Home My OSCP Journey
Post
Cancel

My OSCP Journey

Posted Oct 8, 2021 Updated Jul 6, 2022
By Man715
6 min read

My OSCP Journey

There are a lot of blog posts out there where people talk about their journey to getting the OSCP and I’d like to add my two cents. This is not going to be a how to pass the OSCP. This blog post may not even give you anything you can use to help you pass the OSCP. It is simply me discussing what I did and how I felt about the OSCP.

Why did I take the OSCP?

First of all, I would not have taken the OSCP if I had to pay for it out of pocket. I’m not saying one should not pay for it, but it was not something that I would have paid for. In my current role as a systems administrator and data security administrator, it does not have a direct impact on my job and offensive security was not the direction I was intending on going. So in short, I did not see a need for me to spend my money on, but my organization offered to pay for it, so I took it.

Now that I have went through the process, I am interested in moving to the offensive side of cybersecurity. With that in mind, I’m still not 100% sure I would have actually pay for it out of pocket but I’m happy that I have had the experience. One thing that I really liked about taking the course was the structure. Structure helps me keep a logical process of learning, and for me, that is very helpful. Another important aspect about the training was the practical side. Applying new knowledge in new ways is important for reinforcing learning. However, I feel like these experiences can be had using other resources that are cheaper and or free.

How long did the process take?

The quick answer here is that it took me a year to prep, take, and pass the exam. I had 90 days of lab access. My wife and I planned out a study schedule that would include 8 hours of study time during the work days and 11 or 12 hours during the weekends. This meant that I woke up at 5 am and went to bed around 11 pm every day of the week. This went on for the entire time I had access to the lab.

Even after all of that time spent studying and hacking, I was not comfortable with taking the exam after my lab access was completed. Since I was not feeling comfortable with taking the exam and every where I looked I heard stories of people failing on their first try, I decided that I was not going to take the exam. To make matters even worse, work was crazy stressful, I ended up losing my step-mother who raised me since I was 4, and I had a baby on the way. So, all signs pointed to not taking the exam. The exam seemed like a high stress and low yield event for me. I went through the course and the lab and gained a ton of knowledge but having the certificate was not really going to do anything for me. Oh and a little background on me: I have general anxiety disorder so I spend the most of my day anxious as hell anyway. All signs point towards not taking the exam. Not a single bone in my body thought I stood a chance and what’s the point if you know you are going to fail?

My rock… my lighthouse… my wife told me that I should take the exam. She argued that even if I didn’t pass, it would be a good learning experience. She, as usual, was right. I went this far I needed to go the distance. I needed to see this all the way through and she was right there behind me cheering me on. At this point we were pretty close to having our baby girl and so we decided that I would take the exam the very last weekend that I could before the exam expired. For the most part, the majority of that time was spent with my newborn with a little bit of hacking, reading, and studying as I could.

What was my exam experience?

The week leading up to the exam was stressful. I could not get my mind off the fact that there was no way I was prepared for this grueling exam. Many more people with much more experience in offensive security failed multiple times on this exam. My family and friends just kept reminding me that pass or fail its all about learning.

The day of the exam quickly arrived and I spent from 9 am to 5am hacking away at this exam. It took me 3 hours to get the buffer overflow (everyone I heard talk about it, said it should only take 30 min to an hour). I was demoralized from the start. A nagging voice in my head kept asking, “Why continue? You are already way behind.” I wanted to give up, throw in the towel and walk away. I could hear my niece in the other room with my father-in-law, brother-in-law, and wife and all I wanted to do was go hang out with them. So I stepped away from my computer, angry, frustrated, and low. But during my little break, I was curious as to if I could get into any of the other machines so I decided to keep on going.

I went through this cycle for the rest of the exam. On every box, every rabbit hole, I had to fight the urge to quit. I kept telling myself that this is over my head, too hard, too stressful. But every time I wanted to quit I took a short break and came back still stressed, still frustrated, but with more patience and curious as to what I was missing. That fight was the hardest part of the exam.

The entire OSCP process showed me that the hardest enemy to overcome sometimes is yourself. I think this is the most valuable lesson I took away from the OSCP exam and this is an important lesson.

So, What Now?

Now, I get on the hunt. After going through this entire process I have learned so much about hacking and so much more about myself. Although I feel a little burnt out, I’m excited to take a little break and find a role on the offensive side of security.

Resources Used

Studying Resources

Reference

Practicing

OSCP, Hacking
oscp hacking certification
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents