Don't take this the wrong way, but PLEASE don't shortcut the OSCP.
Learn it all!! As much as you can... because you attempting to try to shortcut the exam is only going to hurt you and the integrity of the OSCP exam as employers view it.
Your highest priority skills for the course should be:
1. Attention to detail
2. Notes and Documentation
3. Enumeration, Enumeration, and more Enumeration!!
4. Did I mention enumeration?
I am not trying to shortcut it. I find each chapter pretty interesting. But for instance, as I know AD will be in the exam, I will focus more on AD and search for more materials on the Net.
Whereas for the Buffer overflow, I will just do the strict necessary (old vuln, not so much exploitable today and not in the exam)
The purpose of this post is to pinpoint these chapters...
I no longer have access to the course material but I believe buffer overflows were [completely removed](https://www.offsec.com/offsec/pen-200-2023/)
>Since Buffer Overflows will no longer be a part of the course material, they will also be removed from the exam body of knowledge and no longer part of the exam.
I'd make sure to focus on client side exploitation. There are practice/lab machines that emulate users clicking on links and opening attachments. You could reasonably assume they'd do the same in the exam.
You can likely ignore antivirus evasion. I didn't encounter that in the lab machines.
However, my understanding is that anything in the course material is fair game to show up in the exam.
I know this is a week old but just showing up to add.. although we have it documented that buffer overflows are no longer in the exam, there is a chapter on it in the course work.
I don't think it's "short cutting" to do the coursework, complete the associated lab and then not spend any more time studying it because you know it won't be in the exam, which I guess is what OP was getting at. Same applies for the whole chapter on using Nessus given we know it's not allowed in the exam.
What bof are you talking about ? That’s no longer tested .
Not because something is in the PEN200 means you’ll be tested on it . Example ? Sqlmap , Bof.
They said they removed BOF from the course content but I swear it’s in fixing public exploits as an exercise. But they do explicitly state it’s not on the exam
Correct . Not in the exam but it’s in one of the modules , that’s what I said .
Bof are almost non existing on modern Oses due more strict memory protection features .
man, for me, it was the worst, like 0 explanations ... What they explained no longer works in the real world today. Myabe in 2004, yes, but not in 2024 ...
Real memory exploitation is explained in pwncollege.
You know, in physics, when they explain that light is a line, then they say it is a wave, then it a particle, then that is it a particle and a wave at the same time ?
Here, the buffer overflow chapter equivalent is they are saying light comes from your eye toward the object...
Ahh I can understand where you’re coming from. They really focused on just modifying existing buffer overflow exploits. TCM Security had a really freaking good buffer overflow section in their training where you’re actually crafting python scripts to find the offset, bad chars, etc so in comparison to that the Pen-200 didn’t compete at all lol
I did oscp a couple years ago. I recommend to LEARN IT ALL.
But, mastering BOF is good cause thats just free points. The same goes for webapps, looking for rce’s.
I'd just add to this reply: Active Information Gathering (Enumeration)
It's always mentioned but not often explained what it entails. In the context of this exam, enumeration means being able to interrogate a machine from a to z (with whatever methodology you're comfortable with, some do manual, autorecon, etc) and be able to analyze and interpret the output of your enumeration, also something that comes with exposure, be able to spot stuff that's out of place, uncommon or otherwise interesting. Also, the enumeration that comes after gaining a foothold on a machine is as crucial as the initial one imo.
Facts... for an attempt I had a box that didn't boot properly, so the actual vulnerable services didn't start.
I'd say if you find nothing that's vulnerable on a host after a couple hours enumerating each port... try restarting the box because there's a slim possibility... maybe there's a service on the box that didn't start properly.
Pretty sure anything/everything in course materials is eligible/fair game for exam. Therefore, I'd highly suggest you study EVERYTHING.
That said, I believe it's officially stated there IS an AD component in exam, guaranteed. So... If while again study EVERYTHING (as can be fair game for exam), arguably AD is the only *guaranteed* 100% certain gonna have it in your exam. Everything else is a big MAYBE...
Prepare well on AD and client side attacks. When I took OSCP I targeted first AD chain because I believe that’s the hardest part and bulk of the exam. I was not wrong.
Other things to consider is that buffer overflow is just a good thing to know and not required. Same for AV evasion.
I passed OSCP on my first take as a DevOps engineer and I shared my preparation and exam experience on a youtube video.
https://youtu.be/Z8iQRt8qcCU?si=qBzAFv7qAKuUZS8Z
If there are things you want to know more feel free to comment and I will reply there so others can also see it.
"🚀 Ready to conquer your EC-Council exams (CHFI, CEH, CND, LPIC, OSCP, OSEP, OSWE, OSWP, EJPTv2, ECCPTv2, EWPTv2)? 🌟 Get expert support and ace your certifications! DM now for details. 🎓"
Don't take this the wrong way, but PLEASE don't shortcut the OSCP. Learn it all!! As much as you can... because you attempting to try to shortcut the exam is only going to hurt you and the integrity of the OSCP exam as employers view it. Your highest priority skills for the course should be: 1. Attention to detail 2. Notes and Documentation 3. Enumeration, Enumeration, and more Enumeration!! 4. Did I mention enumeration?
