OSCP Blog Series – Does Other’s OSCP Journey Misguide You ?
Well, being consistent in sharing my experience throughout my journey I would like to recall a very important blog post which will surely make a huge impact on the mindset of OSCP aspirants. When we dream for OSCP and start planning, all of us try to get guidance/tips from OSCP holders, Colleagues, and reading other’s OSCP journey. The basic objective of doing this analysis is to make our OSCP journey easier by avoiding mistakes done by other’s and follow the tips which helped others.
This is good thing to do and I also did the same. But, I personally believe other’s tips might not help you all the time as everyone plan their journey based on their capabilities and other factors such as time, mindset, learning skills, money etc. Believe or not but all the factors play a critical role in our Journey.
For example, a person having good Penetration Testing and Problem solving skills may take 2 months Lab out of which he/she can spend 15 days on course material and rest of the 45 days on Lab challenges.
On other side, a person having average Penetration testing and Problem solving skills may take 3 months Lab out of which he/she spend 2 months on course material and 1 month on Lab challenges.
Similarly, a person from any of the above two scenarios may take 3 months Lab out of which he/she spend 1 month on Course material and rest 2 months on Lab Exercises.
So the point is that while reading other’s blog or getting guidance from others , we should not directly follow what they are suggesting as their level of skills may differ from you along with other factors such as time/effort they are spending per day for the OSCP.
Sometime OSCP holders or their Blogs about their Journey may also mislead you because most of the time they write this based on their Journey and share the experience. So it doesn’t mean that you need to strictly follow that path. So if someone in their Blog says that he/she completed OSCP within 2 months and focused on Lab exercises 80% of the time, It doesn’t mean that you also need to spend 80% on the Lab.
So the major takeaway from above is to ensure that, we should not blindly follow the path what other have followed during their Journey. Try to understand the scenario from that Journey and create your own Plan based on your strength and weaknesses. This will always help you to spend your valuable time on the right things.
Below is one of the most common myths one may have in his/her mind after reading OCSP Journey of other’s.
Will directly jump into Lab Machines once I get my Lab credentials or will just have a quick look on the PDF without practicing exercises.
Wait..wait..wait.. Don’t be overexcited and control your emotions. We all have dream to achieve OSCP but for that we need a proper plan. Most of the time I have seen people saying that once they receive their Lab credentials, they will directly jump into Labs which is a completely WRONG decision. No matter how technically strong you are, you always should follow a safe/systematic process while approaching OSCP.
No doubt, Labs are the critical part while preparing for the Exam but before that one should make sure that he/she have complete understanding of the attacks and methodology Offensive Security wants you to approach. Many time times I have seen that people doing well in HTB, VulnHub are not able to crack OSCP even when HTB have few machines which are harder than OSCP Labs or exam machines. The only reason behind this is that he/she is not aware about the systematic approach of a Professional Penetration Tester. This is what Offensive Security wants to teach you throughout your course.
One who is technically sound may also fail the OSCP if he/she is not upto the mark while planning to crack OSCP. So I would always recommend to first complete the Course material provided by Offensive Security and then go to Labs. This will give you complete idea what Offensive Security have included in scope and what skills they are expecting from you during the exam.
Author: Yogesh Prasad
Information Security Professional | Cyber Security Expert | Ethical Hacker | Founder – Hackers Interview