Hi guys
This is my first post in EH.net, although I have been a regular visitor for the past 6 months lurking on OSCP discussions. This forum has helped me immensely, in reading discussions by people who were in a similar situation as me, as well as from people who had got the certification and were giving tips and encouragement. So I had promised myself if I would get OSCP, I would definitely share my exp here, and hope it may help someone else.

My background: I have been working in IT sec for arround 9 years in SE Asia, as a C++ systems and Java programmer, then Web app Vuln Assessment, and now in security architecture review. So my background is IT security BUT no sys / network admin experience at all, and it was my biggest handicap in giving OSCP. My strength was the few years I had done web application VA, although VA is very different from a full fledged pen test in terms of skill and mind set.

OSCP labs: I will keep it very brief, because others have written a lot about it and I have nothing new to contribute here: its awesome, its great, there is nothing like it, you will be tortured like hell and you will love every moment of it etc. The gist of my lab experience was I rooted arround 25 machines, I took 3 months of lab time (the last month was an overkill though I was mentally too fatigued to do much). I tried to do the labs from 10 pm to 1 am every work night and as much as possible on weekends, not an easy thing when you are married with a 2 year old, so having a very understanding wife helps!

OSCP exam: Instead of the technical part of the exam, which we are not supposed to discuss anyways because of the NDA, I will focus on what I did right and wrong
- Mistake 1 : I took the exam at 10 pm on last Friday night. the plan was that I will have peace and quite while my kid is sleeping. I forgot I was not in 20 anymore, (am 32!) so the college days when I could do night outs and survive on coffee and redbull were long gone.
The result of this was: i got the exam at 10, the first 2 hours went by in a rush of adrenalin where I tried to do everything at once, the next 2 hours in a sense of dread where I realised nothing was working! And I was getting sleepier as the night progressed, by 5 am I had got no machines and I gave up for the time being and took a nap till 8.

- That was a good idea, as a lot of people have pointed out taking frequent breaks really helps. from 8 to 10.30 i got a box , gave the missus a high five and took a short nap, got another box by 1 pm.

- The rest of it was very tough going, and I have edited my previous entries so as not to give away too much info. Suffice to say I took the full 24 hours

- Big Mistake #2 i made here: Enumeration + info gathering, but let me explain before you say 'you did not know that already?!'. Info gathering has been highlighted here a lot and even on the offsec forums, after 'try harder' thats the 2nd most popular phrase used. I found out later that I did all the info gathering I could, more than enough infact, tons and tons of it. The Big mistake i did was not having the patience and the discipline to analyse each and every point and line of the info gathered, to see how it could be used in an attack. It really is a mindset that comes with experience I think, and it has made me aware of how much more I need to practise and learn before it becomes a natural thing.

So anyways, sent the report the next day and I was almost sure I would not pass, , I was not sure if what I had done would be enough. I think I was pretty borderline, I had already started sweet talking the missus for sacrificing another weekend for my second attempt,  but the results came in 2 days and yaaa, it was a pass!

It was a wild ride, i enjoyed every moment of it, and more than what I have learned, I am grateful to OSCP for making me realise what I do not know, and the gaps in my knowledge. Other certs are for HR to filter out your resume in that job hunt, and yes they are important, but OSCP is for yourself primarily. To those who are considering taking it, plan to manage your time for 2-3 months and take it, its a very worthy investment.

Thank you for the review, I think that will be helpful.

Thanks all!

Hi DragonGorge
I agree the requirements are ambiguos, because its very subjective, whats rudimentary to the offsec folks may not be to others. I shouldnot worry too much about the python knowledge though. I had very basic shell scripting and perl knowledge and 0 knowledge of python.
Although python is widely used, its not hard to understand. The videos are very well designed: when they do a python script for the first time they will explain all the syntax and what it does, for the next one if there is a new command being used they will explain that as well so learning as you go along is good enough i think.

one thing i find really good about the course is the buffer overflow part, it is well explained and documented and takes you through the process step by step, unlike other parts, but those you can figure out by yourself like you stated

anyway thanks for the writeup!

Thanks don, i will!

j0rdy, i totally agree, the oscp videos on buffer overflows has to be one of the best introductions to buffer overflows for newbies. it was explained so well that i have become addicted to it, i am now on grey-corner.blogspot.com tutorials and corelan.be tutorials, to prepare myself for osce later on because i have heard that osce is mostly about fuzzing and exploit development.