Wednesday, 5 April 2017

Penetration Testing with Kali Linux OSCP Review and Course, Lab experience — My OSCP Review :Try Harder! ;)

 Penetration Testing with Kali Linux OSCP Review and Course, Lab experience — My OSCP Review :Try Harder! ;) 

Gaining the OSCP certification is a challenge like no other. After my experience with the OSCP exam course from Offensive Security, I decided to go ahead and write an OSCP Review. I registered for this course in July 2015 and choose 90 Days lab. Within a week I received Mail from Offensive Security regarding VPN Access, Course Material all etc.
OSCP is a combination of Network, System & Web Hacking also a medium part of Exploit Writing, where you have to write an exploit for a particular vulnerable software.
Who am I:
For those who doesn’t know me .My name is Narendra Bhati, working @Suma Soft Ptv. Ltd. As Security Analyst. I have 3+ years of experience in Application VAPT. I am also bug bounty hunter and doing it from last 3 years. Yes lots of money ;) apart from salary.
About The OSCP Course:

I quickly completed my course material like videos and pdf and it tooks me 3 days to watch it completely. 1st day in my lab, I was able to root 3 machine and I was like King of hackers :p but in actually not. Time by time I learned that the lab is made to hacked but its not easy as I was thinking in starting after rooting 3 machines on 1st day.
In lab I faced different kind of scenarios where only Offensive Security Guys can provide because it’s totally related to real world attacks and approach. I must After lab exercise there is new thinking or you can say style of attacking is getting developed in my mind ( Really ;p )

In the lab machines, I spend more then 7 days on a several machines to get root access of it, yes it is true. You really need to work hard. At the end of my Lab, I was able to root almost all machines hmm ;)

The Judgement Day - 1:

After around 3 months, I decided to give my OSCP exams. I chooses Nov 2015,4:30 PM time slot.
At sharp 4:30 I got the mail from Offensive Security with exam details, VPN Access and all. First I started my hand on lowest marks machine and within 15 minutes it’s done. I was like BOSS ! :p   
After this machine I got second machine after 5 hours and later on it was all dark. After cracking two machines I was getting nothing. I was thinking where the hell I am missing something or doing any mistake. 50% time was gone I got my hands on only 2 machines with around 25% marks which was not enough to get Pass, at least you need 70% marks to achieve the OSCP Certification.
Rest of the time I was very frustrated and confused because I have done good practice in OSCP lab then why I am not able to crack those exam machine and later on time was gone. VPN disconnected and my hope too. L
After 3 days of sending my report, I received mail from Offensive Security that I wasn`t passed. L

The Judgement Day – 2:
After my 1st failed attempt, I was very disappointed and wasn`t wanted to re-attempt for OSCP, because OSCP exams really kicked my ass a lot.

But in the background. I realized that, I fall in some of the places like Privilege Escalation & Information Gathering part.
During the office project and deliverables and I was not able to do proper study and practice again. But still I have to do this.

I was continuing to improve my Privilege Escalation & Information Gathering part every day over the night.

But in March 2017 I seen a Facebook post of one my friend about his OSCP Achieving, I think should I try one more time hence i was improving my weakest parts and yes. Just after 15 day I schedule my OSCP Exam at the same time. Within 15 days I did all practice and studied a lot on the things where I was lacking.
Received the VPN details and exam details on sharp 4:30 PM, this time I was confident and decided to crack the machine which have highest marks. Within 12 hours I was managed to crack those machines and was very near of Passing Marks. Next 12 hours I put my almost all efforts and finally I achieved the score which I was looking for just before 1 hour.

Sent my report to Offensive Security with all details and within 2 days got the haunted mail and It was "I have Obtained the OSCP Certification"

Best of luck to anyone who going to take on the OSCP course and exam
Some resources I used:
More information about the OSCP and PWK can be found here:


  1. So what was the issue that didn't allow you to crack those machines initially?

    1. In my 1st attempt, I wasn't good enough in Privilege Escalation & Enumeration. Later I improved it and re-attempted.


Featured post

Yandex IMAP Brute Forcing(No Rate Limit For Login Attempts)

Hello Guyzssss, I am not in bug bounty so much, But while using one of the yandex service, I found that there was no Rate Limit Deploye...

Popular Posts