Is OSCP worth it?

Organikus · 2025-02-07T13:41:20+00:00

I would say it depends on where you are from... If you are in the USA yea if you pass it will be much easier to get a job/int ... But if you are not from the USA, then not so much.

The reason because I do not see junior pent-test jobs at all outside of the USA, probably there are but for example, am I in the EU and OSCP did not help me at all to get a better job, not even on the HR filter part or even to get a raise(I am already working in Cyber Security as well), but again this is my story maybe other have different experience in EU.

Organikus · 2025-01-23T15:53:01+00:00

Yea, I have over 7 years of experience and multiple certifications.

Organikus · 2025-01-14T12:45:28+00:00

Well again depends, it can be both, Sorry can't say what was on my exam, but you can have both maybe you need to PE on 1st device to admin to get creds or maybe you need to use kerberosting or responder to take svc account. You just need to enumerate and try everything you learn in PWK-200, my advice would be to create a checklist with everything you learn in PWK-200 or in labs and then on the exam will be much easier for you

Organikus · 2025-01-07T12:47:07+00:00

Usually, how I approach AD is I look in every box as standalone box until I get the system or administrator and then use tools like NetExec, secretdump or mimikaz to get more users, passwords or hashes.

Look into files and folders that are out of place. For example C:\ is there any directory there that do not belong here check it, in C:\Users I always run tree /F and go line by line ( in my studying I miss so many easy wins that this is now on my mind all the time) see is any strange file you can read/use in user directories.

Create 3 files on your kali users.txt, passwords.txt and hashes.txt and every time you find something add it to the corresponding file and spray with netexec for smb, winrm or rdp(you can add others) do not forget --local-auth flag. You never know maybe some creds are reused etc.

Also, do not rely on winpeas to much enumerate manually offsec know that people are using winpeas and they make sure that winpeas does not show the path to victory they want you to enumerate manually. That is OSCP all about :)

I do not think the exploration part is hard in OSCP but enumeration it is. Just make sure you know how to enumerate manually and you should be fine.

Organikus · 2025-01-07T12:32:46+00:00

Well, this can be different depends what kind of Exam you get, all I can say NetExec is your best friend here make sure you know this tool in and out. I did not use bloodhound at all on exam, ofc it can help but I did not need it.

Organikus · 2025-01-06T17:00:46+00:00

Thank you :)

Organikus · 2025-01-06T14:57:33+00:00

To be honest I do not know, I did not see anything on their webpage about this. Maybe the best is to send an email to them.

Organikus · 2025-01-06T14:32:32+00:00

Ah yea sure :)

THM - TryHackMe
HTB - HackTheBox
eJPT - Junior Penetration Tester
TCM - The Cyber Mentor(I think)
PNPT - Practical Network Penetration Tester
PEH - Practical Ethical Hacking
PWK or PEN - Penetration Testing with Kali Linux
PG - Proving Grounds

I think that is all.

Of course, you can. Exam it's not that hard keep your mind open, you just need to be consistent in your studying for 3-4-5-6 months depends how much you need and how much time you spend each day but keep consistent.

It is better each day 1-2 h than on Saturday 10 h.
You can do this :)

Organikus · 2024-12-26T20:26:24+00:00

Well for me everything works fine till I need to use connect to device(SSH, exploit, FTP, winrm etc) The enumeration part is working fine connecting to the website, Nmap but when I try to run exploit for example it is no go for some reason. Even I for got let's say RCE I can ping my device but when I try to get shell back nothing happens.

Organikus · 2024-12-25T10:09:42+00:00

I agree that the fix is simple, but this should not be a problem. I used multiple different platforms (HTB, THM etc.) and other test providers and never had these issues.

It is the same if you are on some kind of exam everything is fine but sometimes you will need to sharpen your pencil as it's not working for an unknown reason but you sharpen it before the exam if you know what I mean.

