#OSCP exam advice thread.

Someone recently asked me if I have any advice for the OSCP exam, and I decided to share it with everyone in case someone else finds it useful.

Here's the advice I gave:

1. Stay calm. Chances are at some point during the exam you’re going to think you’re going to fail. It happens to everyone including myself. When that happens, take a break and repeat to yourself that you’re prepared and that OS designed the exam in a way that it can be completed

2. When stuck on something always google the technology + HTB/vulnhub/oscp. You won’t find the exact solution but you’re likely to find something similar that might nudge you in the right direction.

3. Make use of your Metasploit attempt if you get stuck. In the exam I came across a technology that I wasn’t super familiar with and I could have done it w/o Metasploit in a couple of hours but it only took 5 min with Metasploit.

4. Use AutoRecon
5. Don’t rush yourself. Trust me, you’ll run out of ideas b/f you run out of time on the exam.
6. It goes w/o saying you should do a full port scan. Enumerate weird services first (look for associated exploits)

7. Take screenshots / make notes of everything you tried (including commands) while you’re doing it. It helps you keep track of what you tried in case you get stuck and it makes sure you don’t lose your work if your vm crashes during the exam.
8. Take breaks
9. Keep it simple

10. Don’t make assumptions. Try everything you can think of
11. Take @TibSec's privesc courses
12. Have a report template ready. Although you have 24 hours to write the report, you’ll be exhausted from the 24 hours you spent on the exam

13. This last advice is easier given than taken. On the off chance you fail the exam, remember that having the cert does not define you. The time you spent studying for the cert and improving your skills is what really matters.

Take a break, figure out what you need to improve on and try again.