OSCP AD Set v4 and v5 are often grouped together, but once you start working through them, the differences become more noticeable. Both are built around Active Directory exploitation, yet the way you progress through each set can feel quite different. The structure, the pacing, and even how credentials are exposed all influence your approach.
In both versions, certain domain users—like a.betty, g.jarvis, u.gregory, and svc_mssql—tend to play important roles. They are not just part of the environment; they often act as key transition points that move you from initial access to deeper domain control.
Enumeration in OSCP AD Set v4
AD Set v4 usually follows a more predictable path. The process feels structured, and if you rely on solid enumeration, things begin to fall into place. Early on, you’ll likely come across users such as a.betty or g.jarvis through SMB shares, LDAP queries, or basic domain enumeration tools.
At first, these accounts may not stand out. They look like standard domain users. But once you start analyzing permissions, group memberships, or possible password reuse, their importance becomes clearer. One small detail—like access to a specific share or membership in a slightly unusual group—can open the door to lateral movement.
This is where v4 rewards patience. If you take the time to map relationships properly, the attack path becomes more visible. Skipping steps or rushing enumeration usually leads to confusion rather than progress.
Hidden Value of Users Like u.gregory – OSCP AD Set v4 and v5
Not every useful account looks important at first glance. u.gregory is a good example of this. In many cases, this type of user does not have obvious administrative privileges, which makes it easy to overlook.
However, the value often comes from indirect access. Nested group memberships, delegated permissions, or reused credentials can turn a seemingly low-privileged user into a critical pivot point. The key is context—understanding where that account fits within the domain rather than judging it in isolation.
Missing this kind of connection is one of the most common reasons people get stuck in AD Set v4.
AD Set v5 and Its Less Predictable Flow
OSCP AD Set v5 changes the dynamic. It’s less linear and a bit more unpredictable. While enumeration is still essential, the relationships between users and services are not always as clear.
You might identify svc_mssql early and assume it will lead directly to privilege escalation. Sometimes that’s true. Other times, it’s only one step in a longer chain that requires multiple pivots. This is where v5 can slow you down if you rely too heavily on patterns from v4.
Accounts like a.betty or g.jarvis may still appear, but their role is not always as obvious. You may have valid credentials but still need to figure out how to use them effectively within the environment.
Working with Service Accounts Like svc_mssql
Service accounts deserve special attention in both sets. svc_mssql is a common example, and it often signals potential opportunities—but not always in the same way.
In some scenarios, Kerberoasting might be the right approach. In others, the account may have direct access to a system where credentials are reused or stored insecurely. The important part is not to jump to conclusions too quickly.
Just because a service account looks promising doesn’t mean it will immediately lead to escalation. Testing different angles and verifying access is usually necessary.
Building the Right Mindset for OSCP AD Sets
What connects OSCP AD Set v4 and v5 is not just the technical aspect, but the mindset required to solve them. Enumeration is important, but interpretation is what really makes the difference.
Usernames like u.gregory, g.jarvis, or a.betty only become meaningful when you understand how they interact with the domain. The same account can be useless in one situation and critical in another.
In the end, success with OSCP AD Set v4 and v5 comes down to attention to detail. Small findings—like unexpected permissions, unusual access paths, or minor inconsistencies—often lead to the biggest breakthroughs.
Vendor: https://www.offsec.com/courses/pen-200/
Check our oscp services: https://cyberservices.store/certificates/oscp-service-list/
