Log: OSCP_Certification_Journey

Context

I started with IT familiarity.

• Hobbyist MERN full stack developer: I had 3-4 years of hobbyist experience building non-pro websites.
• Certs earned between 2021 and 2026: - Not an ordered or complete list - Cyber Scheme CSTM, MSc Computer Science & Cybersecurity, Comptia Pentest+, Cyber Scheme VA+ ...CWL AD Red Team Specialist, CWL Certified Web Red Team Analyst, INE Certified Junior & Professional Penetration Tester...
• IT professional: Spent time in Cybersecurity, IT support, System administrator roles.
• Self-motivated: I generally enjoy earning certs, taking courses and have always enjoyed IT, Computer Science, Cybersecurity hence my MsC.

Resources and Subscriptions

I find it slightly difficult to recommend the best path for others. Enjoy the journey and the certifications will come. It is less about a single resource and consistently doing something each day and practicing specific skills.

• Tryhackme: This was my initial resource for learning the core penetration testing concepts in a structured and gamified manner. I completed several learning paths, the courses are interactive and the labs are engaging.
• Hackthebox: This was my step-up into the CPTS course, and the other HTB labs which is a bit more training wheels off. I also competed in seasons 7 earning the following ranks (Silver), 8 (Ruby), 9 (Ruby) of HTB Seasons.
• Proving Grounds: This was my final resource. I worked through 30-40 boxes using Lain's list
• Videos: IPPsec and TJNull walkthrough's
• List Lain's list

0x01: The Lab Phase

I purchase the 90 day bundle which included 1 exam attempt. I balanced my full-time cybersecurity role and learning with labs, I studied the course material and worked through the practice labs

• A few hours a day: I took the odd day off. However I was generally consistent about having a lab on the go each day.
• Notes: I took notes. I used cherrytree and switch to Obsidian and using both.
• Smaller certs: I sought out opportunities to benchmark against, so I made use of very affordable courses with an exam component, especially CWL, Pentesting Exams (Secops) etc.

0x02: Hills and valleys

Failed at first. I thought it best not to stress too much. I would study harder and return for another try. Overall the cooling-off period helped me improve.

• Yes, I failed at first My preparation was not good enough, my time management, skills and performance were not at the required level.
• I still submitted the failing report I figured it was good practice and validated my reporting approach.
• Back to the drawing board I signed up for Proving Grounds labs and spent more time learning and purchased another exam voucher.

0x03: The passing Exam

I started around midday. I would hack for 2-3 hours and then take short 15 minute breaks. Those helped alot to breathe, drink water and think.
• Fully completed AD Set: Completed all AD flags by the 4th hour.
• Rooted 1st standalone: Completed this by the 6th hour.
• Foothold on 2nd standalone: Foothold flag by the 9th hour

I had earned enough points to pass, so I began taking vigorous screenshots and building my report notes and went to sleep.

• Foothold on 3rd standalone: Foothold flag with 3 hours remaining

I had earned over the requirement. I double and triple checked my notes, screenshots, control panel submissions and ended the exam.

0x04: Professional Reporting

• Take a break: I slept and refreshed before report writing.

I had already written my report during the exam. It was a matter of putting it onto the official template. This did take me a while to double and triple check. Submitted the report I submitted about 14 hours after the exam ended Waited...: then suddenly, success!