What to Study in the Last Week Before OSCP — Final Review Checklist
What to Study in the Last Week Before OSCP — Final Review Checklist
Seven days. That’s all you have left before sitting for one of the most challenging hands-on security certifications available. If you’re reading this, you’re either feeling confident and want to fine-tune your approach, or you’re panicking because your practice scores aren’t where they need to be.
Either way, this final week isn’t about cramming new material. It’s about strategic reinforcement, targeted practice, and mental preparation for a 23-hour and 45-minute marathon that will test everything you’ve learned.
I’ve coached hundreds of candidates through their final OSCP preparations, and the ones who succeed in this last week follow a specific, day-by-day approach. No generic study tips here — this is your tactical playbook for maximizing these critical seven days.
Direct answer
Your last week before OSCP should focus on three things: diagnostic practice exams to identify weak spots, targeted review of your lowest-scoring domains, and scenario-based strategy practice. You should aim for consistent 75%+ scores on full-length practice exams by day 4. If you’re scoring below 70% with seven days left, you need to consider postponing — but we’ll address that scenario specifically.
The key domains requiring final review are Penetration Testing with Kali Linux (40% of exam weight), Active Directory Attacks (30%), and Buffer Overflows and Exploit Development (30%). Your study time allocation should mirror these weightings, with extra emphasis on whichever domain shows the lowest practice scores.
What the last week before OSCP is actually for
Let me be brutally honest: if you don’t already have a solid foundation in penetration testing methodologies, Active Directory exploitation, and buffer overflow techniques, one week won’t save you. This final week serves three specific purposes:
Diagnostic assessment: Identifying exactly which subtopics within each domain need urgent attention. Maybe your Kali Linux enumeration is solid, but your privilege escalation techniques are inconsistent. Or perhaps you can execute buffer overflows perfectly in controlled environments but struggle with real-world exploitation scenarios.
Pattern recognition sharpening: OSCP questions often follow predictable patterns within each domain. This week is about recognizing those patterns faster and executing your response more efficiently under time pressure.
Mental conditioning: The OSCP exam is as much about endurance and stress management as technical knowledge. This week conditions you for the marathon ahead.
What this week is NOT for: Learning new concepts, diving into advanced topics you haven’t touched, or trying to become an expert in areas where you’re currently a beginner. Stick to reinforcing what you already know.
Day 7: Full diagnostic practice exam
Start your final week with a complete diagnostic assessment. Take a full-length OSCP practice exam under actual testing conditions — no interruptions, no reference materials beyond what’s allowed, and strict time limits.
Your target score for readiness is 75% or higher, with no single domain scoring below 70%. If you’re hitting these numbers consistently, you’re in good shape for the real exam.
Specific scoring breakdown you need:
- Penetration Testing with Kali Linux: 75%+ (this domain carries 40% weight)
- Active Directory Attacks: 70%+ (30% weight, but often the make-or-break section)
- Buffer Overflows and Exploit Development: 75%+ (30% weight, highly technical)
If your scores are below these targets:
- 65-74% overall: You can still pass with focused effort this week
- 55-64% overall: Consider postponing unless you can dedicate 8+ hours daily
- Below 55% overall: Postpone and extend your preparation period
Document every wrong answer with the specific subtopic and your reasoning for the incorrect choice. This becomes your targeted study list for days 5-6.
Take a full OSCP practice exam on Certsqill today and see exactly where you stand — this diagnostic is critical for planning your remaining time effectively.
Day 6: Target your weakest OSCP domains
Based on yesterday’s diagnostic, you now know exactly where to focus. Don’t spread yourself thin across all topics — laser focus on your lowest-scoring domain and the specific subtopics that cost you points.
