OSCP: My journey from Blue Team to Red Team

Finally after year long struggle, I got the most anticipated mail from Offensive security on 29th April 2021.

It was long and at a time felt like never ending journey. Soon after I posted about my achievement on LinkedIn, I received a ton of messages congratulating and asking for advice. Honestly, most of them were from people who are starting into their journey from scratch like me and are eyeing this prestigious cert. Of course I had a whole story to tell regarding the struggles which I went through. Therefore, this post describes my personal experience preparing for the Offensive Security Certified Professional (OSCP) certification from scratch. Also, since you are reading this lengthy post, I assume you know what OSCP certification is and hence, we are not going to get to that.

About Me:

Well I am a Cyber Security Enthusiast with 2+ years of experience in this field. However, I didn’t had any knowledge regarding penetration testing or red teaming. I was working more on Blue team stuff, typically in a Security Operations Centre (SOC). All I had was some basic linux skills. Also, just for the record, I am not from Computer Science background. In fact, I knew nothing about cyber security before I got placed through campus placement. Though, I had keen interest in programming as I am doing it since fairly young age.

I got to know about Red teaming and penetration testing field while finishing my CEH certificate in 2019 (don’t make me comment on that). Since then, I started learning more about Penetration testing and what are the different opportunities in this field. However I didn’t get any good guidance and hence, no progress was made.

PEH: First great move -

Meanwhile at the starting of 2020, Heath Adams (aka The Cyber Mentor) released his first course on Udemy named Practical Ethical Hacking. I was already following him on YouTube and other social media platforms and had already seen some of his videos. I was really excited when I saw the course content and in no time bought the course. From there my journey started in the pentesting stuff however, I wasn’t eyeing the OSCP any soon. According to me OSCP was one gigantic mountain whose peak wasn’t visible at that time.

The course was very well structured and teaches everything from basics in a very beginner friendly way. I started studying this course however it still took me a lot of time as I wasn’t able to give enough time due to a full time job.

While I was already studying this course, I came across eJPT (elearn Junior Penetration testing) through LinkedIn which was a beginner friendly Practical exam focusing on penetration testing offered by elearn security (now INE). I searched more about the course and really like the content it was providing also I heard a lot of praise about their labs and teaching methodology. I decided to invest some saved money on this course as practical experience was what I needed at that time. Meanwhile corona virus also became a big high and I had to come back home and start working from home till situation becomes under control.

This gave me enough time to focus more on the eJPT and I finished the course in almost 2 months and scheduled my exam attempt.

Well the exam went really well and on August 1st 2020, I finished the exam in within 10 hours. This came as a great boost of confidence and I was much more determined. Apart from the practical exam experience which it gave, I really enjoyed the whole course in fact, this was the first and the last course which I enjoyed so much. I wanted to take the next level i.e eCPPT (elearn Certified Professional Penetration tester) however, my financial conditions didn’t allowed me to take that. Moreover, due to COVID-19, everyone was under constant fear and saving money for any kind of medical emergency looked like more intelligent step.

At that same time, work from home extended for almost the entire year. It was at this time, that I decided to go for OSCP in full force.

I started looking for different blogs and started reading about other’s journey in order to collect more information about this course. I even met a very humble guy Adeeb Shah through LinkedIn who promised to guide me throughout this journey. “Over the wire” was the first very awsome resource which I found online. With this you can learn different skills such as linux, web application testing,cryptography, etc in form of games. I finished ‘Bandit’ series which is for linux skills and ‘Natas’ series which is for web application testing.

TryHackMe: Second great move -

Soon after I finished my eJPT, and PEH course on udemy, Heath Adams had released his Windows and Linux privilege escalation courses as well on udemy. I jumped to grab both the courses and started working on priv esc skills. That course introduced me to a platform TryHackMe.

This is a great platform to learn different cyber security skills and tools, starting from basic Linux commands to typical buffer overflow exploits. I very quickly got hooked into it and started learning more about different tools and techniques. I took Hack the box subscription as well while doing the PEH course however, I felt my skills were below par to start that.

TryHackMe was very beginner friendly and provided me the understanding of different tools, techniques, exploits and how to take advantage of them. At any typical day I would go to tryhackme and search for any keyword example LFI, SQLi and go for any CTF or walkthrough which teaches that.

I was still wasn’t able to do basic CTFs on tryhackme on my own. But I kept following the walkthroughs and building up on my methodology. I did a hell lot of labs there and collected as many batches as possible. Finally, decided to go for one month subscription and finished Offensive Pentesting and Web Application paths on tryhackme.

Portswigger was another great resource for web application security. I honestly lagged a lot and till date not very good at web application security. But portswigger academy gave a very nice understanding on command injection, sql injection, XSS, etc. there labs were also very interesting and give a very nice idea about where to look for vulnerability.

