Passing the OSCP is not easy, but there are a number of high quality resources out there to help set you up for success. The below is not representative of all the resources that can help, it’s just a curated list that helped me.
One of the most important parts I feel is finding some decent resources, sticking with them, and filling your knowledge gaps with practice and your own notes. In the early stages of my journey, I felt I spent more time searching and bookmarking cheat sheets then I did actually getting onto boxes.
The below ideally helps you with that process.
The Course PDF.
It sounds silly, but it really is the best resource to help pass the exam. It’s something I read over constantly in the months leading up the exam, even skimming over it when I had a spare 30 minutes, just to refresh myself on what’s actually inside it. It’s also something to have right there with you during the exam. It should be your bible.
I did not do the course exercises in the lead up in order to qualify for the 10 points, however it’s something I wanted to be across as much as I could as prep for the exam.
Whilst the course book does receive a lot of criticism for being long and sometimes a bit off topic for the OSCP certification, its important to note that if its in the the OSCP exam, its going to be based on the skills from the pdf.
For this reason alone it is absolutely the number one resource for helping pass the OSCP exam.
Ippsec.rocks.
IppSec has been around a while now and his channel covers some awesome walkthroughs for HackTheBox machines. Importantly, he covers all difficulty levels. If you are just starting your OSCP journey it is a great resource to learn a consistent methodology, especially in the enumeration phase.
One of the great aspects of Ippsec’s website is it is easily searchable, so refining learning on tools and skills, such as crackmapexec and chisel, make it a breeze.
Early on, I was watching IppSec’s videos and completing the boxes at the same time. This helped me learn a proper and repeatable method, as well as dealing with common issues and challenges we may face. I also highly recommend you use his videos to review your work after completing the OSCP Like Boxes on HackTheBox from TJ Null. Learning multiple methods to achieve the same goal is also very important.
Hacktricks.
This website ended up being the only cheat sheet I took into the exam, and for good reason. The sheer amount of information on it will cover you for most situations, but importantly, it has practical commands to run for each port or service you come across.
Like I mentioned in the introduction, it can be easy to have a dozen or so cheat sheets, but for sheer consistency I think it’s important to just rely on one or two. I believe this is the one to rule them all.
The author of this page is also behind the very popular post exploitation scripts, LinPeas and WinPeas (hint: you should be using these!)
Tib3rius Privilege Escalation Courses.
Although the previously mentioned resource goes over privilege escalation in depth, I found these courses to be very practical and cover off on only the most important topics and “easy wins”.
Covering both Windows and Linux privilege escalation, the author provides resources, scripts and tools to go ahead and practice what is shown, rather than just reading or watching on screen. This is extremely important, especially as we all learn best when doing.
The courses are on Udemy. I made the purchase and didn’t regret it.
The author of these courses is behind the popular enumeration script, AutoRecon.
Buffer Overflow Room on TryHackMe & Associated Video.
With the recent changes to the OSCP exam, you are not guaranteed to get a Buffer Overflow box on the exam. But given how straight forward the buffer overflow machine can be, it is imperative you prepare in order to not spend too much time on this box, should you get it in the exam. Luckily for us, there are a lot of resources out there to help us practice. Our good friend Tib3rius comes to the rescue again with some scripts and resources prepared on TryHackMe.
The best part is, the room is free! Better yet, he also has a video on YouTube to help you get going.
OSCP Offensive Security – Proving Grounds.
I rooted a lot of machines in the lead up to the exam, nearing 100 across multiple platforms. In retrospect however I would of spent more time on Proving Grounds. Reason being, the machines in Proving Grounds, especially the OSCP Like Boxes on Proving Grounds list, I think are more representative of the exam machines than those on TryHackMe or HackTheBox.
If you are subscribed to Offensive Security’s more recent Learn One subscription, you actually get a year of the Proving Grounds Practice included. Otherwise, it works out to be US$19 per month.
It’s definitely worth it considering you may be considering taking up a monthly subscription for HackTheBox, or another provider. My personal opinion…use Proving Grounds if you are intent on passing the OSCP.
Your Own Notes.
Lastly and most importantly…your own notes. Don’t rely solely on HackTricks. Write you your own notes. You will develop your own methodology which will includes switches for certain commands. You want to expect certain output and even certain errors depending on your methodology. Write those down. You do not want to be searching for the syntax for particular commands during the actual exam.
I personally used OneNote, as I was pretty anxious about losing my notes if they were not backed up into the cloud somewhere. Really though, any good note taking tool is good as long as they are neat and consistent. I went through mine in the days leading up to the exam, refining and expanding them where I think I want more output (such as verbose output) or even less, such as with tools like AutoRecon.
Experience.
There is no greater resource than experience. No matter what tools you have read about, what websites you have bookmarked, however many IppSec videos you have watched, nothing at all will replace the experiences gained from rooting as many machines as you can.
I think overall, this is the main takeaway. The resource above will help but you should be actively looking for opportunities put them into practice.
And as always…take notes!
