My Journey to OSCP

Written By Sam Lewis

Introduction

Obtaining the Offensive Security Certified Professional (OSCP) certification is no walk in the park. It's a challenging journey that demands not just technical prowess but also mental fortitude. In this blog post, I want to share my personal journey of conquering the OSCP, a journey filled with hurdles, setbacks, and ultimate triumph.

A Dream Deferred

My pursuit of the OSCP certification had been a long-standing aspiration. I had yearned for it for years, and finally, I took the plunge by purchasing the "Learn One" subscription from Offensive Security. Armed with a year’s worth of access to the materials, I was determined to immerse myself fully in the world of penetration testing with Kali Linux.

When I started this journey, I wasn’t a complete newcomer to the realm of hacking. I had dabbled in Kali Linux for a few years, engaged in Capture The Flag (CTF) challenges on platforms like TryHackMe and Hack The Box, and even taught myself how to crack WPA2 WiFi passwords and WEP keys. My fascination with pentesting had led me to experiment with Hak5 equipment and devour countless articles on the subject. However, I wasn’t a professional pentester; I was working as a cybersecurity consultant, primarily focused on governance, risk, and compliance.

The First Attempt

Ten months passed by, and my preparations had barely scratched the surface. I had taken my studies for granted and hadn’t invested the time and effort required. Panic set in as I scrambled to complete labs and exercises, with a looming expiration date for my exam. I rushed through the labs, generally seeking help from the OffSec forums, which, in hindsight, became more of a crutch than a resource.

Determination Rekindled

I was not one to give up easily. With renewed determination and a fresh subscription, I approached the OSCP materials with a humble attitude of "I don’t know anything; teach me everything." This time, I didn’t skim or skip sections. I absorbed every piece of information, ensuring I comprehended the material thoroughly. It was during this process that I discovered how much there was still to learn.

Triumph on the Second Attempt

Exam day arrived again, and this time, I was better prepared both mentally and technically. I began with the Active Directory set, determined to conquer it first. Within the first hour, I achieved an initial foothold, and within two hours, I had successfully escalated privileges. This time, I was making steady progress.

The Final Push

With renewed vigor, I tackled two out of the three remaining machines, rooted one after the nine-hour mark, and secured the necessary points to pass. I could have stopped there, but my determination urged me forward. I took another hour-long break to recharge, then resumed my efforts.

The Report Challenge

With 90 points secured, I knew I had passed. However, there was still one daunting task left—the report. This phase, with its meticulous documentation and clear explanations, made me nervous. I combed through my notes, screenshots, and findings, triple-checking every detail to ensure a flawless report.

New Horizons

Reflecting on this journey, I realized that achieving one goal only paves the way for new ones. I’m now enrolling in SANS courses and eagerly awaiting my next "Learn One" subscription renewal. The OSCP certification has not only expanded my knowledge but also opened doors to exciting new challenges and opportunities in the world of cybersecurity.

- Sam

Sam Lewis
Previous

Depreciated Walkthrough Proving Grounds