No, another cheat sheet is NOT the answer!

My claim: Most people who fail the OSCP exam do so for reasons other than a lack of technical knowledge.

As a team lead, I have seen several members of my team both pass and fail (sometimes several times) their OSCP exam. It’s shocking how the same mistakes keep ruining exams for candidates due to entirely unnecessary reasons.

Now, of course, the most obvious way to fail this exam is to not put in the work required to learn the various sections of the course. The answer to this is very simple and won’t be the focus of this article. Try harder.

But other than that, there are more subtle ways that can ruin your exam. A lot of people that take this exam do so on their own, or they don’t have team leads that can guide them through how to perform well on the exam.

If this sounds familiar, I made this to help you out.

Watch this article in video form on YouTube below:

Here is the list of things I will teach you. This is how you can avoid the common pitfalls and perform well on exam day.

Stress Management
Maintaining Concentration
Time Management
Documentation

Let’s go over them one by one.

Stress Management

Short breaks are essential to maintain your mental clarity and avoid burnout. Schedule breaks throughout the exam to decompress and prevent stress from building up.

This allows you to return with a clearer mindset and fresh perspective.

Simulate exam conditions. One of the best methods of avoiding stress during the exam, is making sure that it is not the first time you find yourself in such a situation.

Search for some LAB-boxes of any kind that are relevant to the exam. Then practice by giving yourself a time constraint to finish them.

This will get you accustomed to working for longer periods of time on a single challenge and getting used to time pressure.

Example: Choose two boxes, one with an AD challenge, one with a WEB challenge. Give yourself 8 hours to solve them both.

Prioritize easy wins. If you get a good start on the exam, it will be much easier to get into a good flow.

Start with simpler challenges to build confidence and secure points early in the exam. This reduces pressure and gives you a solid start.

Making yourself a checklist that includes “perform Nmap scans of all boxes” and crossing it off when it is finished, will help you feel like you are progressing and relieve some stress.

Preparation is key, and one of the best ways to avoid stress. Plan out how you will approach the boxes and the initial enumeration. A checklist of how you will enumerate AD, and so on. If you feel prepared, the chance of stress sneaking up on you will be less likely.

Whenever you feel like stress is building up, do one of two things: Take a break, or move on to another challenge.

From what I’ve seen, stress has been the most frequent cause of failing the exam. This means that focusing on this point is important. Especially if you have not been in similar situations before.

Maintaining Concentration

Stay hydrated and eat well. Your brain needs fuel to function optimally. Keep water and healthy snacks like nuts or fruits handy.

Minimize Distractions by creating a quiet and clean workspace. Also remember to turn off any notifications that may distract you.

Good structure. Break the exam into smaller tasks with dedicated time slots. This helps maintain a sense of control and focus on immediate goals rather than getting overwhelmed. Remember that your brain can’t multi-task. Running a scan in the background is fine, but hyper focusing on one task at a time is much more efficient than trying to find solutions to several problems simultaneously.

Manage your focus. Taking breaks at regular intervals helps maintain your concentration levels over the 24-hour exam period. Use these breaks to get some ear, food, hydrate, sleep, and reset your focus before getting back to the exam.

In addition to this, try not to do things much differently than you do in your everyday life. If you can wake up when you normally do, eat when you normally do, and maybe even work out when you normally do, this will give you a better chance of staying focused throughout the day.

Time Management

Use familiar tools! Don’t search for the “best screenshot tool” or the “best note-taking tool” right before the exam. This is not the correct time or place to improve your methodology or experiment with new tools.

Use a methodology you are already comfortable with, and stick to the tools you know. This will distract you the least from your enumeration and analysis process.

When I took the exam, I used the Windows Snipping Tool for screenshots (I still do), and I had one Notepad-window open for each target machine.

How good your tools are is almost a non-factor. Just use what requires as little brain power from you as possible. If your note-taking tool requires time and effort from you, you will just end up not taking notes during the exam.

Avoid rabbit holes by setting a time limit for each task. Allocate specific time blocks for each machine.

If you’re stuck on one machine for too long, move on to the next and come back later with a fresh perspective.

This prevents getting stuck on a single challenging target. You aren’t required to solve everything, so don’t work like you have to.

Don’t get caught up trying to exploit every anomaly or suspicious thing you find. When enumerating a machine, enumerate all ports/services first, write down what seems suspicious, and then work on the most likely path first.

Yes, port 22 comes before port 443, but that is not a good reason to be stuck on exploiting an old version of OpenSSH while the admin portal is accessible with admin:admin.

Take regular breaks. Breaks were mentioned in the previous sections as well, but it is important enough that I will mention it again.

This is probably the most important tip I’ll give you in this article, and it is also the one you are most likely to ignore. There will be times when your brain gets stuck in a loop, and 5 hours can easily pass without any progress.

Force yourself to take these breaks, even when you think you don’t need it. I would recommend setting an alarm to take breaks at least once every 2 hours.

During these breaks, do something else than thinking about the exam. Eat, take a powernap, or get some air. 24 Hours give you more than enough time to take loads of breaks.

Documentation

Document as you go by taking notes and screenshots of each step. When you do some progress, it is very easy to get excited and continue without taking notes. This will result in not having enough information to make the report in the end, which is the most frustrating and unnecessary way to fail the exam.

Make it a habit to take notes and screenshots for each step as you progress. This will save you a lot of time when preparing the final report.

This way you will ensure that you have the screenshots required to write the full report. This does not have to be implemented into the actual report template while doing the exam, but at least have it structured in a chronological order, and make separate notes on each target machine.

Use a structured template and prepare your documentation template beforehand. For me, I like to just take a massive number of screenshots, copy-paste a lot of the text, and just write small notes while taking the test. For other people, they have documentation templates that include sections for target information, vulnerabilities found, exploitation steps, and privilege escalation methods.

Again, with this it is essential that you stick with what you are used to. If you like to take notes in a similar way that I explained my methodology to be, trying to be super structured and organized during the exam will waste too much time for you.

You have 24 hours on writing your report, and you probably only need 4 to meet the requirements by OffSec. Make sure you document enough to remember your methodology and fulfill all report requirements, but you have more than enough time to write a beautiful report the day after.

Check Off Requirements, to make sure that you have everything you need. Whenever you finish a box, quickly go over the notes and screenshots you have taken to ensure that you have everything you need for your report. OffSec has very simple requirements for the report, but they are also very specific.

Ensure all necessary information and screenshots are included to avoid losing points due to incomplete documentation.

Again, failing because of a bad report is the absolute worst way to fail the exam.

Summary, your checklist to a well-executed exam

Passing the OSCP exam requires more than just technical knowledge. It demands special preparation for the effort required during the exam, and handling any stress that may arise as a result of being stuck.

Here is a quick checklist for a well-executed exam:

Take regular breaks
Perform practice-runs by simulating exam conditions
Prioritize easy wins to get into a good flow
Preparation is key to avoid stress
Stay hydrated and eat well
Minimize distractions
Outline a structure for the exam day
Manage your focus by taking breaks when necessary
Use familiar tools
Avoid rabbit holes by first getting an overview of the target
Then, choose the most likely attack path first
If you are stuck on one path for too long, move on, or take a break before continuing
Document as you go
Use a structured or simple template for documentation
Check that you fulfill all exam requirements after finishing a box

Remember, the exam is as much a test of your mental preparedness as it is of your technical skills. Keep calm, stay focused, and try harder!