Limited time: Get 2 months free with annual plan — Claim offer →
Certifications Tools Flashcards Career Paths Exam Guides Blog Pricing
Start for free
Home / Blog / cybersecurity
cybersecurity

How to Study for OSCP in 14 Days: The Two-Week Prep Plan

CT
Certsqill Team
Certification Expert
May 10, 2026
13 min read

How to Study for OSCP in 14 Days: The Two-Week Prep Plan

Direct answer

A 14-day OSCP study plan requires 6-8 hours daily, focusing 40% on penetration testing fundamentals, 30% on Active Directory attacks, and 30% on buffer overflows. Week 1 covers domain foundations with daily practice exams. Week 2 intensifies with timed simulations, weak area remediation, and final prep. This timeline works only for retakers or those with solid penetration testing experience.

Take practice exams on days 2, 4, and 6 of Week 1 to identify gaps early. Schedule full simulations on days 8, 11, and 13 to build exam endurance. Your final day should be pure review—no new material.

Is 14 days realistic for OSCP?

Honestly? Fourteen days is cutting it extremely close for OSCP. This certification demands hands-on exploitation skills that typically take months to develop. But it’s not impossible if you’re in the right situation.

The OSCP differs from theory-heavy certs like CISSP or Security+. You need to actually exploit vulnerable machines, chain attacks through Active Directory environments, and write functioning buffer overflow exploits. These are motor skills that require repetition.

If you’re attempting this timeline, you’re likely a retaker who knows the exam format but struggled with execution, or someone with significant penetration testing experience transitioning from another certification path. Complete beginners should not attempt this schedule—you’ll burn out and likely fail.

The math is straightforward: 14 days × 6-8 hours = 84-112 total study hours. Compare this to the typical 6-month preparation (400+ hours) most successful candidates invest. You’re banking on having 70% of the knowledge already locked in.

Who this plan works for

This accelerated OSCP study plan works for three specific candidate profiles:

Retake candidates who failed their first attempt but understand the exam structure. You’ve seen the lab environment, attempted the practical exam, and know your specific weak areas. You’re not learning OSCP concepts from scratch—you’re refining execution and filling knowledge gaps.

Experienced penetration testers transitioning from other certifications or hands-on roles. If you’ve been doing manual penetration testing professionally, exploiting web applications, and working with Active Directory environments, you have the foundational skills. You need to adapt your knowledge to OSCP’s specific methodology and tool requirements.

Security professionals with strong Linux/networking backgrounds who’ve been hands-on with exploitation frameworks. Maybe you’re coming from a red team role or have significant Metasploit experience. You understand the technical concepts but need to apply them within OSCP’s constraints.

This plan absolutely does not work for:

  • Complete cybersecurity beginners
  • Anyone without hands-on exploitation experience
  • Professionals from purely defensive security roles
  • Those who haven’t touched Kali Linux extensively

Be brutally honest about your background. Overestimating your readiness wastes time and money.

Week 1: Foundation and domain coverage

Week 1 establishes your baseline across all three OSCP domains while identifying critical knowledge gaps through daily practice testing. You’ll spend 40% of your time on penetration testing fundamentals, 30% on Active Directory attacks, and 30% on buffer overflows.

Daily structure for Week 1:

  • 3 hours: Primary domain study (rotating focus)
  • 2 hours: Secondary domain reinforcement
  • 1.5 hours: Practice exam or lab work
  • 30 minutes: Note review and gap analysis

Domain rotation schedule:

  • Days 1-2: Heavy penetration testing focus (web apps, enumeration, privilege escalation)
  • Days 3-4: Active Directory deep dive (lateral movement, credential harvesting)
  • Days 5-6: Buffer overflow intensive (stack overflows, exploit development)
  • Day 7: Integration day covering all domains

The critical insight for Week 1: Don’t try to master everything. You’re building a foundation solid enough to support Week 2’s intensive practice. Focus on understanding attack vectors, tool usage, and basic exploitation techniques within each domain.

Take detailed notes during this week. You’ll reference them constantly during Week 2’s practice sessions. Create a “quick reference” document for each domain covering common commands, exploitation steps, and troubleshooting approaches.