After following tryhackme and portswigger and building basic methodology on how to crack CTFs. I decided to move to tj_null’s list of OSCP like boxes. Took the hack the box subscription and started working on retired boxes present on the list. Honestly, I felt much comfortable this time even though I still required to look into walkthroughs. I followed ippsec videos a lot on youtube in order to follow through. My approach used to be:

· Trying box on my own.

· Going through high level summary by ippsec at the starting of video if get stuck.

· Trying it again with some hints at the back of my head.

· Following ippsec walkthroughs if still stuck.

I believe it’s perfectly fine to look at the walkthroughs if you are really stuck however, the approach shouldn’t be to quickly jump to it. Instead, one should try and play around with their methodology. I still clearly remember the boxes on which I found flag on my own than the boxes in which I had to go through walkthroughs.

By the end of December 2020 I did most of the boxes on that list except one that are mentioned as “more challenging than OSCP.”

Finally, decided to take PWK course in January 2021. I tried convincing my company to reimburse the course fee but after they rejected me, I lent some help from my girlfriend and bought 60 days lab access.

You can read my full PWK journey and review in my other post.

My lab ended by 11th March and I gave my first attempt on 16th March. I went through around 40 lab machines including big 4 and labs from other domain and also practiced few boxes on Proving Grounds as well which is by Offensive Security itself. However, I failed my first attempt by 10 marks. I got 55 marks + lab report(which gives 5 extra marks) but I couldn’t even move last 2 boxes.

I felt a huge knowledge gap during exam as I spent considerable amount of time trying to understand what is what. At that point I felt that PWK labs were not enough to pass the exam. Most of the lab machines in PWK course are more often for beginners to learn new techniques and ways. However, the exam is no joke. Also, if u are relying too much on tools like Autorecon, then understand that OffSec knows how to deceive these tools.
After my first attempt, I spent a week to understand what all went wrong and started working on my weakness. Also, the attempt gave me a good idea of what to expect in exam.

Proving Grounds practice(PG): Third great move -

For my 2nd attempt I focussed solely on PG as I found that exam boxes were somewhat similar to it. PG has boxes which are real-life inspired and are not at all CTF like moreover, they also have lot of rabbit holes and are at times difficult for beginners therefore, I would suggest using PG as a final practice to get the flavour of exam. Although as OffSec says PG is not for OSCP practise and also, some boxes may require tools which are forbidden in exam. But PG still in my opinion gives the best practice for exam and people can use it after going through PWK labs as final practice/challenge before exam.

Before my second attempt, I finished most of the boxes on PG and also went to Hack the Box and moved my rank from ‘noob’ to ‘hacker.’ That as well helped me a lot as I struggled a lot as no walkthroughs were present for active boxes. On HTB I mainly tried easy active boxes and few medium active boxes.

I booked my second attempt on 26th April. During last week, I restricted myself from doing more than one box a day and went through walkthroughs of all vulnhub machines in the tj_null’s list. The idea was to create a mental note of different techniques and ideas. Finally I gave my second attempt and got passing marks within first 11 hours. It was a moment of great rejoice and within 48 hours, I got confirmation mail from OffSec.

Leaving Thoughts:

If you reached here after reading this entire journey, I am thankful to you. It was a long long journey as you can see. I don’t believe there is one hard coded way to achieve your goal no matter what you are trying. So if you learnt something good from this, I am delight.

I think there are 2 things you can carry from starting which will help you a lot. That is self-belief and persistence. From the starting I was never enough confident and I didn’t knew when will this end, but I heard somewhere that if you keep looking at the peak of the mountain, you’ll always feel it’s impossible to make it through. So, it’s better to keep your eyes down and keep moving. I think those who are in this industry for quite long understand the true meaning of “try harder.” No matter how proficient you become, you’ll always find yourself stuck with something new which you haven’t seen. At that point, you’ll have to do extensive research and try something else. Offensive security tries to teach you this mentality from the beginning.

Also I am grateful to my family, friends and my girlfriend for understanding and keeping faith in me. I don’t think it was me alone who signed up for this journey. I could never have done this without their support.

What’s next:

OSCP consumed a lot of my time for last whole year due to which I missed a lot of things. I am a man of multiple hobbies. I like to do workout at gym, play guitar, record songs and covers, go out with friends and try different food menus. But COVID-19 and OSCP together took that life away from me. Now when OSCP is over and restrictions have started easing out, I want that early life back. Meanwhile, I am also learning to multitask and manage time more efficiently. I am also working on the next cert which will be revealed soon.

Finally before parting, I want to share a video which I used to watch every time I felt demotivated and low. All the very best to everyone who is going to give this exam in future.

https://www.youtube.com/watch?v=7nYLfqkI8ZA

Pentration tester, Red teamer, Metal Head | OSCP | CRTP | eJPT |