Achievements

My Journey to OSCP Certification: From Setbacks to Success

Gabriel Haab

3 min read
My Journey to OSCP Certification: From Setbacks to Success

Embarking on the journey to earn the Offensive Security Certified Professional (OSCP) certification was both the most challenging and rewarding experience of my cybersecurity career. Passing the exam with a score of 100 points on my second attempt was a proud moment, but the road to success wasn’t without obstacles.

The First Attempt: A Lesson in Time Management

When I sat for my first OSCP exam, I had spent countless hours preparing, including completing the PWK (Penetration Testing with Kali Linux) course and practicing extensively in labs like VulnHub, HackTheBox, Proving Grounds, etc. However, I failed to manage my time effectively during the exam.

For those unfamiliar, the OSCP exam is a 24-hour test that requires you to exploit vulnerabilities on several machines, each with varying degrees of difficulty. In my first attempt, I became consumed by the complexity of certain machines, spending hours chasing rabbit holes. Despite solving a few boxes, I ran out of time before I could accumulate the 70 points required to pass.

Looking back, I realized that my technical skills weren’t the problem—it was my lack of time management. I knew I needed a better strategy for my second attempt.

The Second Attempt: Mastering the Clock

Determined to improve, I took a step back to analyze my weaknesses. The most significant change I made was implementing a strict time management system during my second attempt.

I set a 30-minute timer for each vulnerability. If I couldn’t progress significantly during that window, I moved on to another machine or vulnerability. This approach allowed me to maintain momentum and revisit problems with fresh eyes. It also prevented me from wasting precious hours on one machine.

Here’s how I structured my time during the exam:

  1. Initial Reconnaissance: I allocated the first two hours to run thorough scans and document findings for all machines. Tools like nmap and enum4linux were invaluable here.
  2. Easy Wins First: I prioritized machines that seemed less complex, solving them quickly to secure points early in the exam. This boosted my confidence and ensured I had a solid foundation before tackling harder challenges.
  3. Efficient Note-Taking: I used tools like Obsidian to document every command and observation. This was essential for crafting the detailed exam report required to earn the certification. This was helpful not only for the exam, but the notetaking strategy has helped me countless times throughout my career. My brain was made to solve puzzles, not to store them.

What the OSCP Covers

The OSCP exam is not just a test of technical skills—it’s a comprehensive evaluation of your ability to think like a penetration tester. The exam covers:

  • Information Gathering: Techniques to identify open ports, services, and potential vulnerabilities.
  • Exploitation: Crafting and deploying exploits, from buffer overflows to web vulnerabilities.
  • Privilege Escalation: Elevating access on both Windows and Linux systems.
  • Post-Exploitation: Gaining persistence, harvesting credentials, and mapping internal networks.
  • Pivoting: Using compromised machines to reach deeper into the network.

The diversity of topics tested means you must have a solid understanding of a wide range of tools and techniques, as well as the ability to adapt quickly to unexpected challenges.

The Moment of Victory

My second attempt at the OSCP exam was a completely different experience. By adhering to my time management plan, I was able to methodically work through each machine. I solved enough challenges to surpass the passing score of 70 points, but I kept going. When the timer ran out, I had earned a total of 100 points!

Submitting the exam report was the final hurdle, but thanks to my detailed documentation, I was able to complete it with confidence. A few days later, I received the email confirming that I had passed. It was one of the most fulfilling moments of my professional life.

Key Takeaways

If you’re preparing for the OSCP, here are a few lessons from my journey:

  1. Master Time Management: Use a timer and stick to it. Don’t let one machine consume your entire exam.
  2. Practice, Practice, Practice: The OSCP labs are an invaluable resource. Spend as much time as you can on them, and attempt retired exam machines if possible.
  3. Document Everything: Keep detailed notes during your preparation and the exam. Your report is just as important as your technical skills.
  4. Stay Resilient: Failing on the first attempt doesn’t mean you can’t succeed. Learn from your mistakes, adjust your strategy, and try again.

The OSCP isn’t just a certification; it’s a transformative experience that tests your technical knowledge, problem-solving ability, and determination. For me, the journey was worth every late night, every moment of frustration, and every ounce of effort.