root@portfolio:~# cd ..

Log: OSCP_Certification_Journey

Disclaimer: This blog post contains no information about the OSCP course content or OSCP exam content. It is not intended for use as a guide. It is only a high-level reflection of my personal approach.

In 2024, after completing my MSc in Computer Science and Cybersecurity I decided to pursue the OSCP. My MsC provided the theoretical foundation. OSCP was the crucible that tested my practical endurance.

Context

IT Familiarity.


Hobbyist MERN full stack developer: I had 3-4 years of hobbyist experience building non-pro websites.
Certs earned between 2021 and 2026: - Not an ordered or complete list - Cyber Scheme CSTM, MSc Computer Science & Cybersecurity, Comptia Pentest+, Cyber Scheme VA+ ...CWL AD Red Team Specialist, CWL Certified Web Red Team Analyst, INE Certified Junior & Professional Penetration Tester...
IT professional: Spent time in Cybersecurity, IT support, System administrator roles.
Self-motivated: I generally enjoy earning certs, taking courses and have always enjoyed IT, Computer Science, Cybersecurity hence my MsC.

Resources and Subscriptions

I find it slightly difficult to recommend the best path for others. Enjoy the journey and the certifications will come. It is less about a single resource and consistently doing something each day and practicing specific skills.


Tryhackme: This was my initial resource for learning the core penetration testing concepts in a structured and gamified manner. I completed several learning paths, the courses are interactive and the labs are engaging.
Hackthebox: This was my step-up into the CPTS course, and the other HTB labs which is a bit more training wheels off. I also competed in seasons 7 earning the following ranks (Silver), 8 (Ruby), 9 (Ruby) of HTB Seasons.
Proving Grounds: This was my final resource. I worked through 30-40 boxes using Lain's list
Videos: IPPsec and TJNull walkthrough's
List Lain's list

0x01: The Lab Phase

I purchased the 90-day bundle which included 1 exam attempt. I balanced my full-time cybersecurity role and learning with labs, I studied the course material and worked through the practice labs.


A few hours a day: I took the odd day off. However I was generally consistent about having a lab on the go each day.
Notes: I took notes. I began using Cherrytree but switched to Obsidian. Obsidan has a great UI and search is fast.
Smaller certs: I sought out opportunities to benchmark against, so I made use of very affordable courses with an exam component, especially CWL, Pentesting Exams (Secops) etc.

0x02: Hills and valleys

Failed at first. I thought it best not to stress too much. I would study harder and return for another try. Overall the cooling-off period helped me improve.


Yes, I failed at first My preparation was not good enough, my time management, skills and performance were not at the required level.
I still submitted the failing report I figured it was good practice and validated my reporting approach.
Back to the drawing board I signed up for Proving Grounds labs and spent more time learning and purchased another exam voucher.

0x03: The passing Exam

I started around midday. I would hack for 2-3 hours and then take short 15 minute breaks. Those helped alot to breathe, drink water and think.
Fully completed AD Set.
Rooted 1st standalone.
Foothold on 2nd standalone.

I had earned enough points to pass, so I began taking vigorous screenshots and building my report notes and went to sleep.


Foothold on 3rd standalone.

I had earned over the required amount of points. I double and triple checked my notes, screenshots, control panel submissions and ended the exam.

0x04: Professional Reporting


Take a break: I slept and refreshed before report writing.

I had already written my report during the exam. It was a matter of putting it onto the official template. This did take me a while to double and triple check. Submitted the reportd Waited...: then...SUCCESS!

The result

STATUS: OFFSEC CERTIFIED PROFESSIONAL