It probably seems like part of passing the OSCP is being contractually obligated to write about it. There are literally hundreds of blog posts about the OSCP and what to expect and what you should know and what the author learned and what they ate on test day and on and on. I read dozens of them before I started and if you are reading this then you are likely doing the same at this very moment. I won’t bore you with anything about my actual experience, but I have to write something or they won’t send me my certificate (that’s a lie) so I figured I would try and offer something different in the tips departent than the normal fare.

Don’t rely on the forums.

I probably learned more from the rabbit holes and dead ends I took than I did from the correct paths. So if you jump into the forums at the first point of getting stuck to get the answers you are going to miss out on a ton of learning and getting practice on your google fu skills and the skill of realizing when you are likely to be in a rabbit hole or dead end. These are super valuable skills, and also the few hours you spent learning how apache is configured because you have some half assed idea you think might work, might look like total folly in the context of what is actually needed for the machine, but it will pay off in the future when a better understanding of apache is needed for something.

Remember, the goal of the labs is not to pop boxes, it’s to learn. I liken it to poker, one of the things that has to happen for someone to really start to improve at poker is they have to learn that the goal is not winning pots, it’s winning money. It seems obvious, but winning a pot is what the focus is on (because how else can you win money?) and because it feels good to win pots. Same with the boxes, the goal seems like its pwning the box, because why else are you running scans and enumerating it, and because it feels good to get those flags, mission accomplished!!! But your number of owns is meaningless. Your goal is learning.

Rely on the forums.

Don’t you hate when people give conflicting advice? The forums are great, they are called “nudges”, but for most of the boxes you can downright get the answers if you go through all the threads (which is dangerous for the reasons I outlined above). But you are going to come to a point where you’ve exhausted all your ideas, or what you are thinking of trying seems so complex and confusing you don’t know where to start. When that happens it’s time for a nudge. You can’t know what you don’t know, there are lots of things you are only going to learn if someone helps you out, because what you needed to do was a thing you didn’t even know was a thing, you never would have gotten there on your own or through google. Also, just because you popped a box doesn’t mean you are done. After you are done, take a few minutes and go look in the forum for that box and see what other people did. Lots of times there isn’t going to be any benefit because everyone did the same thing, but there are also many places were you will learn something really valuable because you see someone took a different path, or you realize you could have made the path you took a lot more efficient based on what someone else did. Remember, you’re there to learn, not pop boxes.

Help other people.

The only way for you to get a nudge in your time of need is for someone else out there to take the time to nudge you. So when you’ve got the skill or the knowledge, take some time and give back. It’s not actually a selfless act either, I wrote and received a couple hundred PMs at least, and the hours I spent doing that helped reinforce the paths I took and the techniques I used. Every time I had to go back and read my notes or access my memory for a machine someone wanted a nudge on, it strengthened those neural connections and helped me remember or recognize opportunities to apply those techniques on my own on other boxes. You don’t have to spend a bunch of time like I did, I enjoy it for it’s own sake, but you should at least spend a little. Hop in the forums and try and answer a post or two every now and then, or PM someone who is looking for a nudge, or if you have a tip you think is helpful that you haven’t seen mentioned when going over the posts after having just pwned a box, take a second and make a post about it.

Don’t be that guy

There is nothing more frustrating than turning to the forums for help, seeing a post from someone asking for help who pretty much has the same problem as you, and then seeing “edit: nvm, rooted”. Come on, if you got stuck and needed help, there are gong to be other people who got stuck by the same thing, leave a hint! You obviously were desperate enough to take the time to make a post about it in hopes someone would take the time to help, now you are in the position to help!

Learning is hard.

If you do things that are too easy, you don’t learn. If you do things that are too hard, you don’t learn. The optimal spot is being frustrated and confused, because then it means you are dealing with the unfamiliar and you are learning something, but not being too frustrated or too confused, because then it’s not close enough to what you do know for you to make the jump and acquire new knowledge. Learning is a skill, you are going to end up on the wrong side of optimal a lot, don’t get mad at yourself or upset. Being frustrated is part of the process, as is making mistakes. Every mistake isn’t a sign of you sucking or being dumb, it’s a sign of you learning something. So don’t be afraid or let your ego get in the way, your failures and mistakes and frustrations are what propel you forward!