OSCP+ Preparation Guide: A Beginner-Friendly Step-by-Step Approach

The Offensive Security Certified Professional Plus (OSCP+) is a highly respected certification in the cybersecurity industry, designed to validate hands-on penetration testing skills. It’s an updated version of the OSCP, incorporating modern attack vectors like Active Directory (AD) exploitation while maintaining the core focus on practical, real-world pentesting. This guide is tailored for beginners, providing a clear, step-by-step roadmap to prepare for the OSCP+ exam, along with a comprehensive list of resources to help you succeed. Whether you're new to cybersecurity or have some experience, this guide will break down the preparation process into manageable steps, ensuring you build the skills and confidence needed to pass the OSCP+ exam in your first attempt. Let’s dive in!

Understanding the OSCP+ Exam

The OSCP+ exam, offered by Offensive Security, is a 23-hour 45-minute practical test where you must identify and exploit vulnerabilities in a simulated network environment. You’ll need to compromise a set number of machines, gain root/admin access, and submit a detailed penetration testing report within 24 hours after the exam. Key updates in OSCP+ include:

• Active Directory (AD) Exploitation: A significant portion of the exam now focuses on AD environments, simulating real-world enterprise networks.
• No Guaranteed Buffer Overflow: Unlike the original OSCP, buffer overflow exploitation is not always included but remains a critical skill.
• 70-Point Passing Threshold: You need to score at least 70 points by compromising machines and completing lab exercises for bonus points.

The exam tests your skills in:

• Enumeration
• Vulnerability identification
• Exploitation
• Privilege escalation
• Post-exploitation
• Report writing

For beginners, the OSCP+ is challenging but achievable with structured preparation and dedication. Expect to spend 3–6 months preparing, depending on your prior experience.

Prerequisites for OSCP+ Preparation

Before diving into OSCP+ prep, ensure you have the following foundational knowledge:

• Basic Networking: Understand TCP/IP, OSI model, subnets, and common protocols (HTTP, FTP, SMB, etc.). CompTIA Network+ is a great starting point.
• Linux Fundamentals: Familiarity with Linux commands, file systems, and scripting (Bash or Python). If new to Linux, start with OverTheWire Bandit challenges.
• Basic Security Concepts: Knowledge of vulnerabilities, exploits, and security principles (e.g., CompTIA Security+ or equivalent).
• Programming Basics: Basic scripting in Python or Bash for automating tasks or modifying exploits.
• Time Commitment: Be prepared to dedicate 10–20 hours per week for 3–6 months.

If you’re a complete beginner, don’t worry! The resources and steps below will guide you through building these skills.

Step-by-Step Preparation Plan

Step 1: Build a Strong Foundation

Goal: Establish a baseline understanding of networking, Linux, and security concepts.

• Learn Networking Basics:
• Study the OSI model, TCP/IP, and common ports/services (e.g., 80 for HTTP, 445 for SMB).
• Resource: TCM Security’s Practical Ethical Hacking (PEH) course or CompTIA Network+ study materials.
• Get Comfortable with Linux:
• Learn basic commands (ls, cd, cat, grep, etc.) and file system navigation.
• Practice on OverTheWire Bandit (free) to build Linux terminal skills.
• Understand Security Fundamentals:
• Study common vulnerabilities (e.g., SQL injection, XSS, privilege escalation).
• Resource: Read Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.

Time: 2–4 weeks for beginners.

Step 2: Get Comfortable with Kali Linux

Goal: Set up and master Kali Linux, the primary pentesting OS for OSCP+.

• Set Up Kali Linux:
• Install Kali Linux on a virtual machine (VM) using VirtualBox or VMware.
• Resource: Official Kali Linux documentation (https://www.kali.org/docs/).
• Learn Key Tools:
• Familiarize yourself with tools like Nmap, Metasploit, Burp Suite, and Nikto.
• Practice basic commands (e.g., nmap -sS -p- <IP> for port scanning).
• Create a Lab Environment:
• Set up vulnerable VMs like Metasploitable or VulnHub machines to practice.

Time: 1–2 weeks.

Step 3: Master Key Pentesting Concepts

Goal: Build proficiency in core pentesting skills.