Week 1 day-by-day breakdown

Day 1: Penetration Testing Fundamentals

  • Morning (3 hours): Information gathering and enumeration techniques. Master Nmap, dirb, gobuster, and nikto. Practice on diverse target types.
  • Afternoon (2 hours): Web application testing basics. SQLi, XSS, and file inclusion vulnerabilities.
  • Evening (1.5 hours): First baseline practice exam to gauge current knowledge.

Day 2: Web Application Exploitation

  • Morning (3 hours): Advanced web exploitation. LFI/RFI, command injection, and file upload bypasses.
  • Afternoon (2 hours): Linux privilege escalation techniques. SUID binaries, sudo misconfigurations, kernel exploits.
  • Evening (1.5 hours): Second practice exam focusing on web vulnerabilities.

Day 3: Active Directory Fundamentals

  • Morning (3 hours): AD enumeration with BloodHound, PowerView, and manual techniques.
  • Afternoon (2 hours): Basic lateral movement. Pass-the-hash, pass-the-ticket attacks.
  • Evening (1.5 hours): Lab work practicing AD enumeration on vulnerable networks.

Day 4: Advanced Active Directory

  • Morning (3 hours): Credential harvesting with Mimikatz, DCSync, and Kerberoasting.
  • Afternoon (2 hours): Domain escalation techniques. Golden ticket attacks and persistence.
  • Evening (1.5 hours): Third practice exam emphasizing AD attack chains.

Day 5: Buffer Overflow Introduction

  • Morning (3 hours): Stack overflow fundamentals. Identify vulnerable functions, control EIP.
  • Afternoon (2 hours): Exploit development basics. Generate shellcode, identify bad characters.
  • Evening (1.5 hours): Practice with simple buffer overflow exercises.

Day 6: Advanced Buffer Overflows

  • Morning (3 hours): Bypass protection mechanisms. DEP/ASLR evasion, ROP chains.
  • Afternoon (2 hours): Complex exploit development scenarios.
  • Evening (1.5 hours): Fourth practice exam including buffer overflow challenges.

Day 7: Integration and Review

  • Morning (2 hours): Review Week 1 notes and identify top 3 weak areas.
  • Afternoon (2 hours): Practice combining techniques across domains.
  • Evening (2 hours): Plan Week 2 focus areas based on practice exam results.

Week 2: Practice, review, and refinement

Week 2 shifts from learning to performance optimization. You’ll spend 70% of your time on timed practice scenarios and 30% on targeted weak area remediation. This week builds the speed and confidence needed for exam success.

Daily structure for Week 2:

  • 4 hours: Full timed practice exams or multi-machine scenarios
  • 2 hours: Weak area focused study based on practice results
  • 1.5 hours: Review and refinement of successful attack vectors
  • 30 minutes: Mental preparation and strategy refinement

Practice exam intensity progression:

  • Days 8-9: Individual machine challenges focusing on specific domains
  • Days 10-11: Multi-machine scenarios simulating exam complexity
  • Days 12-13: Full 24-hour exam simulations with proper time management
  • Day 14: Light review and mental preparation

The key insight for Week 2: You’re no longer learning new concepts—you’re optimizing execution speed and building muscle memory. Every practice session should be timed and evaluated for efficiency.

Focus on developing consistent methodologies for each domain. Create repeatable processes for enumeration, exploitation, and post-exploitation that you can execute under pressure.

Track your performance metrics: time to initial compromise, time to privilege escalation, and success rate across different vulnerability types. Use this data to guide your daily weak area study.

Week 2 day-by-day breakdown

Day 8: Penetration Testing Speed Building

  • Morning (4 hours): Timed web application penetration tests. Focus on rapid enumeration to exploitation.
  • Afternoon (2 hours): Remediate any web application gaps discovered during morning practice.
  • Evening (1.5 hours): Review successful attack vectors and create quick reference cards.

Day 9: Active Directory Attack Chains

  • Morning (4 hours): Full Active Directory compromise scenarios. Practice chaining multiple attack vectors.
  • Afternoon (2 hours): Focus study on any AD techniques that caused delays during morning practice.
  • Evening (1.5 hours): Refine AD methodology and tool usage for maximum efficiency.