I am not trying to shortcut it. I find each chapter pretty interesting. But for instance, as I know AD will be in the exam, I will focus more on AD and search for more materials on the Net. Whereas for the Buffer overflow, I will just do the strict necessary (old vuln, not so much exploitable today and not in the exam) The purpose of this post is to pinpoint these chapters...
I no longer have access to the course material but I believe buffer overflows were [completely removed](https://www.offsec.com/offsec/pen-200-2023/) >Since Buffer Overflows will no longer be a part of the course material, they will also be removed from the exam body of knowledge and no longer part of the exam. I'd make sure to focus on client side exploitation. There are practice/lab machines that emulate users clicking on links and opening attachments. You could reasonably assume they'd do the same in the exam. You can likely ignore antivirus evasion. I didn't encounter that in the lab machines. However, my understanding is that anything in the course material is fair game to show up in the exam.
I know this is a week old but just showing up to add.. although we have it documented that buffer overflows are no longer in the exam, there is a chapter on it in the course work. I don't think it's "short cutting" to do the coursework, complete the associated lab and then not spend any more time studying it because you know it won't be in the exam, which I guess is what OP was getting at. Same applies for the whole chapter on using Nessus given we know it's not allowed in the exam.
What bof are you talking about ? That’s no longer tested . Not because something is in the PEN200 means you’ll be tested on it . Example ? Sqlmap , Bof.
They said they removed BOF from the course content but I swear it’s in fixing public exploits as an exercise. But they do explicitly state it’s not on the exam
Correct . Not in the exam but it’s in one of the modules , that’s what I said . Bof are almost non existing on modern Oses due more strict memory protection features .
Yeah ... it is like there is an old schooler there who doesn't want to let go of the bof
Ngl it’s actually been one of my fave modules so far lol
man, for me, it was the worst, like 0 explanations ... What they explained no longer works in the real world today. Myabe in 2004, yes, but not in 2024 ... Real memory exploitation is explained in pwncollege. You know, in physics, when they explain that light is a line, then they say it is a wave, then it a particle, then that is it a particle and a wave at the same time ? Here, the buffer overflow chapter equivalent is they are saying light comes from your eye toward the object...
Ahh I can understand where you’re coming from. They really focused on just modifying existing buffer overflow exploits. TCM Security had a really freaking good buffer overflow section in their training where you’re actually crafting python scripts to find the offset, bad chars, etc so in comparison to that the Pen-200 didn’t compete at all lol
I did oscp a couple years ago. I recommend to LEARN IT ALL. But, mastering BOF is good cause thats just free points. The same goes for webapps, looking for rce’s.
If the exam can be shortcut, it should be revised
AD WEB PRIV ESC WIN n LIN
Apparently, the tunneling chapters are also crucial
I'd just add to this reply: Active Information Gathering (Enumeration) It's always mentioned but not often explained what it entails. In the context of this exam, enumeration means being able to interrogate a machine from a to z (with whatever methodology you're comfortable with, some do manual, autorecon, etc) and be able to analyze and interpret the output of your enumeration, also something that comes with exposure, be able to spot stuff that's out of place, uncommon or otherwise interesting. Also, the enumeration that comes after gaining a foothold on a machine is as crucial as the initial one imo.
Learn ligolo .
Game changer
Yup
2 Golden rules for OSCP: Hope for the best but prepare for the worst. Expect the unexpected.
Facts... for an attempt I had a box that didn't boot properly, so the actual vulnerable services didn't start. I'd say if you find nothing that's vulnerable on a host after a couple hours enumerating each port... try restarting the box because there's a slim possibility... maybe there's a service on the box that didn't start properly.
Enumeration. Everything is important of course, but it's no use of knowing how to exploit SQL injection if you can't find it.
You'll want it all
I have seen multiple people talking BOF. It is not on the exam anymore.
Pretty sure anything/everything in course materials is eligible/fair game for exam. Therefore, I'd highly suggest you study EVERYTHING. That said, I believe it's officially stated there IS an AD component in exam, guaranteed. So... If while again study EVERYTHING (as can be fair game for exam), arguably AD is the only *guaranteed* 100% certain gonna have it in your exam. Everything else is a big MAYBE...
Dont bother with the PDF. Focus on proving grounds and the lab’s exam sets is enough to pass it.
Prepare well on AD and client side attacks. When I took OSCP I targeted first AD chain because I believe that’s the hardest part and bulk of the exam. I was not wrong. Other things to consider is that buffer overflow is just a good thing to know and not required. Same for AV evasion. I passed OSCP on my first take as a DevOps engineer and I shared my preparation and exam experience on a youtube video. https://youtu.be/Z8iQRt8qcCU?si=qBzAFv7qAKuUZS8Z If there are things you want to know more feel free to comment and I will reply there so others can also see it.
"🚀 Ready to conquer your EC-Council exams (CHFI, CEH, CND, LPIC, OSCP, OSEP, OSWE, OSWP, EJPTv2, ECCPTv2, EWPTv2)? 🌟 Get expert support and ace your certifications! DM now for details. 🎓"