following through. I wasn’t following what I’ve said I would. 

I looked at my first nmap output of the base network again and started looking for the obvious ones and grouped them into what I thought was making sense. So I mapped on things like windows, Linux, web, smb and others similar things. This worked out well, and the boxes started to pop nicely one by one. 

Soon the first pivot point was within reach, but I couldn’t get through. This is where I learned the value of taking clear notes. It is vital to document what you’ve found where. You will have to continuously think what you’re able to do now what you couldn’t do before. And also what you know now what you didn’t knew before. The lab is built in such a way that you can expect to find information on a machine that you have to use on another. Document which exploits you’ve used on which machines and what kernel versions will save you a lot of time. 

Also, if you get stuck, the IRC channel of OffSec has proven to be amazing for me! Don’t expect straight answers from the admins, they usually tell you to try harder if you can’t explain clearly what you’ve done. But if you have the patience and can explain very clearly, they guide you in the correct path. Also other students help out a lot without spoiling the fun! 

FAST First Action Steps to Take 

1. Start with the theoretical parts and videos first if these are available. 
2. Cut up practical assignments into small parts. In case of the OSCP lab, group for example by type (web, smtp, web, imap, windows, Linux, etc) to make smaller groups that you can attack 
3. Focus on single machines instead of whole groups. Try hard, take brakes and try again. If it doesn’t work out, switch to another machine while making notes of the progress you’ve made. 

Exam preparations 

The time has come, exam day is approaching. It is important to have your ground work prepared for battle.  

For me this meant having my exploits aligned, documentation in order and knowing what to find where. I had prepared my lab document during the course itself, so this didn’t need any work from my end. It is recommended to do this properly, as it can earn you more points during the exam! 

The new OSCP exams have a proctor is providing overview in your work to prevent you from cheating. Unfortunately this was needed as apparently people found it useful to cheat on the exams or have others perform the exam for them. This shows the true power and value of the certification, so don’t feel offended by it. 

You have 24 hours to complete all tasks, which is absolutely doable! You should take frequent breaks and drink enough to maintain a clear head. Really, if you have set realistic objectives and met them without cheating yourself, the exam are just 5 more machines that you can own! 

When you start, you’ll see that machines have different points. Decide for yourself where to start and make a mini planning. Following this planning, as you won’t need to root all machines to pass your exam! 

Break up the individual machines into smaller sub task prevent looking up to unbearable tasks. You can do it, you really can! After these cruel 24 hours, you will have 24 more to write the report and in it this to the OffSec team.  

A report is really important , as they will have to understand clearly what you’ve done. Not doing this correctly can result in you failing the exam, even though you’ve owned all machines! It’s like real life, your clients pay you for the report. If they can’t understand what you’ve done, you have failed your job… 

Share your results on LinkedIn and tag me! I’m really happy to be the first to say congrats! You’ve tried harder! 

FAST First Action Steps to Take 

1. Take a long steady nap before you start, being well rested is imported for your 24 hour challenge. Takes short 10 min brakes during your exam every 2-3 hours and a long 45 minute break every 8, let your proctor know you take one. 
2. Do not to panic if something doesn’t work out well. Take notes and switch to another machine. If you have met your objective during the lab, you have this covered! 
3. Create small chunks of tasks for each machine you try to own, don’t feel overwhelmed by the individual tasks! 

Get ready, set, go! 

This part is easy, you’ve made it to the end! Thank you for reading, I hope it wasn’t procrastinating from your end 😉  

The five most important things you’ve read throughout this article are: 

1. Get ready to start, and start. Really; just start the course! 
2. Set yourself clear objectives, what do you want to learn and why? 
3. Make a realistic planning, check the FAST action steps in this chapter for help  
4. Break down the mountain of work, handle small sub tasks and celebrate each success! 
5. Sleep well before your exam and have your lab report ready in advance.