Day 10: Buffer Overflow Mastery

  • Morning (4 hours): Complex buffer overflow challenges with time pressure.
  • Afternoon (2 hours): Address any buffer overflow knowledge gaps or technique inefficiencies.
  • Evening (1.5 hours): Memorize common shellcode and bad character identification techniques.

Day 11: Multi-Domain Integration

  • Morning (4 hours): Practice scenarios requiring techniques from all three domains.
  • Afternoon (2 hours): Strengthen your weakest domain based on morning results.
  • Evening (1.5 hours): Develop contingency plans for common exam obstacles.

Day 12: Full Exam Simulation Day 1

  • Morning-Evening (8 hours): Complete 24-hour exam simulation with proper breaks and pacing.
  • Focus on time management, documentation, and maintaining performance under pressure.

Day 13: Full Exam Simulation Day 2

  • Morning-Evening (8 hours): Second complete exam simulation addressing Day 12 weaknesses.
  • Emphasize different attack vectors and backup exploitation techniques.

Day 14: Final Preparation

  • Morning (2 hours): Light review of quick reference materials and methodologies.
  • Afternoon (2 hours): Mental preparation, equipment check, and exam logistics review.
  • Evening: Rest and early sleep preparation for exam day.

The practice exam schedule for 14 days

Strategic practice exam timing separates successful 14-day preparations from failed attempts. Use Certsqill’s OSCP practice exams as your Week 1 and Week 2 checkpoints to measure progress and identify critical gaps.

Week 1 Practice Schedule:

  • Day 2: Baseline assessment (2 hours)
  • Day 4: Domain-specific focus exam (2 hours)
  • Day 6: Progress check across all domains (3 hours)

Week 2 Practice Schedule:

  • Day 8: Timed individual challenges (4 hours)
  • Day 11

: Timed multi-machine scenarios (4 hours)

  • Day 13: Final full-length simulation (8 hours)

Use practice exams diagnostically, not just for confidence building. After each session, analyze which attack vectors failed, what tools caused delays, and where your methodology broke down. This data drives your targeted study sessions.

Practice exam scoring and analysis: Track success rates by domain: web applications, Active Directory, and buffer overflows. If you’re scoring below 70% in any domain by Day 6, dedicate extra Week 2 time to that area.

Document time-to-compromise for each practice machine. Your goal: initial foothold within 45 minutes, privilege escalation within 90 minutes. These benchmarks ensure you’ll complete the real exam with time for documentation.

Practice realistic OSCP scenario questions on Certsqill — with AI Tutor explanations that show exactly why each answer is right or wrong.

Essential tools and lab setup for rapid preparation

Your 14-day timeline demands immediate access to properly configured tools and vulnerable lab environments. Don’t waste precious study hours troubleshooting setup issues or missing dependencies.

Core tool requirements:

  • Kali Linux VM with 4GB+ RAM allocation
  • VMware Workstation or VirtualBox with snapshot capabilities
  • Burp Suite Professional (essential for web application testing efficiency)
  • Custom wordlists for directory brute-forcing and password attacks
  • Metasploit framework with updated modules
  • BloodHound and SharpHound for Active Directory enumeration

Lab environment priorities: Set up VulnHub and Hack The Box access immediately. Focus on OSCP-like machines: VulnHub’s “OSCP-prep” series and HTB’s retired easy-to-medium Windows/Linux boxes. Avoid rabbit holes—stick to machines with clear exploitation paths.

Create isolated network segments for Active Directory practice. Use vulnerable Domain Controller VMs like BadBlood or GOAD (Game of Active Directory) for realistic attack chain practice. These environments simulate enterprise AD weaknesses without legal complications.

Buffer overflow practice setup: Install Immunity Debugger on Windows 7/10 VM. Download vulnerable applications: VulnServer, Easy File Sharing Web Server, and SLMail. These provide consistent buffer overflow practice without external dependencies.

Configure systematic note-taking from Day 1. Use CherryTree, Obsidian, or simple text files—whatever ensures rapid information retrieval during practice sessions. Your notes become your external memory during high-pressure scenarios.

