Want to pass OSCP from scratch? This step-by-step guide covers everything—from basics to labs—to help you master ethical hacking and ace the OSCP exam!
What is OSCP?
OSCP is a penetration testing certification offered by Offensive Security. It requires candidates to complete a 24-hour hands-on exam, where they must compromise multiple machines and submit a detailed report. The exam tests your ability to think critically, apply hacking methodologies, and work under pressure.
Prerequisites for OSCP
While there are no official prerequisites, having some background knowledge can be beneficial. You should have:
- Basic knowledge of Linux and Windows operating systems
- Familiarity with networking concepts (TCP/IP, ports, protocols)
- Basic programming/scripting skills (Python, Bash)
- Understanding of fundamental cybersecurity concepts
If you’re starting from scratch, don’t worry! Follow this structured roadmap to prepare for OSCP effectively.
Step 1: Build a Strong Foundation
Before diving into penetration testing, you need a solid understanding of basic cybersecurity and networking concepts.
Learn Networking and Linux Basics
- Networking: Study TCP/IP, subnetting, DNS, and VPNs.
- Recommended resources:
- “Networking Basics” by Cisco
- “CompTIA Network+” certification materials
- Recommended resources:
- Linux Fundamentals: Learn common Linux commands, file permissions, and scripting.
- Recommended resources:
- “The Linux Command Line” by William Shotts
- OverTheWire: Bandit (Linux challenges)
- Recommended resources:
Learn Programming for Pentesting
While programming isn’t mandatory, it helps in automation and exploit development. Focus on:
- Python for scripting and automation
- Bash for command-line efficiency
- Basic C and Assembly for exploit development
- Recommended resources:
- “Automate the Boring Stuff with Python”
- “Hacking: The Art of Exploitation” by Jon Erickson
- Recommended resources:
Step 2: Learn Ethical Hacking Fundamentals
Now that you have the basics down, start learning ethical hacking methodologies.
Familiarize Yourself with Ethical Hacking Concepts
Learn about:
- Footprinting and reconnaissance
- Scanning and enumeration
- Exploitation techniques
- Privilege escalation
- Post-exploitation
Hands-on Labs and Practice
- TryHackMe (Beginner-friendly cybersecurity training)
- Hack The Box (Intermediate to advanced labs)
- PentesterLab (Web and application security)
Start solving easy machines and gradually move to more complex ones.
Step 3: Master Penetration Testing Methodology
Now, it’s time to focus on penetration testing techniques and tools.
Familiarize Yourself with Pentesting Tools
Some essential tools you need to master:
- Nmap – Network scanning
- Burp Suite – Web application testing
- Metasploit – Exploitation framework
- John the Ripper – Password cracking
- Wireshark – Network analysis
- Gobuster/Dirb – Directory brute-forcing
- Netcat – Networking and shell interactions
Practice using these tools in real-world scenarios.
Follow the OSCP-Like Approach
- Enumerate thoroughly before attempting an exploit.
- Try manual exploitation before using automated tools.
- Document every step to help with your exam report.
Also at the same time, I solved the HTB Boxes from TJNull List
https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview
Above is a list of those boxes, sorted based on severity & target OS (Windows or Linux).
Now start learning; aim to solve at least 1–2 boxes per day. For example, if you are learning Windows Privesc, side by side, get hands-on by solving Windows Boxes. Also made a write-up kind of notes for all the boxes I have solved for your personal reference and got the skill of solving & documenting at the same time. This is also VERY important, as in the future, if you encounter the same service in any other box, you can easily search through it and use the same commands and steps.
Focused on easy boxes of TJNull and once got comfortable, went to medium boxes and then hard boxes.
Step 4: Enroll in PWK and Start OSCP Labs
The Penetration Testing with Kali Linux (PWK) course is the official training for OSCP. When you enroll, you get access to:
- OSCP course materials
- 60+ hands-on penetration testing labs
- OSCP exam registration
How to Approach OSCP Labs?
- Start with easy machines and progress to harder ones.
- Follow a structured approach: Enumeration → Exploitation → Privilege Escalation.
- Take notes and document every step.
- Aim to complete at least 40-50 lab machines before taking the exam.
Step 5: Prepare for the OSCP Exam
The OSCP exam is a 24-hour challenge where you must:
- Hack into multiple machines
- Gain administrator/root privileges
- Submit a detailed report with proof of exploitation
Exam Tips:
- Manage your time wisely (start with the easier machines first)
- Enumerate thoroughly before jumping to exploits
- Take breaks to avoid burnout
- Keep a well-structured notes repository
Report Writing:
- Document every step, including commands used and screenshots
- Follow Offensive Security’s exam report template
- Make your report clear, concise, and professional
Final Thoughts
Preparing for OSCP from scratch may seem overwhelming, but with the right approach, anyone can do it. Build a strong foundation, practice consistently, and approach the exam with confidence. Remember, OSCP is not just about passing an exam—it’s about developing real-world penetration testing skills.
Bonus Resources
Good luck with your OSCP journey! Stay persistent and never stop learning.
Read More Blogs Here!