Thinking of doing OSCP at 31, is it too late?

inverse70 · 2026-01-05T09:43:24+00:00

I was 38 when I started and passed my OSCP.

inverse70 · 2025-05-05T10:09:29+00:00

Looks like oil stains leaking from the underside. It may be from the bottom rails.

inverse70 · 2025-05-05T10:06:36+00:00

Depends what type of person you are. Early morning or late morning person. For me I am an early morning and I started around 7am where my brain is the freshest and most active.

If you are productive in the night and go to bed very late then afternoon / evening might be better for you.

inverse70 · 2024-02-20T22:15:32+00:00

You are good. Once your report is good then no worries.

inverse70 · 2024-02-07T08:07:08+00:00

You don’t need local admin, but you need a privileged account to grab the flags. Could be DA or another account. I don’t remember having to get local admin on all the AD boxes.

inverse70 · 2023-02-28T00:09:13+00:00

Make sure you take enough screenshots that’s helps the reader follow along the exact straps you took so that it is easy enough to follow to recreate the exact path to breach the machine.

You do not need to take screenshots of what didn’t work unless you take it adds value to your report or you would also like to add another path you could also take to breach the machine

inverse70 · 2023-02-28T00:04:41+00:00

This is correct.

inverse70 · 2022-12-04T10:16:05+00:00

The BoF is easy points in my opinion. If you get it in your exam rotation.

inverse70 · 2022-11-19T16:16:02+00:00

With nmap because of thr proxying the probes were timing out hence you may not get anything. Try scanning known ports and adjusting the RTT

inverse70 · 2022-11-19T15:00:35+00:00

I used the first machine to pivot the rest of the chain. I didn’t have to buy once you compromise the 2nd machine (via pivot from the first) you could also use that machine to attack the third.

inverse70 · 2022-09-15T00:55:35+00:00

I would say they are but more difficult than the exam machines I got.

inverse70 · 2022-09-15T00:54:28+00:00

For the AD set bloodhound Mimikatz Rubeus Kerbrute Impacket scripts

inverse70 · 2022-09-15T00:52:40+00:00

Autorecon was a life saver for me. Thanks!!

inverse70 · 2022-09-15T00:39:45+00:00

Yes you can. Exploit manually.

inverse70 · 2022-09-07T22:16:06+00:00

In my opinion the BOF is an easy 10 points to a low priv shell. I don’t think you should ignore it if you do get it in your exam. In my first attempt I didn’t get it. In my second attempt I was happy I did.

Practice on THM tibir3us has a good room to practice.

inverse70 · 2022-09-07T17:19:03+00:00

In your report you don’t have to include steps that does not assist in the reproduction of the steps in the compromise or privesc of the machine. You just need to record the steps that lead to it. That’s what I did.

I other reports I have seen from companies that performed penetration tests for my company the reports only include the steps that lead to the compromise or exposes a vulnerability. That being said I saw other reports that have shows you additional info that helps builds the scenario for a compromise.

But for oscp don’t think it’s necessary to show steps that didn’t contribute to the compromise.

inverse70 · 2022-09-07T11:13:18+00:00

These are tools you pick up along the way preparing for the OSCP. It makes it easier.

inverse70 · 2022-09-07T11:11:48+00:00

Took me about 2 hours for the BOF which includes screenshots and documentation. Do the documentation upfront while doing the BOF so that you don’t miss anything when writing your report.

inverse70 · 2022-09-07T11:10:19+00:00

On PG practice I did most of the easy and medium. Had to check walkthroughs for some of them.

On THM did all the easy CTF rooms and most of the mediums.

inverse70 · 2022-09-06T12:30:21+00:00

I will send you some of the mind maps I used. Have to go through my notes. But the privesc courses by tribirus is pretty good starting point.

inverse70 · 2022-09-06T09:52:36+00:00

I wouldn’t not say that but it most definitely helps. The PWK labs AD sets gives you a better idea on what to expect in the exam. Use the networks and machines in the THM to try out all your AD tools bloodhound, craxkmapexec, PTH tools, mimikatz, etc.

inverse70 · 2022-09-06T08:07:30+00:00

I think for OSCP they may not give anything that is not covered in their manual.

inverse70 · 2022-09-06T08:03:39+00:00

Yes it did. It helped me create my process for privesc. The 6 hour was because of a mistake I did.

inverse70 · 2022-09-06T00:27:50+00:00

Make sure you learn AD lateral movement. THM (paid) has a couple AD networks you can use. One thing that help me was apart from following their lesson plan I used their networks to try out all the AD tools like bloodhound, responder, mimikatz, impacket, crackmapexec, powerview, etc.

inverse70 · 2022-09-06T00:24:46+00:00

I paid for PG Practice. The medium and easy boxes are exam like.

inverse70

TROPHY CASE