Hexxed BitHeadz

OSCP, a year later

Aromak

It’s hard to believe that an entire year has flown by since I earned that beastly certification. Whether you’ve already secured your certification or are contemplating the journey, you might find my story intriguing—especially if all you’ve seen are those “OSCP zero to hero in X days!”. This article is your backstage pass to my unvarnished truth, revealing all the twists and turns that transformed my 90-180 day personal goal into a grueling two-year odyssey.

The Prelude

In the late stages of 2018, I earned my bachelor’s degree in Computer Science. By mid-2019, I’d conquered CompTIA’s A+, Network+, and Security+ certifications, ticking off those milestones with enthusiasm. It was during my first dive into entry-level penetration testing labs that I had found my true calling. Eagerly, I scoured the cybersecurity certification roadmap for guidance.

Certified Ethical Hacker (CEH)

We all know how Certified Ethical Hacker (CEH) is littered all over job descriptions, so in July 2019, I took the plunge and earned the certification. Armed with this new achievement, I set my sights on junior penetration testing positions. But, alas, I repeatedly hit a brick wall—”no OSCP, no experience”. Determined, I spent the next year juggling full-time job, part-time job, and part-time study, immersing myself in TJ Null’s OSCP prep resources.

Somewhere along the way, life took a detour—I took on a security software position as my wife and I prepared to welcome our first child while navigating the intricacies of buying our first home. More on that roller coaster later.

Enter OSCP

As the prospect of OSCP loomed, I scoured blogs and experiences shared by others who had ventured down this path. With just four months left before becoming a father, I embarked on the 60-day OSCP course and lab. My plan was straightforward: study relentlessly, apply the knowledge from C|EH, and pass the exam before my son’s arrival. How hard could it be? Well, that’s where I greatly miscalculated the gravity of the challenge.

As I cracked open that daunting 859-page book (I didn’t even need to look at the page count anymore), I felt a mental clock ticking away, a constant reminder of my self-imposed deadline. I set a goal to conquer the book in 30 days and allocate the next 30 days to the labs. The first half of the book breezed by, thanks to my prior experience with Linux OSes. But when I hit the halfway mark and the buffer overflows, the real struggle began. This section chewed up half of my 30-day book plan, and I knew I had to nail it because buffer overflow was a hefty 25-point challenge on the exam.

To make up for lost time, I skimmed through the Active Directory section, which wasn’t part of the exam then (though it is now a substantial component of the OSCP). I raced through the rest of the book, eagerly anticipating the lab environment.

The Lab Environment

Once I connected my attacker VM to the lab environment, I was greeted by a lineup of target boxes just waiting to be exploited. Yet, during my entire 30-day lab plan, I struggled to find the time and energy to dive deep into the insights the course offered. To make matters worse, it was the dead of winter, and a heavy snowstorm caused a massive water leak from the roof deck area into our office, forcing us to relocate our office area to the tiny guest room. The constant construction noise and distractions threw a huge wrench into my progress.

Our house looked like that scene in E.T. with all the plastic!  👽

I made a few attempts at the exam but failed each time. Then, in January 2021, our son was born, and my focus shifted to fatherhood.

The Mid-Journey Hurdles

From that point on, every bit of free time I could scrounge was dedicated to studying resources like HackTheBox and VulnHub. In mid-March, I decided to extend my lab access for 30 more days, cramming in as many lab boxes as possible. I took more shots at the exam but continued to fall short. Doubt started creeping in, and it felt like the universe was conspiring against me. That’s when I decided to take a step back and look for smaller, manageable steps forward. I discovered eLearnSecurity and the junior penetration tester certification (eJPT). Drawing on all the knowledge I had absorbed during my unconventional OSCP failures, I quickly earned the eJPT certification in June 2021. It was just what I needed to reignite my confidence.

