I am a 2nd year University student from Singapore Institute of Technology (SIT), majoring in Information Security. Prior to University, I graduated from Singapore Polytechnic with a Diploma in Information Security Management. This post will mention my experience with the new OSCP format, as well as some advice for the Active Directory portion.
From July 2021 to September 2021, I started active preparation by doing HackTheBox machines from the TJ Null’s list of OSCP-like boxes. Due to school, I paused my preparation and resumed 11 December, one day after my final examinations ended. I activated the PWK course on 10 December, and booked an examination for 15 Jan.
In total, I completed 70+ machines across HackTheBox, Proving Grounds and the PWK labs. Fun fact, I bought Proving Grounds a week before my examination and started grinding as many boxes as I could on that platform. For active directory practice, do see the last section.
These are the boxes (highlighted in bright green and yellow) that I completed from TJ Null’s list. The remaining are from the PWK labs 🙂
HackTheBox
Proving Grounds
I started my examination at 8am, and went in head first for the Active Directory set. As I did not do up a lab report, I required the 40 points to pass the examination. The AD set was similar to what is found in the PWK labs, and took me about 6 hours to finish. In hindsight, it could have been finished in 3 to 4 hours, but I dropped into a few rabbit holes along the way. Tbh, the AD set was the easiest amongst everything.
After finishing the AD set at 3pm, I made sure to grab all my screenshots before proceeding onto the remaining 60 point boxes. I did not get any BOF boxes.
From this point onwards, I had ZERO progress up till 12.30am in the morning. I was contemplating going to take a short nap, but told myself that I had a chance of passing if I did not sleep (a very good choice). At 1.00 am, I managed to break into one of the 20 point boxes. Privilege escalation was not tough, and I finished the box at 1.30am.
Now with 60 points in the bag, I needed just 10 more points to pass. The remaining two 20 pointers were tough as well, but I only continued working on the one that I was the most confident in. I took a short 5 minute break every hour, and watched the clock tick by from 2.00am, to 3.00am, to 4.00am…. and I finally clinched the passing point at 5.45am in the morning. Oh man, I don’t know how I can describe the extreme anxiety I felt when I watched the clock tick by from 2.00am to 5.45am. I almost contemplated breaking down several times, but never thought to gave up :). The reason why it took so long was because I dropped into MANY rabbit holes along the way, but was able to find the privilege escalation vector long before I even got an initial shell.
Privilege escalation was a breeze as well, and I scored my final flag at 6.30am, 1 hour and 15 minutes before my exam was due to end (80 points!). Happy root dance at this point. I used the remaining time to double-check all my screenshots, before heading to bed at 9.00am.
After submitting my report, I received the confirmation email from Offsec on 19th January!
For the new students seeking to tackle this format and are worried for the Active Directory portion, please do the active directory labs in the PWK labs. I cannot stress this enough. In my opinion and experience, the methodology used for the Active Directory machines on HackTheBox and Proving Grounds are quite different from the AD sets in the PWK labs.
The machines on HTB and PG are all standalone domain controllers, and always involve (from my personal experience) enumerating usernames and bruteforcing credentials. There is almost no pivoting required as you are working on a standalone domain controller.