OSCE review

I have written an OSCP review and a SANS SEC660 review a few years ago. As time passes, I find these reviews harder and harder to write. Over the years, I have learnt on the job, through my own research and through such courses and CTFs. All this prior knowledge has made it very difficult for me to give an unbiased accurate review of the difficulty of the OSCE course. Nonetheless, I will give some tips on how best to prepare for the exam.

This cert proves mastery of advanced penetration testing skills. OSCEs have also demonstrated they can think laterally and perform under pressure.

Firstly, in Offensive Security's own words, this is an advanced penetration testing course, not a binary exploitation course. I made the mistake of focusing too much on the binary part of the course. Apart from the course material, I practiced on vulnserver, brainpan, Integard, pcmanftp, savant, simplewebserver and yplayer. My lack of preparation in the other aspects caused me quite a bit of suffering during the exam. I would advise you to spend some time working on other penetration testing skills such as enumeration, file transfer and privesc.

Many reviews out there suggest completing the SLAE course before attempting OSCE. As part of the SLAE course, candidates will need to submit 7 shellcode exercises in the form of a public blogpost. I did not want to pay for the SLAE course, therefore I simply searched for Student ID: SLAE-, read the exercise requirements and tried them out on my own. Some of the blogposts have very detailed explanation for the shellcode which helped me especially since I did not have access to the SLAE course material. Do note that the SLAE covers linux shellcoding while OSCE covers windows shellcoding. I would say that being able to write shellcode helped a lot during the exam. I was able to write my own shellcode instead of copy pasting shellcode from shell-storm and hoping that it works.

The first 12 hours of the exam was smooth sailing for me. I managed to complete the 2 smaller challenges and had partial credit for the 2 larger challenges. I was well ahead of schedule. However, unbeknown to me at that time, I was woefully unprepared for the penetration testing portion that would come next. After 5 hours sleep on the first night, I continued with the 2 larger challenges. I spent the next 14 hours alternating between the 2 challenges, barely making any progress. By now, I was starting to panic as I did not have enough points to pass. I finally had a breakthrough and solved 1 of the larger challenge after 31 hours in. I completed the final challenge 36 hours in. After spending 2 more hours double checking and taking extra screenshots, I called it a day and had a good sleep knowing that I fully solved all 4 challenges on my first exam attempt.

I submitted the report on a Friday morning and received confirmation that I passed on Monday morning. The confirmation was quick probably because I managed to fully complete all objectives. It would probably take longer if they have to work out partial credit.

Good luck!