Failing the OSCP Challenge (again)

I headed into my second attempt at the OSCP exam feeling underprepared. Due to my work, I had been unable to give my exam preparation the full attention it deserves. I’m okay with that. Sometimes priorities have to shift. I approached this as a learning experience and an opportunity to apply some of what I learned during my first attempt.

What Went Well

  1. I got more flags! My first attempt, I was only able to get the flag on the buffer overflow exploit system. This time I was able to get the flag on the 10 point system as well. I also found a flag on a 20 point system but did a bad job of documenting it so I probably won’t get any partial credit. Overall, this outcome felt good because it showed that I’ve made progress even though I haven’t been able to focus on my exam preparation as much as I would like.
  2. I actually did all the things! After my first attempt, I was so wiped out from staying up for over 24 hours that I crashed hard and missed the reporting deadline. I was too tired to do the report so I never actually completed the process and never got a score. For this attempt, I took more frequent breaks throughout the exam although later in the night I admit I failed at that. I also got enough sleep to complete the report and submit it within the reporting window. I did not push it to the 24h mark as I did my first attempt.

What Could’ve Been Better

  1. Buffer overflow development took longer than necessary. I did bad character analysis multiple times because I was unsure I was using the right characters. The third time was the charm in this case but I could’ve saved significant time with better notes and/or exploit code templates.
  2. Documentation was insufficient. This is not just taking screenshots for every significant step, but also documenting commands! I tried to be diligent in my notetaking during the exam but undoubtedly I missed some commands. And of course, wouldn’t you know that SOMEHOW my bash history was woefully incomplete? It never seems to be complete enough in my experience and this was no exception. I might have messed up my own opportunity at partial credit for a flag I found by failing to get a screenshot of it. I felt that it didn’t meet the qualifications for full credit so I didn’t bother to take a screenshot. Later, I realized that if I had submitted the screenshot in my report, I probably would have had a better chance of getting partial credit. As I pasted the hash directly into the report, this lovely realization dawned on me.
  3. Time management broke down later in the exam. I didn’t stick to my break and focused work schedule for the entire exam. A detail I forgot from my first attempt was not being able to have my phone handy. I usually use a Pomodoro app on my mobile phone when working and switching to the unfamiliar Pomodoro app on my desktop interfered with my ability to manage my time optimally. I wasn’t able to customize to my liking and adjust things on the fly and didn’t feel like wasting valuable exam time figuring out how it worked. I managed pretty well during the day but as it became later in the evening, I noticed that I was taking fewer and fewer breaks–my ability to manage time was dwindling. It didn’t feel good. I would consistently get myself stuck in the headspace of “needing to finish this one thing” and neglect my need for a break until it was complete.

Improvements for My Next Attempt

  1. Create templates for each phase in buffer overflow exploit development. That way, I’m not wasting time hunting across my notes for commonly-used code snippets or generating well-known character blocks during the exam. It should be in my notes organized by development phase and ready to be used in an exploit script. I thought my exploit development notes were good but they could’ve been more well-organized.
  2. Use script or similar tooling for documenting Linux terminal commands. I need to use this stuff because bash history isn’t really sufficient for the level of detail I need.
  3. Take screenshots of things even if they aren’t perfect. Don’t forget that partial credit is a thing or that something seemingly insignificant might be the beginning of an epic chain of exploits!
  4. Stick to agreed upon break and focused work cycle cadence. I need to keep my time management in check–especially when I’m starting to get tired. I’m gonna learn how to use my desktop Pomodoro app!
  5. Do lots more hacking! I especially need to work on web vulns, vulnerability analysis (and how to not go down rabbit holes with vulnerabilities that end up not being exploitable), and my local privesc skills could probably use some work as well.

As you can see, I’ve got my work cut out for me! If you’re working toward your OSCP or just into offensive security, check out alexiasa/oscp-omnibus, a collection of OSCP-relevant resources I’ve been using!