OSCP: The Saga Begins

The Offensive Security Certified Professional certification exam, known more casually by its mysterious acronym ‘OSCP’, is the first major hurdle for many an aspiring ethical hacker or penetration tester. They say this exam is what separates the prepubescent from the significantly post-adolescent and such claims are hard to argue against. It was my own journey to reach this prize that inspired this post and hopefully will inform and ultimately inspire you to succeed.

So, invariably, any OSCP success story results in the questions “What were you doing before OSCP?” and “How long did you study/do the labs before the exam?” and “How much time did you devote to it every day?” so why not make that my starting point. Prior to pursuing this certification, I had been working for a while as an IT Engineer and held the CompTIA A+, Network+, and Security+ certifications. Prior to that I had done some vulnerability assessments and other non-technical security work as a freelancer. When I first realized that a career in penetration testing was what I wanted out of my professional life, it didn’t take long to come across Offensive Security and their infamous exams. At the time, around October 2018, I had very limited knowledge of the technical aspects of penetration testing. I could work my way around Linux; only just enough to run vulnerability assessments in Kali. Back then, the dream of becoming an OSCP seemed resigned to a distant, evasive future.

But then, it hit me.

If you want something badly enough, it’s always the right time to start.

Armed with that mindset, I took a leap and enrolled for the requisite “Penetration Testing with Kali Linux” course by Offensive Security which one must take in order to attempt the grueling OSCP exam. I signed up for the 60-day lab access period and as soon as my access was granted on January 12th 2019, I dove right in. In the month leading up to the lab access, I had already begun studying very intensively on my own with a whole slew of resources, many of which I will link at the end of this article, and thus felt eager and ready to get started on the labs right away. There is a school of thought that you should complete the PWK coursework before touching the labs, and I do see some merit in that, but I found it just as beneficial to jump in the deep end and start learning the hard way while following along in the coursework and referencing where needed.

After about a month in the labs, I really wasn’t satisfied with my progress. I could certainly tell I was learning and improving all the time, but I kept getting frustratingly stuck and bounced around between several machines without any real progress. By this point, I was still intimidated by the “big 4” machines that you may have heard of and did little more than scan them a bit.

A couple of weeks into the second month, though, everything changed. I broke free of the many mental blocks that I had come to realize were the result of too much thinking and not enough confidence. Once I allowed myself to relax and question things in a more open-minded way, I started making rapid and tangible progress, ultimately leading to compromising every machine in the lab. This was just one of the many lessons the PWK labs taught me along the way and in my opinion is what offers the greatest value of the course for those willing to embrace it. With just over a week of lab time to go, I scheduled my exam attempt in March of 2019. I was nervous, no doubt, but also thrilled to see if I could prove to myself that the victory was worth the cost to get there.

On average, I ended up spending 8-10 hours every single day of the week in the labs and with my head buried in the course material and other resources. Now, I’m gonna take a moment here to give a shout out to my amazing girlfriend who pushed herself to the max that entire time, day in and day out, so that I could do what needed to be done. This would have been so much harder without her support.

The exam kicked off at 4 AM local time on test day and away I went. In order to pass the exam, the OSCP candidate has to obtain a minimum of 70 points which are distributed among five different virtual machines in their exam lab and 24 hours with which to do it. By about the 8-hour mark, I had root privileges on three machines and a local shell on another. I was feeling great and thought that surely this prize for which I had worked so hard was within my grasp. I took a quick walk and came back to finish the job. This, my friends, is where everything fell apart.

After getting a local shell on one machine and nothing on the other, I spent the next 12 hours attempting to escalate privileges and/or gain some kind of access on the other machine. As my exam time drew near its end, I became so overwhelmingly tired that I started to hallucinate. It was at this point and with only a couple of hours left in the exam that I decided it was time to listen to my body and accept defeat. It’s hard to accurately describe that sinking feeling of knowing I was so close to my goal and just not being able to cross the finish line. I felt like I had tried everything I knew to do and was just mashing my brain against a wall. In hindsight, that’s exactly what I was doing and learning to step back and let go of something that’s not working would have likely resulted in a passing grade. What a valuable life lesson as well, eh?

Regardless of what I assumed was a failing score on the exam, I still completed the post-exam report and sent it off to be lovingly examined by Offsec. I toiled the next five days wondering if maybe by chance I actually did enough to pass and just didn’t know it. Well, I didn’t. On the 5th day, I received the dreaded “We regret to inform you” email from Offensive Security. The wind felt ripped from my sails and I spent a day or two moping about wondering if I was really ready for this.

But then, it hit me again.

If you want something badly enough, you can NEVER quit.

This, I determined, was exactly what Offensive Security means when they urge you to “try harder!” I realized that the fire inside me could only be extinguished by success and I had no choice but to get up and fight. Immediately after I realized this, I signed up for my second exam attempt.

The day came in no time at all, and there I was again, staring down my email inbox waiting for the exam connection pack to hit at 5 AM. It came right on time and I wasted none getting started. There was an obvious shift in my mentality this time around and I felt calm, collected, and confident in whatever challenge might be awaiting me. By the 5-hour mark, I had root privileges on 4 out of 5 machines. I knew this would be enough points to pass (assuming my report was good to go) but after the defeat in my first attempt, I wanted to keep fighting for every point. Within a few more hours, I fired off the last command that gave me a shell. This was, it must be said, a really emotional moment. I realized then that everything I had been working for, all the sacrifices I had to make and had to put my family through to get here… it was for this very moment. I wanted nothing more than to celebrate but there was still work to be done. I triple checked every last bit of notes and screenshots for another hour before finally determining that I had everything I needed. I closed out the exam and just took the most wonderful deep breath I’d ever taken.

After a few anxiety-filled days of wondering and hoping I didn’t forget anything, I received that most glorious of emails from Offensive Security:

“Dear Be0vlk, we are happy to inform you..”

I was officially an Offensive Security Certified Professional! Every bit of pain and sufferance, every time the labs made me humble… it brought me to this point and I can wholeheartedly say that few things in your career or otherwise will ever feel as worth it as that.

I hope you enjoyed reading about my journey to OSCP and don’t hesitate to reach out if you have any questions or even if you just want someone to motivate you or celebrate your own victory with!

Resources

I’ve listed below some of the most useful resources that I came across during my journey to OSCP. I hope you’ll find them just as valuable as I did.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s