I passed the OSCP back in March, and after some reflection, I wanted to share my experience with anyone considering this challenging certification. Like many in our field, I initially pursued it for the wrong reasons, but came away with something far more valuable than I expected.
Preparation Strategy
My preparation took about 6 months, though I'll be honest - it was pretty sporadic. There were days I'd spend all day grinding on TryHackMe or MedTech/Relia, and then weeks where I wouldn't even boot up Kali. When I was actively studying, I put in about 20 hours a week, but those breaks were important (more on that later).
Coming into this, my background was as a threat hunter turned red teamer, so I was strong in Windows and Active Directory but seriously lacking in Linux experience.
For resources, I started with TryHackMe and worked my way into OffSec's PEN-200 challenges once I felt comfortable. I wasn't a big fan of HackTheBox at the time because I felt like their boxes were designed to trick rather than teach you. I was there to learn, so TryHackMe felt like a better fit before moving into the official material.
My main focus was on initial access since my AD skills were already strong. I had no doubt I'd be able to complete the AD set, especially once it moved to Assumed Breach. I worried about Linux though because it was still my weaker side. It's funny to think about because I basically only use Linux now since Debian is my daily driver.
Another thing I could’ve done better was practice reporting. I didn't practice reporting much. I more or less winged it using the knowledge I gained at work and from the PJPT I did last year. I did however look into how I would want to write the report and decided to write it very closely to how I take notes. Which means a lot of pictures and internal monologuing. Kinda like this.
Personal Experience & Mindset
Going into my first attempt, I was pretty nervous. I had no idea what I was walking into and was just blindly jumping in. I remember being completely locked in for the first 5 hours - I didn't step away from my desk until my girlfriend at the time brought me food.
The pressure of having to complete everything in 24 hours hit me hard on that first attempt. But my second attempt? Night and day difference. I walked into that exam session knowing I was going to pass. It didn't matter what was on that exam - I was passing.
My motivation for pursuing the OSCP was honestly pretty shallow at first. I wanted it as an "HR cert" - something prestigious on my resume. But I learned after taking and passing why it's actually so respected.
My background definitely helped during the Windows portions. Every situation involving Windows felt like an easy win. I never felt uncomfortable working on Windows or looking for ways to exploit it. So thanks Microsoft for being so insecure - I'll always have a job! (lol)
The hardest part about the OSCP is getting all the points you need in only 24 hours. The boxes aren't the easiest and what's better is after grinding hard and getting the flags needed you only have another 24 hour period to write the report. That was the killer for me, I was so tired by the time I was done I passed out almost immediately after I submitted the report. Sleep like a rock that Monday morning.
I used to hate the term "try harder," but I have to admit it's actually a good philosophy. There are times when you have to think outside the box and really push yourself, and that's where the OSCP shines. It teaches you that sometimes you're going to have to go out of your way and figure something out without being explicitly taught. You just have to piece it together and make it work.
Failing & Reviewing
When I started my first attempt, I was nervous and I didn't get all my standalone box reps in. I needed more practice gaining initial access and I knew I should've practiced more going into the first attempt but I wanted to play my luck and see if I could get easy standalone boxes (I didn't).
Looking back, I needed to relax, manage my time better, have a better understanding of networking concepts, and build more confidence in initial access techniques. My Windows skills were solid, but I really needed to lock in when it came to gaining access on those standalone boxes.
After failing, I waited about a month before my second attempt. I took a week break to decompress, then dove into TJ Null's list. I worked through 5 extra boxes on proving grounds and scheduled my second attempt after discussing it with a coworker.
The key difference in my preparation was going in with a much better understanding of how to gain initial access. I also discovered ippsec.rocks during this period, and between that and all the other resources I had, I felt like there was nothing more I could do to prepare better.
Passing on the Second Time
Walking into my second attempt, I felt completely different. After reviewing my first attempt and crushing those extra boxes from TJ Null's list, I felt like I'd done everything possible to prepare. There was no way I was going to fail again.
