Frequently Asked Questions


Are the subscriptions a must or is the labs from PEN-200 enough?

For the AD Section, PEN-200 mostly covers all the contents required to pass the OSCP Certification. These lab environments ( LOCAL, THM, HTB ) are totally up to your preference. If you are interested in completing the HTB Machines from TJNull's machine list, you would need an HTB Subscription which costs around 10/15 Pounds per month based on your preference.

Am I allowed to use Crackmapexec, Mimikatz, rustscan, and feroxbuster?

Yes, you are allowed to use modernized tools. The tools which I used during my exams are ffuf, feroxbuster, autorecon, and nikto some manually scripted tools. However, you are not allowed to use commercial tools such as Burpsuite Professional and Metasploit Profession, etc., More can be found here

Can I use OS other than Kali? like Parrot, Ubuntu, Arch, etc..?

NO, Connection to the labs is to be done using Kali Linux only.

What are the MSFTools I Can use?

Am I Allowed to use Metasploit in the exam?

Yes, But only once. I would suggest using Metasploit only when you find yourselves in a position where you cannot exploit the vulnerability manually. But you cannot use Metasploit for pivoting and stuffs like that

Do I need an Admin/root shell to get full marks?

No, You may not need an Administrator shell in the windows box for sure, But you must need either the following, source

How were you able to obtain students' scholarships?

Contact Ask them about the procedures and provide the documents they require.

Offensive Security does offer discounts to people in need. Individuals who are unemployed and not enrolled in post-secondary education may be eligible.

Can I try exploits like ZeroLogon / PwnKit?

Sure, you are not restricted by any means. Since they are public exploits

What tool did you use to take notes?

I have tried cherrynote, onenote, EverNote, Joplin, vscode, and obsidian. But obsidian seems to be my fit with its vast plugins and themes.

How long have you been preparing for the OSCP?

I have been passively preparing for almost 4 Years. And actively for 2 months.

How many machines have you completed?

I completed around 64machines from Hackthebox, 71 rooms from Tryhackme, and 27 machines from OSCP labs

These counts were upto the time when I took the OSCP examination

What machines would you suggest to complete in the OSCP lab environment?

I don't know much since I completed only 27 machines but In the public networks, there are 2 AD sets which I would recommend you to complete first. Also, make use of the offsec forums whenever you feel stuck.

What were the machines you did?

I just followed the Learning path by offsec. I did go through the machines in order. The learning path can be found here

What did you use for the exam report?

I used the default word template provided by offsec(here)

Can you show your obsidian graph?

Sure, here it is

Other blogs suggest going with TCM's ethical hacking course for Active Directory.

I really cant comment on that, cause I was not able to afford the course. I don't know what was in the course. I opted for openly available resources which helped me to pass the certification. The resources I have used are mentioned above


How was the proctoring experience?

I had no issues with that, the proctors have asked me to show them around the room and instructed me to remove any other electronic devices which were not in the use for examination ( cellphones )

How many breaks and how much time duration am I allowed to take during the exam?

It's Unlimited, you can take breaks whenever you want how long you want


My OSCP Labs subscription got over what would you suggest getting to know more about AD?

Learn the contents in the PWK Course materials, that's more than enough

How many machines did you get?

Like they said in the exam change, I got 3 standalone machines ( Windows, Linux, and BufferOverflow Machine) and an AD set (2 Clients and 1 Domain Controller )

Was the buffer overflow easy?

It's with ease difficulty if you follow the mentioned resource and understand it. However, exploiting buffer overflow will not provide you the shell as NT Authority \ root as it previously did. After successfully exploiting the buffer overflow the shell as the user will be obtained and you are still needed to perform privilege escalation

How do you know that the machine is Buffer Overflow?

When you logged into the exam panel, you will be provided with the summary of the machines which summarizes the machine details so you will know about the buffer overflow machine. You will also be provided with the RDP Connection to the development machine.

How long did you take to obtain the passing mark?

I managed to secure 70 points within 12 hours span.

How long do we get to complete the examination?

You will be allowed to access the exam machines for 23 hours and 45 minutes. And you will get another 24 hours from the end of your exam to submit your report

How can I obtain the extra 10 bonus points?

To obtain the bonus 10 points, you must complete the following and make a report of it

Did you obtain the extra 10 bonus points?

No, I did not complete the course exercise

Did you struggle anywhere in the exam?

Yeah, of course. The enumeration with good enumerating skills you can complete the exam with ease

Last updated