Preparing for OSCP While Working Full-time

Ibad Altaf
3 min readFeb 8, 2024

A pretty cool way to start the year. I have had OSCP on my list of pending certifications for about 2 years now. I have done various penetration testing/Red Teaming-related certifications However, in all of them we get ample time, i.e., more than a day. The difference was that OSCP gives 23h45m. This honestly helps in getting ready for the corporate environment because what I have noticed is that in the corporate environment, you get a very tight deadline. But you should still be able to properly test the environment of the client. So balancing security testing and time management is the key to a project.

Preparation

I work as a full-time Penetration Tester which has some pros as well as cons. I’ll start with the pros. The pros are that I was aware of the majority of the modules taught in OSCP, so it was easy to get through some modules. The cons are that working full time gives you very little time to study for OSCP, as you have to manage working, studying, and spending time with family all together.

I purchased the LearnOne subscription in November 2023. I started with the OSWP certification and finished it by 17th November. I then gave myself a couple of days of rest then started OSCP. I spent 3–4 hours daily after work to get through the course both the textual and visual aspects of it as well as the exercises. It took around 45 days to get through the entire material. So by the first week of January, I was done with the course. I then took 2 weeks off from my studies due to a very strict deadline by the client for a project which exhausted me enough to not study for OSCP after work. I took my annual leave on 15th January and booked the exam for 4th February. During this time, I decided to skip Proving Grounds and focused on doing the challenge labs.

The challenge lab are honestly great, it includes almost every aspect of the course content and last 3 of the 6 challenge labs are like mock exams which helps you prepare for the actual exam. I did 5/6 challenge labs, skipping one as it was beyond the scope of OSCP.

Exam Attempt

There is not really much to say, it was exactly how an exam should be, perfectly doable with sufficient time within 24 hours. As I mentioned above, I haven’t done the PG machines so not sure how much that helps but I came to know that the course content plus a little bit of work experience was more than enough for the exam. I got my “Pass” email within 2.5 days.

Recommendations

  1. Work on enumeration, most of the exam is based on how well you enumerate. Enumeration is key!!
  2. Take enough breaks, as the time provided is more than enough.
  3. Be calm and collected even if things aren’t going your way during the exam, take a walk and then start over with the enumeration.
  4. Challenge labs are a must!
  5. Ensure that you’re good at gaining a foothold.

What’s next

Next in line for me is to get my hands dirty with learning about WinAPIs, NT APIs, and learning some evasion techniques by writing code in low-level languages like C (might also give it a try on C# as well).

I’ll be joining Maldev Academy and will consider it as step 1 towards the goal of getting ZeropointSecurity’s CRTL (Certified Red Team Lead) certification.

--

--

Ibad Altaf

Penetration tester and a red teamer. Love to learn techniques to bypass various security solutions. Find me at linkedin.com/in/ibad-altaf