OSCP+ Preparation Guide: A Beginner-Friendly Step-by-Step Approach

The OSCP+ exam, offered by Offensive Security, is a 23-hour 45-minute practical test where you must identify and exploit vulnerabilities in a simulated network environment. You’ll need to compromise a set number of machines, gain root/admin access, and submit a detailed penetration testing report within 24 hours after the exam. Key updates in OSCP+ include:

• Active Directory (AD) Exploitation: A significant portion of the exam now focuses on AD environments, simulating real-world enterprise networks.
• No Guaranteed Buffer Overflow: Unlike the original OSCP, buffer overflow exploitation is not always included but remains a critical skill.
• 70-Point Passing Threshold: You need to score at least 70 points by compromising machines and completing lab exercises for bonus points.

The exam tests your skills in:

• Enumeration
• Vulnerability identification
• Exploitation
• Privilege escalation
• Post-exploitation
• Report writing

For beginners, the OSCP+ is challenging but achievable with structured preparation and dedication. Expect to spend 3–6 months preparing, depending on your prior experience.

Before diving into OSCP+ prep, ensure you have the following foundational knowledge:

• Basic Networking: Understand TCP/IP, OSI model, subnets, and common protocols (HTTP, FTP, SMB, etc.). CompTIA Network+ is a great starting point.
• Linux Fundamentals: Familiarity with Linux commands, file systems, and scripting (Bash or Python). If new to Linux, start with OverTheWire Bandit challenges.
• Basic Security Concepts: Knowledge of vulnerabilities, exploits, and security principles (e.g., CompTIA Security+ or equivalent).
• Programming Basics: Basic scripting in Python or Bash for automating tasks or modifying exploits.
• Time Commitment: Be prepared to dedicate 10–20 hours per week for 3–6 months.

If you’re a complete beginner, don’t worry! The resources and steps below will guide you through building these skills.

Goal: Establish a baseline understanding of networking, Linux, and security concepts.

• Learn Networking Basics:
• Study the OSI model, TCP/IP, and common ports/services (e.g., 80 for HTTP, 445 for SMB).
• Resource: TCM Security’s Practical Ethical Hacking (PEH) course or CompTIA Network+ study materials.
• Get Comfortable with Linux:
• Learn basic commands (ls, cd, cat, grep, etc.) and file system navigation.
• Practice on OverTheWire Bandit (free) to build Linux terminal skills.
• Understand Security Fundamentals:
• Study common vulnerabilities (e.g., SQL injection, XSS, privilege escalation).
• Resource: Read Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.

Time: 2–4 weeks for beginners.

Goal: Set up and master Kali Linux, the primary pentesting OS for OSCP+.

• Set Up Kali Linux:
• Install Kali Linux on a virtual machine (VM) using VirtualBox or VMware.
• Resource: Official Kali Linux documentation (https://www.kali.org/docs/).
• Learn Key Tools:
• Familiarize yourself with tools like Nmap, Metasploit, Burp Suite, and Nikto.
• Practice basic commands (e.g., nmap -sS -p- <IP> for port scanning).
• Create a Lab Environment:
• Set up vulnerable VMs like Metasploitable or VulnHub machines to practice.

Time: 1–2 weeks.

Goal: Build proficiency in core pentesting skills.

• Enumeration:
• Learn to scan and gather information using Nmap, Enum4linux, and SMBclient.
• Resource: HackTricks (https://book.hacktricks.xyz/) for enumeration checklists.
• Web Application Attacks:
• Study SQL injection, XSS, and file inclusion vulnerabilities.
• Resource: PortSwigger Web Security Academy (free SQLi and XSS modules).
• Privilege Escalation:
• Learn Linux and Windows privilege escalation techniques (e.g., misconfigured permissions, kernel exploits).
• Resources:
• Tib3rius’ Linux Privilege Escalation for OSCP & Beyond (https://tib3rius.com/).
• Tib3rius’ Windows Privilege Escalation for OSCP & Beyond.
• Password Cracking:
• Practice cracking passwords with John the Ripper or Hashcat.
• Resource: TryHackMe’s Password Cracking room.