If Penetration Testing with Kali Linux (40%) was your weakest:
- Review reconnaissance and enumeration methodologies
- Practice privilege escalation techniques on both Linux and Windows
- Drill web application vulnerability identification and exploitation
- Focus on network service enumeration and exploitation paths
If Active Directory Attacks (30%) was your weakest:
- Review Kerberoasting and ASREPRoasting techniques
- Practice lateral movement and domain privilege escalation
- Study PowerShell-based attack vectors and detection evasion
- Focus on credential harvesting and golden ticket attacks
If Buffer Overflows and Exploit Development (30%) was your weakest:
- Practice stack-based buffer overflow exploitation
- Review shellcode development and payload crafting
- Study DEP and ASLR bypass techniques
- Focus on exploit reliability and payload delivery methods
Spend 6-8 hours on hands-on practice in your weakest area. Use vulnerable machines and lab environments, not just reading material. OSCP rewards practical skills, not theoretical knowledge.
Day 5: Scenario-based question strategy review
OSCP questions aren’t straightforward knowledge checks — they’re scenario-based challenges that require you to apply multiple concepts in sequence. Today, practice the meta-skills of question analysis and attack chain planning.
Scenario analysis framework:
- Initial reconnaissance approach and tool selection
- Vulnerability identification and prioritization
- Exploitation sequence and payload selection
- Post-exploitation and persistence establishment
- Documentation and evidence collection
Common scenario types to practice:
- Multi-step web application attacks leading to system compromise
- Active Directory enumeration escalating to domain admin access
- Network segmentation bypass using pivot techniques
- Buffer overflow exploitation with custom shellcode requirements
Run through 15-20 scenario-based questions, focusing more on your problem-solving approach than getting every technical detail perfect. Time yourself — you need to complete initial analysis and begin exploitation within 10-15 minutes of reading each scenario.
Critical strategy points:
- Always enumerate before exploiting (even when the obvious vulnerability is apparent)
- Document your attack chain in real-time
- Have backup exploitation methods ready for each vulnerability type
- Practice transitioning between domains within single scenarios
Day 4: Second practice exam and wrong-answer analysis
Time for another full diagnostic, but this one serves a different purpose. You’re not just measuring improvement from Day 7 — you’re validating your test-taking stamina and identifying any persistent weak spots that survived your targeted review.
Target improvements from Day 7:
- Overall score increase of 10-15% if you were below 70%
- Elimination of any domain scoring below 65%
- Faster completion time with same accuracy levels
- More confident decision-making on complex scenarios
Wrong-answer analysis protocol: For each incorrect answer, document:
- The specific technical concept you missed
- Whether this was knowledge gap or application error
- The correct exploitation technique or approach
- Similar scenarios where this concept applies
Red flags that indicate you need more time:
- Same types of mistakes repeated from Day 7
- Overall score improvement less than 5%
- Taking longer to complete questions than Day 7
- Guessing on more than 20% of questions
If you’re seeing these red flags, seriously consider postponing. OSCP has no limit on retakes, but each attempt requires significant time and energy investment.
Day 3: OSCP-specific topic consolidation
Your final intensive study day focuses on the highest-yield topics that appear frequently across all three domains. These are the “force multipliers” — concepts that, once mastered, improve your performance across multiple question types.
Cross-domain critical topics:
- Linux and Windows privilege escalation techniques (applies to 70% of scenarios)
- PowerShell obfuscation and execution methods (critical for AD attacks)
- Web shell upload and payload delivery mechanisms
- Network reconnaissance and service enumeration methodology
- Post-exploitation persistence and evidence gathering
Penetration Testing with Kali Linux specifics:
- Metasploit framework advanced usage beyond basic exploits
- Custom payload generation for different target architectures
- Web application session manipulation and authentication bypass
- Network service exploitation with manual techniques
Active Directory Attacks specifics:
- BloodHound analysis and attack path identification
- Kerberos protocol exploitation beyond basic ticket attacks
- LDAP enumeration and privilege escalation vectors
- Cross-forest and cross-domain attack techniques
Buffer Overflow specifics:
- Exploit development workflow from crash to working payload
- Shellcode encoding and decoding techniques for payload restrictions
- Return-oriented programming (ROP) chain construction
- Exploit mitigation bypass strategies
Spend 4-5 hours on hands-on practice with these topics, then 2-3 hours reviewing your Day 4 wrong answers with fresh perspective.
Day 2: Light review and mental preparation
No new material today. This is about consolidation, confidence building, and mental preparation for the marathon ahead.