Automation and scripting: Build enumeration automation scripts during Week 1. Create bash scripts for initial reconnaissance, PowerShell scripts for Windows enumeration, and Python scripts for exploit automation. This investment pays dividends during Week 2’s timed scenarios.

Common mistakes that kill 14-day study plans

Most accelerated OSCP attempts fail due to predictable planning errors and unrealistic expectations. Avoid these critical mistakes that derail intensive preparation schedules.

Mistake 1: Trying to learn everything from scratch The 14-day timeline assumes significant prior knowledge. If you’re googling “what is penetration testing” on Day 1, extend your timeline. You need foundational security knowledge before attempting this accelerated path.

Mistake 2: Skipping hands-on practice for theory consumption Reading about SQL injection differs completely from exploiting it under time pressure. Spend maximum time with hands-on keyboard, not watching tutorial videos or reading documentation. Theory knowledge without execution muscle memory fails under exam stress.

Mistake 3: Neglecting physical and mental preparation Fourteen days of 6-8 hour study sessions demands physical endurance. Maintain proper sleep, nutrition, and exercise routines. Mental fatigue kills technical performance—your brain needs recovery time to consolidate complex exploitation techniques.

Mistake 4: Perfectionism over progress Don’t spend three hours perfecting one buffer overflow when you should be practicing five different scenarios. The OSCP rewards breadth and speed over deep theoretical understanding. Master the common attack vectors before exploring edge cases.

Mistake 5: Ignoring time management practice Many candidates know the techniques but can’t execute them within exam time constraints. Every practice session should include time pressure. Use stopwatch timers, set completion deadlines, and simulate the anxiety of ticking clocks.

Mistake 6: Inadequate documentation practice The OSCP requires detailed penetration testing reports documenting your attack methodology. Practice technical writing during Week 2 scenarios. Screenshot everything, document command outputs, and explain exploitation steps as if teaching someone else.

Recovery strategies for each mistake: If you recognize these patterns by Week 1’s midpoint, adjust immediately. Extend your timeline if foundational knowledge is missing. Shift to hands-on practice if you’ve been consuming passive content. Build buffer days into your schedule for inevitable setbacks.

The key insight: recognizing these mistakes early allows course correction. Ignoring them until Week 2 guarantees failure.

FAQ

Q: Can I realistically pass OSCP with only 14 days of preparation?

A: It depends entirely on your background. This timeline works for retakers addressing specific knowledge gaps or experienced penetration testers adapting their skills to OSCP’s methodology. Complete beginners should plan for 3-6 months minimum. If you haven’t successfully compromised Windows and Linux systems manually, you’re not ready for this accelerated approach.

Q: Should I focus more on buffer overflows or Active Directory for the 14-day plan?

A: Active Directory attacks typically provide more exam points and appear in multiple scenarios. Allocate 35% of your time to AD, 35% to general penetration testing, and 30% to buffer overflows. However, buffer overflows are often the “easy points” that separate passing from failing candidates—don’t skip this domain entirely.

Q: What practice labs are essential for 14-day OSCP preparation?

A: Focus on VulnHub’s OSCP preparation VMs and Hack The Box retired machines tagged as OSCP-like. Specific recommendations: VulnHub’s Kioptrix series, HackTheBox’s Legacy, Blue, and Lame for buffer overflow practice. For Active Directory, use GOAD lab or Attacking Windows 2016 course labs. Avoid random CTF challenges that don’t match OSCP’s methodology.

Q: How many practice exams should I take during the 14-day period?

A: Take 6-7 practice exams total: 3 during Week 1 for gap identification and 3-4 during Week 2 for performance optimization. Each practice session should be timed and followed by detailed analysis. Focus on identifying why attacks failed, not just achieving success. The final practice exam should be a complete 24-hour simulation 2-3 days before your real exam.

Q: What should I do if I’m failing practice exams consistently during the first week?

A: If you’re scoring below 50% on Week 1 practice exams, seriously consider postponing your OSCP attempt. Failing multiple practice exams indicates insufficient foundational knowledge for the 14-day timeline. Use this data to identify specific weak domains and extend your preparation. It’s better to reschedule than fail the actual exam and face the retake process.