Hey guys,

He is my first post on my blog, as I promised myself, “if I get OSCP, I will create my blog and tell to the world that I succeeded,” and now I’m here 😎.

Well, here was my OSCP journey:

Learning / Training

First, I took the Learn One bundle because, as a student with a 10% discount, it’s pretty cool with the exam retake.

It took me about 2.5 months to complete the entire PEN-200 course and attached labs, dedicating 4-5 hours every day, 7/7 (I know, I took my time 😴).

After writing all my course notes in Notion, I decided to challenge myself on HackTheBox ProLabs.

I completed Dante and Offshore in 2 weeks, write-up to help when I got stuck for too long. I don’t really know if I learned something new there, but it definitely trained me in the AD environment.

After that, I was pretty much confident with AD setups, and my next step was to train on individual machines.

I gave myself one week to complete as many Proving Grounds Hard and Intermediate Machines as possible. I also dedicated two weeks to all challenge labs.

My exam strategy was simple:

  • +10 bonus points, obviously
  • AD set with the toolkit I created during my journey
  • Keep Metasploit for the individual machines

At this stage, I was completely confident that I would easily pwn the exam.

The failure

How to explain in words how this failure broke my mind.

I couldn’t even get a foothold on the AD set and I used Metasploit on MS01 🤡.

After hours without a break (something like 14 hours), I decided to go on individual machines and pwned one easily in an hour.
Without scanning other individual machines, I returned to the AD set because I knew that if I got the foothold, I could become Domain Admin quickly, but after 24 hours without sleep, I found nothing.

After spending several days thinking about the exam, I came to the conclusion that I had failed because: no fucking idea

Try Harder

Because of the Learn One program, I could retake the exam 4 weeks later, and I decided to try harder to achieve the certification.

But where can you train when you don’t understand why you’re failing?

After hours of scrolling on r/oscp and reading about people’s experiences, i found this video from Offsec

I don’t know about you guys, but personally, I’m a developer, and in the dev world, there are two types of code:

  • Beautiful code
  • Shit code

And I realized that in pen-testing, there’s something similar, and what I was doing was similar to shit code. I reworked my methodology with my own template to take notes during the exam and changed the way I looked at things: think more, act less.

My exam retake strategy this time was: focus on Windows to get 70 points and fuck Linux.

The Retake

I got a well-known Nightmare AD set, but I found it really simple when I followed this simple rule: think more, act less.

I got Domain Admin in 4 hours and pwned the 3 individual machines in 5 hours.

Finally wrote my report with SysReptor in 2 hours (only 22 pages 🤫).
I got the 110 points + report in 11 hours.

As many people said, it’s an enumeration exam. I can recommend the following tools which can help you during your journey:

  • feroxbuster
  • pspy
  • ligolo-ng
  • enum4linux-ng

Good luck with your OSCP guys, and remember, no matter how many tries you’ve already made,

Never Give Up

Buy me a coffee