Technical review (2-3 hours maximum):
- Quick reference sheet creation for common commands and techniques
- Review of your documented wrong-answer patterns from practice exams
- Light practice with 10-15 individual questions (not full exam)
- Validation that your exam-day toolkit and methodology are ready
Mental preparation activities:
- Plan your exam-day schedule including breaks and meals
- Review the official exam policies and technical requirements
- Prepare your testing environment and eliminate potential distractions
- Practice stress-management techniques you’ll use during the exam
Practical exam preparation:
- Test your VPN connection and lab access if applicable
- Verify all required software and tools are properly configured
- Organize your reference materials and note-taking system
- Plan your physical workspace for 24-hour comfort
What NOT to do today:
- Full practice exams or intensive study sessions
- Learning new techniques or tools
- Major changes to your study approach or materials
- Staying up late or disrupting your sleep schedule
Day 1 (exam eve): What to do and what to avoid
Your goal today is maintaining confidence while staying sharp — not cramming or second-guessing your preparation.
Productive activities (2-3 hours total):
- Review your personal reference sheet and methodology notes
- Quick practice with 5-10 questions to maintain mental sharpness
- Final verification of exam-day logistics and technical setup
- Light review of topics where you’ve shown consistent improvement
Mental and physical preparation:
- Get adequate sleep (7-8 hours minimum)
- Eat regular, balanced meals
- Engage in light physical activity or stress relief
- Avoid anxiety-inducing conversations about the exam
Absolute prohibitions:
- No full practice exams or intensive study sessions
- No new study materials or last-minute topic additions
- No major changes to your planned exam approach
- No staying up late trying to
Exam day execution strategy
Your technical preparation means nothing if you can’t execute effectively during the actual 23-hour and 45-minute exam window. The candidates who pass OSCP don’t just know the material better — they manage their time, energy, and stress more strategically.
Time allocation framework for exam day:
Hours 0-3: Initial reconnaissance and easy wins Start with comprehensive enumeration across all target machines. Don’t dive deep into exploitation yet — map the entire attack surface first. Identify and complete the easiest compromises to build momentum and secure early points.
Hours 3-8: Primary exploitation phase Focus on your highest-confidence targets first. Complete full exploitation chains rather than partial compromises. Document everything in real-time — you’ll need this for your report.
Hours 8-12: Advanced techniques and difficult targets Tackle your most challenging targets when your mental energy is still high. This is when you’ll need those buffer overflow skills and advanced Active Directory techniques.
Hours 12-16: Persistence and pivot attempts Work on maintaining access and exploring lateral movement opportunities. Many candidates miss points by not fully exploring compromised networks.
Hours 16-20: Final exploitation attempts Last push for any remaining targets. Focus on technique variation — if your initial approach failed, try alternative exploitation methods.
Hours 20-24: Documentation and report preparation Complete your penetration test report. Many candidates underestimate this phase and lose points on inadequate documentation.
Break strategy that actually works:
- 15-minute breaks every 2 hours for the first 12 hours
- 30-minute meal breaks at hours 4, 8, and 16
- 1-hour rest break around hour 12 (this is crucial for maintaining performance)
- No breaks longer than 1 hour until documentation phase
Energy management techniques: Physical stamina directly impacts your technical performance during this marathon exam. Stay hydrated, eat protein-rich snacks regularly, and don’t rely on excessive caffeine. Many successful candidates do light stretching or brief walks during breaks to maintain focus.
Common last-week mistakes that cost exam points
After coaching hundreds of OSCP candidates, I’ve identified specific preparation mistakes that consistently lead to exam failure — even among technically strong candidates.
Mistake #1: Over-studying in the final 48 hours Cramming complex new material 1-2 days before the exam creates confusion and undermines your confidence in established techniques. Your brain needs consolidation time, not information overload.
Mistake #2: Neglecting the practical report requirements OSCP requires a comprehensive penetration test report, not just successful exploitations. Candidates who don’t practice report writing during their final week often lose 10-15 points on documentation quality.