Time: 4–6 weeks.

Goal: Gain hands-on experience with vulnerable machines.

• TryHackMe (THM):
• Start with beginner-friendly rooms like “Intro to Offensive Security” and “Web Fundamentals.”
• Progress to OSCP-like rooms (e.g., Blue, Red Team Fundamentals).
• Cost: Free tier available; consider a $10/month subscription for full access.
• Hack The Box (HTB):
• Focus on TJ Null’s OSCP-like machine list (https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/).
• Start with Easy boxes, then move to Medium. Avoid Insane boxes for OSCP+ prep.
• Cost: Free for retired machines; VIP subscription ($12/month) for active machines.
• VulnHub:
• Practice on OSCP-like VMs like Brainpan, Kioptrix, and Pwnlab.
• Cost: Free.
• Proving Grounds (PG) Practice:
• Use OffSec’s PG Practice for OSCP-specific machines.
• Cost: $19/month or bundled with PEN-200.

Tips:

• Solve 20–30 Easy/Medium boxes on HTB or THM.
• Watch IppSec’s HTB walkthroughs (https://ippsec.rocks/) to understand the “why” behind each step.
• Take detailed notes for every machine (commands, outputs, screenshots).

Time: 6–8 weeks.

Goal: Complete the Penetration Testing with Kali Linux (PEN-200) course.

• Enroll in PEN-200:
• Purchase the course (includes 30/60/90 days of lab access; 60 days recommended for beginners).
• Cost: Starts at ~$1,499 for 30 days (check https://x.ai/grok for pricing).
• Study the Course Material:
• Read the 850-page PDF and watch the 17+ hours of video content.
• Take clear, concise notes using a tool like Notion or CherryTree.
• Complete Lab Exercises:
• Aim to compromise at least 10 lab machines to earn 10 bonus exam points.
• Focus on enumeration, exploitation, and privilege escalation.
• Practice in the Lab:
• Attack the 70+ virtual machines in the OffSec lab network.
• Document every step for practice in report writing.

Time: 8–12 weeks (depending on lab access duration).

Goal: Master AD-specific skills, a major OSCP+ component.

• Learn AD Basics:
• Understand AD components (domains, users, groups, Kerberos).
• Resource: TCM Security’s Practical Ethical Hacking course (AD section).
• Practice AD Attacks:
• Learn techniques like Kerberoasting, ASREPRoast, and pass-the-hash.
• Use tools like BloodHound, Impacket, and PowerView.
• Resource: HackTricks AD section (https://book.hacktricks.xyz/windows/active-directory-methodology).
• Practice Platforms:
• TryHackMe’s Active Directory rooms (e.g., “Attacktive Directory”).
• HTB’s AD-focused machines (e.g., Forest, Active).
• PG Practice AD sets.

Time: 2–4 weeks.

Goal: Learn to write clear, professional penetration test reports.

• Understand Requirements:
• Reports must include detailed steps, commands, outputs, and screenshots.
• Follow OffSec’s report template (available in PEN-200 course).
• Practice Writing:
• Write reports for every machine you compromise in HTB, THM, or PG Practice.
• Use Noraj’s OSCP Report Template (https://github.com/noraj/OSCP-Report-Template).
• Tips:
• Be concise but thorough; ensure a non-technical reader can follow.
• Include CVE numbers, CVSS scores, and mitigation recommendations.

Time: Ongoing during lab practice.

Goal: Prepare for the 24-hour exam format.

• Mock Exams:
• Use PG Practice’s OSCP-A, OSCP-B, and OSCP-C sets as mock exams.
• Limit yourself to 24 hours per set to simulate exam conditions.
• Time Management:
• Allocate ~4–6 hours per machine; move on if stuck after 2 hours.
• Practice taking breaks to stay fresh.
• Environment Setup:
• Set up a Kali VM with all tools configured.
• Back up your VM and notes before the exam.