My approach during the actual exam was much better the second time around. I managed my time more effectively and, crucially, I knew when to take breaks. Breaks are incredibly important, and when I was nervous during the first attempt, I couldn't let myself relax when I needed to. Sometimes the best thing you can do is step away and come back with fresh eyes.
Getting to 70 points felt amazing it was also kinda funny. I started the exam at 5pm, I had 60 points by 10pm and now here I am it’s almost 2am and I'm sweating bullets because I can't figure a way in the other standalone machines. I told myself to take a break and took a nap. When I woke back up (around 8) I knew I was about to get in that last standalone. It took about 40 mins but there it was, the flag I needed to hit 70 points. It felt great and was super relieving knowing I had enough to pass but I didn't stop there I went ahead and got the root flag to end the exam at 80 points.
Those boxes from TJ Null's list were crucial - I just needed more reps. I noticed there's definitely a pattern between those practice boxes and the exam machines, which makes sense since some of them are retired exam boxes.
The report writing was TERRIBLE I didn't write my report on the first attempt. I just took my L and kept pushing. But here I am with 80 points and pumped. I celebrated a little bit and then starting writing the report. I used sysreptor and it is awesome. I'm currently planning on taking CAPE from HtB and I will be using sysreptor again. The templates are clean and the report in the end looks good. It's kinda crazy how report went up to 50+ pages. That's WAY too much but I had to throw in all the commands I did. I didn't want to fail because I left something out. Before I submitted the report I realized I didn't take screenshots of a few things so I when I submitted I let out a nervous chuckle, said its up to the powers that be and then passed out. I talked to my coworkers and asked how do they do their report writing for exams. Like do they stuff their reports with all the commands ran or do they leave the less important ones out? It was funny because I knew I had the points this time but I wasn't sure if they would like my report because of things like grammatical errors and missing a cd command.
Life After OSCP
Professionally, passing the OSCP hasn't made a huge change yet. I'm in the same job making the same amount of money. However, I do think prospective employers are going to be more receptive. I haven't interviewed anywhere yet, but a friend sent my resume out and recruiters really like seeing the OSCP on it.
What really changed was my perspective on what the certification actually provides. Initially, I just wanted it as an "HR cert" to boost my chances of getting past resume screening. But after passing, I feel much more confident in figuring out anything technical. I might not be the smartest or brightest person in the room, but I'll do my best to figure out what's needed and how to get things done.
The OSCP's real value is teaching you how to develop a methodology for researching and learning about new things you have limited exposure to. This is the most important and useful thing I got out of the certification. It's why I now feel confident enough to go back to college and pursue my master's degree at Georgia Tech.
In my day-to-day work as an exploitation analyst this methodology for tackling unfamiliar problems has been invaluable. The OSCP teaches you how to build out a systematic approach to learning about obscure topics and technologies, which is something you'll use constantly in this field.
Would I recommend the OSCP to others? Absolutely, yes. Take the course, sit for the exam. It's worth it.
What’s Next?
Looking at what's next, at first, I was gunning for the OSEP I'm currently on challenge 7 (I have Offsec Enterprise until Sept, so I've been enjoying the time I have left) but after going through the material and having the realization that the best part about the OSCP was the methodology I'm not interested in taking the OSEP. At least not until they completely revamp it again. Many of the TTPs taught and used are old and outdated, once they refresh the course I might come back and sit for the exam.
But with all that said I think my next certification will be CRTO and then CAPE. I would like to better understand cobalt strike's artifact kit and I think CRTO would be a good introduction. Following the CRTO I will attempt HtB’s CAPE exam. It sounds interesting and I think it what I wanted the OSEP to be. The course syllabus speaks about WSUS, SCCM & ADCS. None of which are covered in the OSEP's course material and if I'm going to drop over 1K on a course it better be up to date and make me a more effective operator.
Overall, going through the OSCP's course work was annoying at times but I did enjoy it. I think anyone looking into offensive security (oop I said the thing) should definitely sit for this exam. If I had to do it over I would do it again, I think it worth it.
The journey taught me that sometimes the most valuable lessons come from the process itself, not just the destination. The OSCP gave me more than a certification - it gave me a framework for continuous learning that I'll use throughout my career.