OSCP Overview & Exam Strategy
Creating Your OSCP Study Plan
4 min read
A structured study plan dramatically improves your chances of passing. This lesson provides a framework for organizing your OSCP preparation.
Study Timeline Options
Option 1: Focused (3 Months)
For those with existing pentesting experience:
Month 1: Foundation
├── Week 1-2: PEN-200 course material (Chapters 1-10)
├── Week 3-4: PEN-200 course material (Chapters 11-20)
└── Practice: 10 easy/medium Proving Grounds boxes
Month 2: Deep Practice
├── Week 1-2: PEN-200 labs (minimum 30 machines)
├── Week 3-4: HTB/PG machines (focus on OSCP-like)
└── Practice: 20+ medium boxes
Month 3: Exam Simulation
├── Week 1-2: Complete remaining labs
├── Week 3: Full mock exams (TJ Null list)
└── Week 4: Light review, schedule exam
Option 2: Comprehensive (6 Months)
For those newer to penetration testing:
Month 1-2: Pre-work
├── Linux fundamentals (OverTheWire: Bandit)
├── Networking basics (TCP/IP, protocols)
├── Python/Bash scripting basics
└── TryHackMe beginner paths
Month 3-4: Course Material
├── Complete PEN-200 course (all chapters)
├── Take detailed notes
├── Complete all course exercises
└── Start easy lab machines
Month 5: Lab Practice
├── Minimum 50 lab machines
├── Focus on different attack vectors
├── Build methodology documentation
└── Practice report writing
Month 6: Exam Prep
├── Mock exams weekly
├── TJ Null machine list
├── Active Directory practice
└── Schedule and take exam
Daily Study Structure
A productive study day follows this pattern:
| Time Block | Activity | Focus |
|---|---|---|
| 30 min | Review notes | Reinforce previous learning |
| 90 min | Course material | New concepts and techniques |
| 120 min | Hands-on practice | Attack lab machines |
| 30 min | Documentation | Write up what you learned |
Consistency beats intensity. 3 hours daily is better than 12-hour weekend sessions.
Essential Practice Resources
Free Resources
| Resource | Focus Area | Difficulty |
|---|---|---|
| TryHackMe | Beginner fundamentals | Easy-Medium |
| HackTheBox Free Tier | General pentesting | Medium-Hard |
| OverTheWire | Linux/scripting | Easy-Medium |
| VulnHub | Offline practice | Varies |
Paid Resources (Recommended)
| Resource | Focus Area | Why It Helps |
|---|---|---|
| Proving Grounds Practice | OSCP-like machines | Made by OffSec |
| HackTheBox VIP | Retired machines | TJ Null OSCP list |
| PEN-200 Labs | Course integration | Required for exam prep |
The TJ Null Machine List
TJ Null maintains a curated list of OSCP-like machines. This is considered essential preparation:
Priority Order:
1. Proving Grounds Practice (Play + Practice)
└── ~60 OSCP-like machines
2. HackTheBox (requires VIP for retired)
└── ~50 OSCP-like machines
3. VulnHub
└── ~20 OSCP-like machines
Complete at minimum: 40-50 machines across these platforms before attempting the exam.
Building Your Methodology
Document everything in a personal playbook:
Enumeration Checklist:
□ Port scan (TCP all ports)
□ Service version detection
□ UDP top 20 ports
□ Web directory enumeration
□ Vulnerability scanning
For each service found:
□ Default credentials check
□ Version-specific exploits
□ Configuration weaknesses
□ Authentication bypass attempts
Note-Taking Systems
Choose a system that works for you:
| Tool | Pros | Cons |
|---|---|---|
| Cherry Tree | Hierarchical, exam-friendly | Linux only |
| Obsidian | Markdown, cross-platform | Learning curve |
| Notion | Rich features | Requires internet |
| OneNote | Simple, familiar | Limited code formatting |
Tracking Progress
Monitor your readiness with these milestones:
Ready for Exam Checklist:
□ Completed all PEN-200 course modules
□ Rooted 40+ lab/practice machines
□ Can enumerate a box in under 30 minutes
□ Can write a full report in under 3 hours
□ Completed 2+ mock exams (TJ Null selection)
□ Active Directory attack chain memorized
□ Buffer overflow methodology solid (if applicable)
Common Mistakes to Avoid
- Starting labs too early: Understand concepts before practicing
- Skipping documentation: Write-ups improve retention and exam prep
- Focusing only on exploitation: Enumeration is 80% of the work
- Ignoring Active Directory: It's 40% of your exam score
- No time management practice: Do timed mock exams
Next, we'll set up your practice lab environment. :::