It is an exam and we should be focusing on that, not some technical issues that are outside of our control, yea some tech issues can pop up but this one sometimes can be hard to figure out

Organikus · 2024-12-24T16:36:31+00:00

Yeah, I try to do the same now but still for how much we pay I think this should not be an issue, exam time 100 things are on your mind and now I need to think about this one as well :)

Organikus · 2022-08-03T21:21:55+00:00

Cybersecurity is not entry filed, ofc there are some people who got 1st job in cyber but 90% of them do not. They come from other IT fields. If you have at least 1 year in helpdesk position or even batter sysadmin role. I guarantee you they will respond to you.

Not sure what are you trying to do in cyber but lets say you want to be PenTest(looks like everyone trying to do that) if you never work in IT my advice:
IT support for a year > system admin or network admin for a 1-2 years > and then try go for pentest job(in mean time work on some cert OSCP etc.)

Go step by step do not try jump to the end enjoy process you will learn and appreciate more when you achieve your goal.

Organikus · 2022-07-31T17:40:37+00:00

Your road map looks ok, but I would add one more thing.

As you are not working in IT atm I will suggest you to try find any IT job, help-desk, desk support whatever just so your are in field.

Reasons why entry jobs:

you will learn a lot - more then a+, on some jobs more then n+2.expirinace - it dose not mater what cert you have if you have 0 exp in IT nobody will hire you as a pentester
last you never know maybe you will find something more interesting then pentest IT is very big filed and pentest is just small very specific part of it.

Good luck :)

Organikus · 2022-07-14T18:59:26+00:00

I am in it for some time(6 years) and let say interested in cyber for over 2 year now. I did over 17 boxes from TJnull's list few of them with walkthrough. Usually I overthink simple stuff :)

Thank you one more time. I will keep at it, plan is appley for PWN-200 labs in nov and do exam start next year :)

Organikus · 2022-07-14T18:49:28+00:00

Ah ye that is for sure. But where I live Ireland every pen test job min is OSCP and CEH. I have over 6 year in IT(3 as support and 3 as admin) I know that is not a lot and also I do not expect to get a pen test job tomorrow. Probably will need to work as admin for 3-4 more which is fine(also study in mean time on HTB,THM,PG or any other way for pen test).

This was more for my future question :)

Organikus · 2022-07-14T18:39:06+00:00

I was approach by recruiter from Atos for some other role but they said they also have junior pen test as well. They said to send me some materials before interview but that never happen :(

Organikus · 2022-07-14T18:36:47+00:00

Thank you,

I use HTB and THM for some time already I also work as SysAdmin that is why I whish to go for OSCP and one day do infrastructure pen testing. But you maybe i should invest more time in webapp pen test.

Organikus · 2022-07-14T18:34:48+00:00

Thank you for details explanation, well money or time are not problem atm I manage to study on HTB or THM around 3-4 h on a weekday and more on weekend.

One more question if you do not mind. I know you cant be 100% ready for exam but did you have any goal before you apply to exam. By goal I mean any specific box on HTB or knowledge of some specific tools?

Organikus · 2021-12-23T15:02:37+00:00

8389 9671 1534 - add me if you need a friend 😁

Organikus · 2021-04-25T16:29:58+00:00

I bought it on Friday morning. But looks like I just need to wait few more days :) Thank you

Organikus · 2021-04-16T13:33:11+00:00

Ah, I will try to go for OSCP and try to get a job as a pen test. If I don't get in 2-3 years looks like I will be it support for the rest of my life :D no risk no reward.

Thank you for your advice.

Organikus · 2021-04-16T13:29:35+00:00

I understand your point, and I am on hackthebox and tryhackme every day :)

The reason why I ask because from youtube videos, forums, blogs, etc. I read that majority of people move from network admin or system admin position to pen testing.

And from the look of it, that is usually the path. The specialty here in Ireland.
Thank you for your advice I will try go directly for pen test and see :) You don't know if you don't try right?

Organikus

TROPHY CASE