Hello everyone,
I’ve just started with OSCP labs and have a quick question about the lab report
how detailed should my answers to the exercise questions be?
should I include screenshots or just simple answers will do?
Also, any tips on how to go through the lab material and what to focus on?
thanks
I didn’t submit my lab reports when I finished primarily because I didn’t realise that you required 10 (I think) - plus it is only worth 5 points. Recommendation if you are going to do it, it has to basically be a guide that someone else can reproduce so get into the habit of doing screen capture - the last think you need to do is complete the exam, get ready to write the report and find you have forgotten to capture an important piece of information.
While I failed the first attempt last month, one thing I did learn is to use screen capture software to video everything. Just in case you forget a screenshot, you can go back and grab it from the video. Also you can refresh on what you did in case your notes weren’t as detailed as they should have been.
Type your comment> @nebulousanchor said:
While I failed the first attempt last month, one thing I did learn is to use screen capture software to video everything. Just in case you forget a screenshot, you can go back and grab it from the video. Also you can refresh on what you did in case your notes weren’t as detailed as they should have been.
Which one would you recommend?
Thank you.
Type your comment> @nebulousanchor said:
While I failed the first attempt last month, one thing I did learn is to use screen capture software to video everything. Just in case you forget a screenshot, you can go back and grab it from the video. Also you can refresh on what you did in case your notes weren’t as detailed as they should have been.
Does video recording run smooth on vm? Or did you use one from your host to capture the vm?
I used OBS (https://obsproject.com/) from the Host. I suggest running a test ahead of time to get the capture resolution and frame-rate worked out to a clear picture that doesn’t slow down system response.
Hi mate!
I would believe OSCP lab report is important. It is because not only you could get additional 5 points but also it kinda forces you to do all the exercises which skills you need for the actual testing.
For the lab report, mine was about close to 200 pages since I tried to be very thorough on capturing all the screenshots and code that I wrote. I do believe Offensive Security folks would like to see if you really spend time to complete the all the lab exercises. So if you can provide as much as evidence you work hard on those exercises, they will be more than happy to give you the 5 points 
For the format-wise, I just used the OSCP standard report format as a baseline and work off from it.
For the screen capture, to be honest I don’t use it and unless u use a separate machine for web cam and another for actual testing, it might be laggy (unless u really have a good hardware :)) Just make sure to take all the screenshots. Taking screenshots and a good note is one of the most imperative skills when you become a pentester as well so just use OSCP lab as your practice hehe.
Lastly, I did see many of my friend who failed because of just “5 points” and regretting not doing lab report so I would say just do it if you want to kill OSCP at your first try
Type your comment> @JadeWolf said:
I didn’t submit my lab reports when I finished primarily because I didn’t realise that you required 10 (I think) - plus it is only worth 5 points. Recommendation if you are going to do it, it has to basically be a guide that someone else can reproduce so get into the habit of doing screen capture - the last think you need to do is complete the exam, get ready to write the report and find you have forgotten to capture an important piece of information.
I read that OSCP has 5 machines with points divided as follow:
I think 5 points could be the difference for passing and failing for me, especially since i hate windows privilege escalation.
thanks for your tip I will keep it in mind when writing the report
@nebulousanchor said:
While I failed the first attempt last month, one thing I did learn is to use screen capture software to video everything. Just in case you forget a screenshot, you can go back and grab it from the video. Also you can refresh on what you did in case your notes weren’t as detailed as they should have been.
was it a time managing issue or the machines difficulty?
@bigb0ss said:
Hi mate!I would believe OSCP lab report is important. It is because not only you could get additional 5 points but also it kinda forces you to do all the exercises which skills you need for the actual testing.
For the lab report, mine was about close to 200 pages since I tried to be very thorough on capturing all the screenshots and code that I wrote. I do believe Offensive Security folks would like to see if you really spend time to complete the all the lab exercises. So if you can provide as much as evidence you work hard on those exercises, they will be more than happy to give you the 5 points
For the format-wise, I just used the OSCP standard report format as a baseline and work off from it.
For the screen capture, to be honest I don’t use it and unless u use a separate machine for web cam and another for actual testing, it might be laggy (unless u really have a good hardware :)) Just make sure to take all the screenshots. Taking screenshots and a good note is one of the most imperative skills when you become a pentester as well so just use OSCP lab as your practice hehe.
Lastly, I did see many of my friend who failed because of just “5 points” and regretting not doing lab report so I would say just do it if you want to kill OSCP at your first try
wow 200 pages ! that makes me feel better about my answers to the exercise questions.
I will try to keep all my screenshots organized and write the lab report as I go.
Do you have any recommendation for the buffer overflow portion?
should I worry about linux buffer overflow or just focus on windows?
and thanks for your detailed comment
Ive got 8boxes in PWK so far. Still havent found a network key yet though. Im just doing cherrytree for now. Ill go back and take screencaps before my time is up.
PWK/OSCP is 100% worth every penny. I love it, but their webui’s look like theyre from 2000-and-late. You would think they would spend some time/money on how the control pannel and other UI would look/operate, but whatever. Im just here to pop boxes and chew doublebubble :3
Type your comment> @r0xas said:
@nebulousanchor said:
While I failed the first attempt last month, one thing I did learn is to use screen capture software to video everything. Just in case you forget a screenshot, you can go back and grab it from the video. Also you can refresh on what you did in case your notes weren’t as detailed as they should have been.was it a time managing issue or the machines difficulty?
Mostly time management, some lack of skill in one item. In particular attempt, the 2x 20’s and 25 were very similar in many ways on initial recon and base lining. So by night time it was easy to get confused, was I on X or X or X. Stupid me was trying 3 at once especially when brain wasn’t working at 2am. The BOF and 10 pointer were cake and done within the first 90 minutes, write-ups included.
Start time was also an issue. I thought starting at my normal work start time was a good thing. It actually wasn’t. So on 12 Feb I am doing it different. Starting at 10pm, I will pop the BOF and 10 pointer by midnight. Brain still working, but tired I’ll get some sleep until 5am my normal wake up time. Now I have a full normal workday until 9:45pm to get the other 3. Previously I start the other 3 around 11am so by the time I hit the hard stuff I was already towards the end of my normal day to day brain function.
Additionally, I will institute a 2 hour rule for myself. Work a box for 2 hours, take 10 to write notes if needed, 20 min break, switch box. Unless I just started a priv esc, then I will defer for 30 minutes to see where I get.