Mistake #3: Ignoring backup exploitation methods Focusing exclusively on your preferred techniques (like always using Metasploit) creates single points of failure. The exam intentionally includes scenarios where common tools won’t work.
Mistake #4: Inadequate Active Directory chain practice Many candidates can perform individual AD attacks (Kerberoasting, lateral movement) but struggle with full compromise chains under time pressure. Practice realistic OSCP scenario questions on Certsqill — with AI Tutor explanations that show exactly why each answer is right or wrong.
Mistake #5: Poor time management validation Taking practice exams without strict time limits creates false confidence. If you can’t complete scenarios within realistic timeframes during practice, you won’t during the real exam.
Recovery strategies if you recognize these mistakes:
- Days 6-4: Focus on scenario chains rather than individual techniques
- Days 3-2: Practice alternative exploitation methods for each vulnerability type
- Day 1: Create backup plans for each major domain, don’t try to fix fundamental gaps
Post-exam reality check and immediate next steps
The OSCP exam ends, but your journey continues immediately. What you do in the 24 hours after your exam significantly impacts both your score and your preparation for potential retakes.
Immediate post-exam priorities (first 6 hours): Complete your penetration test report while the details are fresh. Don’t wait — your memory of exploitation steps, command outputs, and vulnerability details fades rapidly. Include all required screenshots and documentation even if you’re not confident about passing.
Score prediction framework:
- Successfully compromised 3+ machines with full documentation: Strong pass likelihood
- Compromised 2 machines with partial progress on others: Borderline, depends on point allocation
- Successfully compromised 1 machine: Likely fail, but complete documentation still matters
If you feel confident about passing: Document your successful techniques and approaches for future reference. Many OSCP holders pursue advanced certifications like OSEP or OSED, and your working methodology becomes valuable.
If you suspect you failed: Don’t panic or immediately schedule a retake. Wait for your official score report (typically 5-10 business days) before making decisions. The scoring algorithm considers partial credit and documentation quality — your intuition about failure might be wrong.
Retake decision framework:
- Failed by 5-10 points: Schedule retake within 30 days while knowledge is fresh
- Failed by 10-20 points: Take 60-90 days for targeted improvement on weak domains
- Failed by 20+ points: Consider longer preparation period with structured learning plan
Your OSCP journey doesn’t end with one exam attempt. Whether you pass or need to retake, the practical penetration testing skills you’ve developed have permanent value in your cybersecurity career.
FAQ
Q: I’m scoring 65-70% on practice exams with 3 days left. Should I postpone?
A: Don’t postpone yet. You’re in the “recoverable” range if you can dedicate focused effort to your weakest domain. Take another diagnostic practice exam after 2 days of targeted study. If you’re still below 70% overall or have any domain below 60%, then consider postponing. The OSCP fee is significant, but retaking costs the same as postponing.
Q: How many practice exams should I take in the final week?
A: Maximum of 3 full practice exams during your final week — Day 7 (diagnostic), Day 4 (progress check), and optionally Day 2 (confidence validation only if you’re scoring 75%+). More than 3 becomes counterproductive and creates mental fatigue. Focus on targeted review of wrong answers rather than additional full exams.
Q: What if I’m strong in two domains but weak in the third?
A: This is actually a good position if your weak domain isn’t Active Directory Attacks. You can pass OSCP by excelling in two domains and achieving minimum competency in the third. Spend 70% of your remaining time on the weak domain, but don’t completely neglect your strong areas. Practice cross-domain scenarios that combine your strengths.
Q: Should I learn new tools in the final week if I see them in practice questions?
A: No. Stick to tools you already know well. OSCP rewards deep knowledge of fundamental tools over superficial familiarity with many tools. If you encounter unfamiliar tools in practice questions, focus on understanding the underlying concepts and how to achieve the same results with your preferred tools.
Q: How do I know if my buffer overflow skills are exam-ready?
A: You should be able to develop a working exploit from initial crash discovery to reliable payload execution within 45-60 minutes. Practice with different architectures, payload restrictions, and bad character limitations. If you need more than 90 minutes or require significant hint-checking, focus your remaining time heavily on buffer overflow scenarios until you achieve consistent success.