The Turning Point – eCPPT and More

Emboldened by my success, I dove into the Certified Professional Penetration Tester (eCPPT) program and completed it in a month, earning the certification in July 2021. In the same month, six months into fatherhood, we decided to relocate for a new job opportunity, bidding farewell to our never-ending house repairs (HA!). Plus, I could finally let go of my part-time job.However, during the move, I made a rookie mistake—I scheduled an OSCP attempt before setting up internet in our new home. My new boss graciously offered me a room at the office to take the exam, but I faced VPN connectivity issues and blocked ports. It was a nightmare. Another failed attempt in the books.  Eventually, we settled into our new house, and I continued practicing for OSCP in various ways, including pursuing eLearnSecurity’s Web Penetration Tester (eWPT) certification, which I completed in December 2021.

A Fresh Start in 2022

Come February 2022, I purchased the Learn One program, giving myself an entire year to buckle down and conquer the OSCP challenge. I decided to start from scratch, abandoning my old OneNote notes in favor of Markdown language with Obsidian Notes. I began crafting my own methodologies for every situation, not just for OSCP labs but also for all the other penetration testing labs I encountered.  I was determined to succeed, and I knew every point mattered, so I committed to completing the lab exercises for those precious bonus points.  Slowly but surely, I began to see improvement. I found myself writing my own enumeration scripts and had a trusted set of tools for various scenarios. Feeling ready to try again, I scheduled the OSCP exam for June. But, in a comically absurd twist, I woke up to an email saying I had missed my exam—I had accidentally scheduled it for 2 am instead of 2 pm. At this point, all I could do was laugh at myself and look toward the next attempt after the mandatory 12-week cool-down period following my third failed try. 

Victory at Last

In late August, I faced the exam once more. This time, I breezed through the Active Directory section, rooted one box, took a break, rooted the second box, took another break, and rooted the third box. I knew I had the necessary points, but the exam wasn’t over until the report was submitted. I’ll confess, I reverted the boxes and meticulously followed my own notes and screenshots to ensure I hadn’t missed anything. I probably did it twice. On the first day, I wrapped up the reporting, promising myself a good night’s sleep and a final review in the morning before submission. But, to my surprise, I couldn’t stop thinking about it, couldn’t rest. So, instead of waiting, I reviewed the report one last time and submitted it immediately. It just, felt right.

The Sweet Victory

With growing confidence that I had finally conquered the beast, I waited anxiously for a few days before receiving the official news. On October 1st, 2022, I received the long-awaited email and digital certificate. Finally, after two years of relentless effort and more exam attempts than I could count on a single hand, I had achieved the title of “Offensive Security Certified Professional.” It took a while for reality to sink in—I’m writing this a year later, and it still feels like a surreal dream.

Life Beyond OSCP

OSCP became my eighth certification, but this accomplishment felt entirely different from the rest. Over the course of nearly two years, I had developed some unique study habits, and I felt the need for a cool-down session. I promptly updated my resume with my shiny new certification and, within a month, landed a full-fledged penetration testing role. With newfound downtime, I dove into a personal Python enumeration project called AMOS and contributed to our GitHub profile. I also seized the opportunity to earn the OSWP certification. If you’re already OSCP certified and reading this, thank you for joining me on this journey. Perhaps you can relate to some aspects of my story. If you’re aspiring to achieve the OSCP, I hope this narrative shed some light on the path to success, even when life throws hurdles in your way. Never give up on your goals, no matter what they may be.  My hope with sharing this article of my failures is to inspire and uplift those of us who maybe feel like that goal is just out of reach, and we start second guessing ourselves.  

One thing I’ve come to love about this career path is that we never stop learning. Eager to dive deeper into Active Directory, I’ve embarked on studying Red Team Operator I, which covers Cobalt Strike C2 and Active Directory. So far, it feels like a great follow-up to the OSCP.  My ultimate goal is to tackle the OSCE3 courses, but for now, I’m content soaking up self-study knowledge and supporting the Hexxed BitHeadz site. After all, the journey of a cybersecurity professional is an ever-evolving adventure, and I’m excited to see where it takes me next!