The World’s First OSCP+ Exam Review

Tunahan TEKEOGLU
10 min readNov 26, 2024

--

My Exam Certificate

Hello everyone! I’m Tunahan TEKEOGLU. After the articles I wrote about CEH and EWPTXv2 received much more attention than I expected, along with the 1337 messages I received through various social platforms, I realized that the whole community was eagerly awaiting this review. :D So, I decided to write a review before I forget my experiences with the exam.

I will try to convey this experience to you in a way that is both serious and entertaining. I truly believe that everyone who reads this article and takes the exam will write their own success story. Are you ready? If so, let’s get started.”

First of all, I want to share some thoughts about certifications.

Recently, I’ve been seeing that people are quite eager to evaluate others’ skills based solely on certifications, but I never believed this to be the right approach. In my professional experience as a Red Team Lead, I’ve seen incredibly talented and experienced individuals without any certifications, as well as people without any real-world experience managing to obtain so-called “difficult” certifications. Therefore, when you’re in a professional setting, what is truly expected of you is not just to show proof that you passed a certification exam, but rather to explain what you learned along the way and what value the certification journey has brought to you.

In fact, I was a bit disappointed with OffSec in recent years regarding this issue, as I didn’t think the OSCP certification exam reflected real-life scenarios all that well. However, after this latest update and taking the exam, my opinion genuinely changed. I understood what they were trying to convey through the exam: it’s not just a 24-hour challenge you prepare for over a certain period. Thus, I advise you not to focus solely on obtaining the certification, but rather on overcoming the mental and technical difficulties you encounter during the journey to earn it. Without dragging this on any longer, let’s get to the main topic, but first, we’ll do a quick security frisk for safety. :D

To start, let me briefly talk about the difficulty level of the exam for those who are just starting or considering taking it.

If you’re already working as a penetration tester for a company and frequently participate in both internal network and web application penetration tests, the exam likely won’t be too challenging for you technically. However, regardless of your background and experience, if you don’t do the necessary exam-specific preparations, you could be in real trouble. The duration of this preparation is directly related to your experience level.

If you are a beginner wanting to break into the cybersecurity industry, I recommend seeing this certification as a long journey. Walk the path while being aware of everything happening around you. Be as kind to yourself as possible, and enjoy the journey.

What is Offensive Security Certified Professional Plus (OSCP+)?

Offensive Security Certified Professional Plus (OSCP+) is an advanced certification exam designed to test your penetration testing skills in real-world scenarios. Unlike traditional exams, OSCP+ places you in a challenging environment where you must solve complex security challenges within 24 hours. This means you need to maintain both your technical knowledge and mental stability before and during the exam. The exam covers advanced techniques such as Network Enumeration, Vulnerability Scanning, Exploitation, Privilege Escalation, and Post-Exploitation. Additionally, it also assesses your ability to document your findings in a professional report.

OSCP+ Exam Information

  • Exam Name: Offensive Security Certified Professional Plus (OSCP+)
    Exam Infrastructure: Access to a real penetration testing simulation is provided via a VPN connection.
    Allowed Tools: Limited toolkit focused on manual skills, excludes automated exploitation tools and vulnerability scanners.
    Exam Duration:
  • Practical Part: 23 hours 45 minutes
  • Report Submission: 24 hours
    Passing Score: Minimum of 70 points.

Accessing the Guide:
The official OSCP Exam Guide is available directly on the Offensive Security website: https://help.offsec.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide-Newly-Updated. While access might require logging in with your Offensive Security account, it’s free to create one.

Guide Sections:

  • Requirements: Explains eligibility, prerequisites, and exam scheduling.
  • Preparation and Tips: Offers valuable advice on study methods, exam environment simulations, and mindset tips.
  • Exam Structure and Scoring: Details the exam format and scoring system.
  • Guidelines: Specifies allowed tools, documentation requirements, and conduct expectations.
  • After the Exam: Explains the report submission process and result notification timeline.

OSCP+ Exam Details

Exam Start
The exam begins with accessing the target systems through a portal provided by Offensive Security. In the first step, you need to connect to the exam environment using the provided VPN connection.