Time: 2–3 weeks.

Goal: Fine-tune your skills and mindset for exam day.

• Review Notes:
• Organize notes into checklists for enumeration, exploitation, and privilege escalation.
• Practice Time Management:
• Simulate exam conditions by working on 5–6 machines in 24 hours.
• Exam Day Tips:
• Rest Well: Get 7–8 hours of sleep the night before.
• Set Up Early: Test your VPN, proctoring software, and tools in advance.
• Stay Calm: If stuck, take a 10-minute break and enumerate again.
• Document Everything: Take screenshots and notes during the exam for the report.
• Avoid Forbidden Tools: Stick to allowed tools like Nmap, Burp Suite Free, and msfvenom (check OffSec’s Exam Guide: https://help.offsec.com/hc/en-us/articles/360008126631).

Time: 1–2 weeks.

• HackTricks: Comprehensive pentesting cheatsheets (https://book.hacktricks.xyz/).
• GTFOBins: Unix binary exploitation guide (https://gtfobins.github.io/).
• PortSwigger Web Security Academy: Free web app security labs (https://portswigger.net/web-security).
• OverTheWire Bandit: Linux basics (https://overthewire.org/wargames/bandit/).
• IppSec Walkthroughs: HTB video tutorials (https://ippsec.rocks/).
• 0xdf Walkthroughs: Detailed write-ups (https://0xdf.gitlab.io/).
• TJ Null’s OSCP-like Machine List: Curated HTB/VulnHub machines (https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/).
• Exploit-DB: Public exploits (https://www.exploit-db.com/).
• Verylazytech OSCP Resources: GitHub collection (https://github.com/verylazytech/OSCP-Resources).

• TryHackMe: Beginner-friendly platform ($10/month).
• Hack The Box: OSCP-like machines ($12/month for VIP).
• OffSec Proving Grounds Practice: OSCP-specific labs ($19/month).
• TCM Security Practical Ethical Hacking: Beginner-friendly course (~$30).
• Virtual Hacking Labs (VHL): OSCP-like lab environment ($99/month).
• PEN-200 Course: Official OSCP+ training (~$1,499 for 30 days).

• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.
• The Hacker Playbook 3: Practical pentesting guide.
• Red Team Field Manual: Command-line reference.

• Nmap: Port scanning.
• Metasploit: Exploitation framework (limited use allowed in exam).
• Burp Suite Free: Web app testing.
• BloodHound/Impacket: AD exploitation.
• LinPeas/WinPeas: Privilege escalation scripts.
• Chisel: Pivoting tool.

• Try Harder Mindset: Embrace failure as a learning opportunity. Research thoroughly when stuck (e.g., Google “service version exploit”).
• Take Notes: Use Notion, CherryTree, or Joplin to organize commands, exploits, and checklists.
• Stay Organized: Create checklists for enumeration, web attacks, and privilege escalation.
• Manage Stress: Take breaks, exercise, and get enough sleep to stay sharp.
• Join Communities: Engage with the OSCP Discord or Reddit communities for tips (no exam spoilers allowed).
• Avoid Over-Reliance on Tools: Focus on manual exploitation to build real skills.
• Learn from Write-Ups: After attempting a machine, read write-ups (e.g., 0xdf, IppSec) to understand alternative approaches.

Preparing for the OSCP+ is a challenging but rewarding journey that will transform you into a skilled penetration tester. By following this step-by-step guide, practicing consistently, and leveraging the recommended resources, you’ll be well-equipped to tackle the exam. Stay patient, keep learning, and embrace the “Try Harder” mindset. Good luck on your OSCP+ journey!

For unofficial support, join our Telegram channel https://t.me/+gU8v-_uVomg4OTE1. We provide remote assistance and write‑ups for machines and CTF challenges.