• Enumeration:
• Learn to scan and gather information using Nmap, Enum4linux, and SMBclient.
• Resource: HackTricks (https://book.hacktricks.xyz/) for enumeration checklists.
• Web Application Attacks:
• Study SQL injection, XSS, and file inclusion vulnerabilities.
• Resource: PortSwigger Web Security Academy (free SQLi and XSS modules).
• Privilege Escalation:
• Learn Linux and Windows privilege escalation techniques (e.g., misconfigured permissions, kernel exploits).
• Resources:
• Tib3rius’ Linux Privilege Escalation for OSCP & Beyond (https://tib3rius.com/).
• Tib3rius’ Windows Privilege Escalation for OSCP & Beyond.
• Password Cracking:
• Practice cracking passwords with John the Ripper or Hashcat.
• Resource: TryHackMe’s Password Cracking room.

Time: 4–6 weeks.

Step 4: Practice on Virtual Labs and CTFs

Goal: Gain hands-on experience with vulnerable machines.

• TryHackMe (THM):
• Start with beginner-friendly rooms like “Intro to Offensive Security” and “Web Fundamentals.”
• Progress to OSCP-like rooms (e.g., Blue, Red Team Fundamentals).
• Cost: Free tier available; consider a $10/month subscription for full access.
• Hack The Box (HTB):
• Focus on TJ Null’s OSCP-like machine list (https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/).
• Start with Easy boxes, then move to Medium. Avoid Insane boxes for OSCP+ prep.
• Cost: Free for retired machines; VIP subscription ($12/month) for active machines.
• VulnHub:
• Practice on OSCP-like VMs like Brainpan, Kioptrix, and Pwnlab.
• Cost: Free.
• Proving Grounds (PG) Practice:
• Use OffSec’s PG Practice for OSCP-specific machines.
• Cost: $19/month or bundled with PEN-200.

Tips:

• Solve 20–30 Easy/Medium boxes on HTB or THM.
• Watch IppSec’s HTB walkthroughs (https://ippsec.rocks/) to understand the “why” behind each step.
• Take detailed notes for every machine (commands, outputs, screenshots).

Time: 6–8 weeks.

Step 5: Tackle OSCP+ Course Material

Goal: Complete the Penetration Testing with Kali Linux (PEN-200) course.

• Enroll in PEN-200:
• Purchase the course (includes 30/60/90 days of lab access; 60 days recommended for beginners).
• Cost: Starts at ~$1,499 for 30 days (check https://x.ai/grok for pricing).
• Study the Course Material:
• Read the 850-page PDF and watch the 17+ hours of video content.
• Take clear, concise notes using a tool like Notion or CherryTree.
• Complete Lab Exercises:
• Aim to compromise at least 10 lab machines to earn 10 bonus exam points.
• Focus on enumeration, exploitation, and privilege escalation.
• Practice in the Lab:
• Attack the 70+ virtual machines in the OffSec lab network.
• Document every step for practice in report writing.

Time: 8–12 weeks (depending on lab access duration).

Step 6: Focus on Active Directory Exploitation

Goal: Master AD-specific skills, a major OSCP+ component.

• Learn AD Basics:
• Understand AD components (domains, users, groups, Kerberos).
• Resource: TCM Security’s Practical Ethical Hacking course (AD section).
• Practice AD Attacks:
• Learn techniques like Kerberoasting, ASREPRoast, and pass-the-hash.
• Use tools like BloodHound, Impacket, and PowerView.
• Resource: HackTricks AD section (https://book.hacktricks.xyz/windows/active-directory-methodology).
• Practice Platforms:
• TryHackMe’s Active Directory rooms (e.g., “Attacktive Directory”).
• HTB’s AD-focused machines (e.g., Forest, Active).
• PG Practice AD sets.

Time: 2–4 weeks.

Step 7: Hone Reporting Skills

Goal: Learn to write clear, professional penetration test reports.

• Understand Requirements:
• Reports must include detailed steps, commands, outputs, and screenshots.
• Follow OffSec’s report template (available in PEN-200 course).
• Practice Writing:
• Write reports for every machine you compromise in HTB, THM, or PG Practice.
• Use Noraj’s OSCP Report Template (https://github.com/noraj/OSCP-Report-Template).
• Tips:
• Be concise but thorough; ensure a non-technical reader can follow.
• Include CVE numbers, CVSS scores, and mitigation recommendations.

Time: Ongoing during lab practice.

Step 8: Simulate the Exam Environment

Goal: Prepare for the 24-hour exam format.