Accessing Target Systems
After retrieving the necessary information from the portal and establishing the VPN connection, you can easily access the target systems from your own machine, and the 23-hour and 45-minute scenario begins.

What’s Allowed During the Exam?
During the exam, you are allowed to research online if you get stuck at any point. It’s a good idea to refer to Offensive Security’s own website (https://help.offsec.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide-Newly-Updated) for information on prohibited tools and other guidelines.

No Room for Fear of Failure!
Some exploits or commands may not work on the first try, or you may make a simple mistake while typing a command. This is completely normal! In such cases, take a deep breath, review your steps, and, if truly necessary (the mistake is often in the command you wrote or the tool you chose), restart your machine. Just remember that you have a daily reboot limit.

Documentation Is Crucial
Throughout the exam, do not forget to document each step of vulnerability discovery and exploitation with screenshots. Getting caught up in the excitement of hacking and skipping this important step can cause issues at the end of the exam. No matter how successful you are in the practical part, you cannot pass the exam without writing a comprehensive and well-structured report!

What To Expect İn The Exam?

  • Report Writing
  • Information Gathering
  • Vulnerability Scanning
  • Common Web Application Attacks
  • SQL Injection Attacks
  • Client-Side Attacks
  • Location Public Exploits
  • Fixing Exploits
  • Antivirus Evasion
  • Password Attacks
  • Windows Privielge Escalation
  • Linux Privilege Escalation
  • Port Redirection and SSH Tunneling
  • Advanced Tunneling
  • Active Directory Introduction and Enumeration
  • Attacking Active Directory Authentication
  • Lateral Movement in Active Directory
  • Assembling the Pieces

Resources and Study Materials

As everyone reading this article already knows, there are dozens of resources that are said to be essential when preparing for this exam — some even say you shouldn’t attempt the exam without looking at them. In some cases, I think this can be quite confusing. To be honest, I only prepared for the exam using the resources provided by OffSec. The training materials, Challenge Lab, and the questions answered on the Discord channel were more than enough for me.

Without further ado (as the previous notes were too long and tiresome), let’s get to the most enjoyable part of the job, which I know you have all been waiting for :P.

How to pass the exam?

  • Panic Only Wastes Time.
This GIF might feel relatable during the exam.
  • Most of you probably haven’t had the chance to take such a serious exam before or buy such an expensive ticket (: so I understand if you get nervous or panic as the exam date approaches. During the exam, some tools may not work, exploits might fail, or progress might become difficult. This is completely normal. Take a deep breath, review your steps, and calmly try again. Panic only wastes time. Be as comfortable as if you were just working on Challenge Labs or HTB machines (but don’t get too comfortable and call your friend for help during the exam :D). This exam, or any other exam, is definitely not the end of the world — if you’ve put in enough effort, you will surely succeed.
  • Managing Your Exam Time Is Crucial!
    As I mentioned above, it is perfectly normal to encounter issues during the exam. Be kind to yourself—tell your proctor you’re taking a break to wash your face, take short walks, do some stretching exercises, get some fresh air, eat, etc. Remember, this exam is not only about your technical knowledge but also about your mental resilience.
  • Connect With Experienced Individuals
    Before the exam, you can talk to friends who have already passed it to understand the exam’s logic (feel free to add me to that list as well). Learning from their experiences provides a great advantage.
  • A Real Penetration Test Simulation
    This exam is a real penetration testing simulation. The goal is not always to find critical or high-severity vulnerabilities. Even a small vulnerability is valuable in improving the security level of an organization. Therefore, make sure to report every security flaw you find.
  • Study the OWASP Top 10
    Practice all the OWASP Top 10 vulnerabilities repeatedly in different environments and scenarios. Manually identifying and exploiting these vulnerabilities is one of the critical aspects of the exam.
  • Learn to Use the Tools in Advance
    The following tools can be incredibly useful throughout your career and during your OSCP+ journey. However, trying to learn them from scratch when you actually need them can be both stressful and a waste of time. Make sure to practice with these tools before you need to use them:
  • Ffuf
  • Dirbuster
  • PowerUp
  • BloodHound (Legacy and Community Edition only)
  • SharpHound
  • Rubeus
  • Mimikatz
  • winPEAS / linpeas
  • Chisel
  • Responder (Poisoning and spoofing are not allowed in the challenges or on the exam)
  • Netexec
  • Impacket
  • evil-winrm
  • It’s worth repeating — being familiar with these tools will help minimize the stress you might experience during the exam.
  • Do Your Research
    Everything you need is available on the internet. If you get stuck at some point, stay calm and keep researching. Often, the solution is closer than you think, but attempting to research these resources during the exam can be a waste of time and cause unnecessary stress. Therefore, bookmark or save anything you find useful in a place where you can easily access it during the exam.
  • Use Reporting Templates
    There are many ready-made reporting templates available online. What’s important is that your report is detailed, organized, and easy to understand. Support each vulnerability you find with documentation and add step-by-step explanations. Consider your report as an integral part of the exam.
  • Plan Your Preparation Well
    No matter how experienced you are, solving a few challenging scenarios before the exam will give you a significant advantage. This process will help you identify your weaknesses and be more prepared for the exam.
  • Read the OSCP Exam Guide Before the Exam!
    No matter how experienced or well-prepared you are, remember that you are participating in a challenge, and there are certain rules to it. Understanding and applying these rules as thoroughly as possible is one of the most critical aspects of passing the exam.
  • Bonus Tip: The Mistake That Nearly Cost Me My Exam
    Working as a Penetration Tester for many years with intense schedules might have pushed you to become faster over time, and this can sometimes cause you to overlook what needs to be done. Therefore, before finishing the exam, double-check that you’ve done everything correctly — you have enough time.

