Hi all, I am back with everyone’s favorite certificate and most requested certificate

— Offensive Security Certified Professional+ (OSCP+) by OffSec. I wanted to share

my view and give tips on the latest version of OSCP+. Let’s keep it short and don’t
worry if you were preparing for the OSCP exam earlier but couldn’t go for the exam
yet this blog you help you out enough to pass your OSCP+ in the first attempt.
Press enter or click to view image in full size

OSCP+
Background
I took my OSCP 3 years ago and it was a worth while journey. I am back at it again
so I could renew my CRT and I have been waiting to try the Active Directory updates
on OSCP (now OSCP+). Do not be confused or overwhelmed by the changes made
to the new OSCP+.
I believe OSCP+ is more easier than the OSCP I gave 3 years ago. It is not because
of the experience i have gained but the Active Directory part is super simple and
free points if you ask me.
Prerequisites and Preparation
I personally didn’t prepare for the exam but did check the coursework on the Active
Directory part and did the labs. I want to link back the blog I wrote about my
last OSCP review: Passed OSCP with 100% in 15 hours.
I suggest you give it a good read. The blog above covers the plan and preparation i
did in the last OSCP exam. If you have covered most the things, you should be a
good to go for the exam. If you’re lazy enough like me let me list you all things from
the blog earlier ._.
 You should have done enough machines on TryHackMe and HackTheBox. If
not, start with TryHackMe get some experience and then move to
HackTheBox Retired machines and eventually moved to TJ Null OSCP list.
 My favorite: Ippsec and 0xdf. These guys are the best for understanding the
mindset. I used to watch ippsec/0xdf even after finishing a box, just so i can
understand what else could have done.
 Use walkthroughs wisely. Keep in minimum. Always make sure you learn
something whenever you take a look at a walkthrough.
 Definitely do all the Challenge Labs from the OSCP. If you have the time, take
a month of Proving Ground (Paid) and do as many machines as you can: you
can use 3 hints and 1 walkthrough everyday so better utilize it.
 Privilege Escalation: Do a TCM Academy (Windows and Linux) or tib3rius
Privileges Escalation course. These course will teach you more than you need
for OSCP but is very helpful in future.
 Note everything you do. Trust me don’t make the same mistake as me. Get
yourself a online notebook like Notion or OneNote and write everything you
learnt, poc to exploit, etc.
 Learn to perform one task in multiple ways like transferring files, manually
verifying the exploit, etc.
 Take a snapshot of your VM before exam and make sure everything you
might need in exam is handy to you.
Exam Experience: OSCP+
OSCP+ has 40 points for AD Set and 60 points (30 each) for standalones. Good
news now you don’t need to compromise the whole AD set to get points, each
machine from AD set will give you points. You need 70 points to pass the exam with
report.
I started my exam at Saturday morning will good sleep, coffee and motivation. I got
the AD set done in around 4–5 hours, I had some issues with stabilizing shell. I knew
the better way but was planning to do the least amount of work but regarding at the
end I had no choice. The standalone took me sometime. In under 15 hours I had
enough to pass the exam so I just wrote the report.
Active Directory Set
In my opinion, this is almost free points. When I say this I meant to say this set is
very simple. Ofc with my nature I had to overcomplicate things as usual but
everything I found and exploited was actually done using manual checks. My
automated recon like winpeas, etc were good as well but sometimes those
information can overwhelm you and waste a lot of time. So my tip would be do a
manual checks to your known commands/locations and hopefully that would be all
you need to finish the AD set. Compromising DC could be little confusing at first, but
see what privileges you have and see what could you use it for — this part might
need some out of the box thinking but is supper simple.
Standalone Machines
Now this part I would say is always the most interesting. It could be super hard or
super simple. It all depends upon how you handle the issue. But As always stick to
simple stuff, you won’t be asked to write or edit a very complicated exploit. It is
always simple enumerate, whatever you find think how can you use it. If you found
some information like idk like home address — it is most probably a rabbit hole. You
should always look for names, password, logs, etc. something which you could use
later in exploitation or post-exploitation. Check for default config and see what you
can do after that.
I saw a blog which was quite good when comes to preparation: Muhammad
Noman’s OSCP+ Journey: A Comprehensive Review. Do check it out! :)
Report
Just follow the Official OSCP+ Report template or Noraj Report Template. Normally
when I am writing a report I just include — What was found and it’s exploitation
part. Sometimes if i found two ways to exploit a vulnerability I might include it. You
don’t need to write every single step you take — but make sure you include
whatever is needed to replicate the whole compromise.
My Final Tips:
These were my last OSCP tips and I would say is still relevant but I did add some
new ones :)
 Remember every machine is vulnerable so don’t just lose hope if you don’t
find anything useful. Take a break and come back.
 Make sure you do some manual/default checks. Sometimes automated scans
can throw off false positives.
 Find multiple ways to exploit known vulnerability if it is possible, also make
sure you don’t depends upon just ‘curl’ or ‘wget’ to move files.
 If you get a 500 Response with your payload, you could be on right track just
not the right payload.
 Taking breaks is way more important than you think. If I didn’t break I would
definitely fail. WE ARE NOT MACHINES!
 Don’t overdo coffee or energy drinks.
  Have a full 7–8 Hours of sleep before the exam.
 Learn everything you need before the exam. Do not panic and rush to learn
on the last day.
 Do a full TCP and UDP Scan. You don’t wanna fail because you missed a UDP
port.
 I would suggest checking out PG Practice out PG Practice out PG Practice out
PG Practice out PG Practice out PG Practice out PG Practice out PG Practice
out PG Practice out PG Practice out PG Practice out PG Practice from OffSec
before the exam.
 Remember this journey is a marathon, not a sprint.
 Practice as much as you can, get used to reviewing scan outputs. This will
save you a lot of time.
 Lastly, remember if I can pass it so can you! Trust your hard work!
Thank you
Best of luck with your preparation! Remember, it’s all about staying calm and
following the process step-by-step. You’ve got this! If you need any advice or just
want to chat about the exam, don’t hesitate to reach out — I’m happy to help!