• Mock Exams:
• Use PG Practice’s OSCP-A, OSCP-B, and OSCP-C sets as mock exams.
• Limit yourself to 24 hours per set to simulate exam conditions.
• Time Management:
• Allocate ~4–6 hours per machine; move on if stuck after 2 hours.
• Practice taking breaks to stay fresh.
• Environment Setup:
• Set up a Kali VM with all tools configured.
• Back up your VM and notes before the exam.

Time: 2–3 weeks.

Step 9: Final Prep and Exam Tips

Goal: Fine-tune your skills and mindset for exam day.

• Review Notes:
• Organize notes into checklists for enumeration, exploitation, and privilege escalation.
• Practice Time Management:
• Simulate exam conditions by working on 5–6 machines in 24 hours.
• Exam Day Tips:
• Rest Well: Get 7–8 hours of sleep the night before.
• Set Up Early: Test your VPN, proctoring software, and tools in advance.
• Stay Calm: If stuck, take a 10-minute break and enumerate again.
• Document Everything: Take screenshots and notes during the exam for the report.
• Avoid Forbidden Tools: Stick to allowed tools like Nmap, Burp Suite Free, and msfvenom (check OffSec’s Exam Guide: https://help.offsec.com/hc/en-us/articles/360008126631).

Time: 1–2 weeks.

Recommended Resources

Free Resources

• HackTricks: Comprehensive pentesting cheatsheets (https://book.hacktricks.xyz/).
• GTFOBins: Unix binary exploitation guide (https://gtfobins.github.io/).
• PortSwigger Web Security Academy: Free web app security labs (https://portswigger.net/web-security).
• OverTheWire Bandit: Linux basics (https://overthewire.org/wargames/bandit/).
• IppSec Walkthroughs: HTB video tutorials (https://ippsec.rocks/).
• 0xdf Walkthroughs: Detailed write-ups (https://0xdf.gitlab.io/).
• TJ Null’s OSCP-like Machine List: Curated HTB/VulnHub machines (https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/).
• Exploit-DB: Public exploits (https://www.exploit-db.com/).
• Verylazytech OSCP Resources: GitHub collection (https://github.com/verylazytech/OSCP-Resources).

Paid Resources

• TryHackMe: Beginner-friendly platform ($10/month).
• Hack The Box: OSCP-like machines ($12/month for VIP).
• OffSec Proving Grounds Practice: OSCP-specific labs ($19/month).
• TCM Security Practical Ethical Hacking: Beginner-friendly course (~$30).
• Virtual Hacking Labs (VHL): OSCP-like lab environment ($99/month).
• PEN-200 Course: Official OSCP+ training (~$1,499 for 30 days).

Books

• Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.
• The Hacker Playbook 3: Practical pentesting guide.
• Red Team Field Manual: Command-line reference.

Tools

• Nmap: Port scanning.
• Metasploit: Exploitation framework (limited use allowed in exam).
• Burp Suite Free: Web app testing.
• BloodHound/Impacket: AD exploitation.
• LinPeas/WinPeas: Privilege escalation scripts.
• Chisel: Pivoting tool.

Tips for Success

• Try Harder Mindset: Embrace failure as a learning opportunity. Research thoroughly when stuck (e.g., Google “service version exploit”).
• Take Notes: Use Notion, CherryTree, or Joplin to organize commands, exploits, and checklists.
• Stay Organized: Create checklists for enumeration, web attacks, and privilege escalation.
• Manage Stress: Take breaks, exercise, and get enough sleep to stay sharp.
• Join Communities: Engage with the OSCP Discord or Reddit communities for tips (no exam spoilers allowed).
• Avoid Over-Reliance on Tools: Focus on manual exploitation to build real skills.
• Learn from Write-Ups: After attempting a machine, read write-ups (e.g., 0xdf, IppSec) to understand alternative approaches.

Conclusion

Preparing for the OSCP+ is a challenging but rewarding journey that will transform you into a skilled penetration tester. By following this step-by-step guide, practicing consistently, and leveraging the recommended resources, you’ll be well-equipped to tackle the exam. Stay patient, keep learning, and embrace the “Try Harder” mindset. Good luck on your OSCP+ journey!

For unofficial support, join our Telegram channel https://t.me/+gU8v-_uVomg4OTE1. We provide remote assistance and write‑ups for machines and CTF challenges.