“I KNOW YOU’VE BEEN WAITING FOR MY FANTASTIC FINAL TRICK AGAIN :D”

Think Strategically During the Exam

During the exam, start with the basics before diving into complex methods, and proceed by analyzing the systems. View every problem you encounter as a “learning opportunity” and follow these steps:

  • Use information-gathering tools to better understand the target system.
  • Progress step-by-step by completing small objectives and developing a strategy.
  • Stay solution-focused; if one method doesn’t work, let it lead you to search for a new solution.
  • Don’t hesitate to apply things you know well but consider simple, just because you’re in the OSCP+ exam. Sometimes, the key to the biggest challenges is to think simply.

Don’t Forget to Take Breaks

Remember, the OSCP+ exam is a marathon. Sitting in front of a computer for two days straight can be physically and mentally exhausting. Therefore:

  • Take Short Breaks: Get up from your desk occasionally to refresh your mind and enhance your problem-solving abilities.
  • Move Around: Simple stretches or a short walk can boost your blood circulation and help you stay focused.
  • Don’t Forget to Eat and Stay Hydrated: To maintain your energy levels during the exam, consume light but filling snacks and drink plenty of water.

These simple precautions will help you think more clearly and reduce stress during the exam.

Develop Your Own Methodology

Every pentester has their own unique working style. During the exam, utilize the methods you have previously learned to develop a strategy that works best for you. Remember, creative thinking and trying different perspectives can sometimes solve even the most complex problems

Sharing Is Important

If this article has helped you and contributed to you earning your certification, feel free to tag me on your social media accounts or send me a message, but in any case, make sure to share it with me :). You can reach me on LinkedIn and Twitter.

Remember, I BELIEVE IN YOU!

👏 If you found this article helpful, don’t forget to share it with your friends and give it a clap!

Additional Content Request

This article focuses on the general structure and preparation process for the OSCP+ exam. If you’d like to read a detailed article about my personal experiences during the exam, feel free to mention it in the comments. Based on your interest, I would be happy to prepare a separate piece on this topic!

--

--

Tunahan TEKEOGLU
Tunahan TEKEOGLU

Written by Tunahan TEKEOGLU

Forensic Engineering Graduate, Senior Cyber Security Consultant. on all social media /tunahantekeoglu

Responses (3)