OSCP

My OSCP story

• My OSCP story
  • The road to OSCP
  • OSCP
  • After OSCP

OSCP is regarded as one of the more difficult entry level exams partly because the 48-hour exam (24 hours of hacking followed by 24 hours report writing). I managed to pass this exam on my second attempt.

The road to OSCP

I started in 2011 at Fontys in Eindhoven and earned my bachelor as a Software Engineer with a minor in Cyber Security. I started work as a developer in 2016, but the feeling of getting into cyber security never went away. I decided to quit my job in 2020 and to go into the cyber security field. I started preparing for my OSCP, first by doing Cybrary - Advanced Pentration Testing and creating a Hack The Box account. YouTube video by IppSec also showed me tools to use and how to think during a security assessment.

OSCP

I enrolled the 17th of February and officially started the OSCP course the 1st of March with 60 days of lab access.

These 60 days weren’t enough time to root all the boxes in the lab and I didn’t feel ready yet to tackle the exam so I upgraded my Hack The Box account to VIP and started working on TJnull’s OSCP like HTB machines supplemented by active machines.

This helped me feel ready for the exam which I took 11am the 24th of May. I got to 67.5 points after ~8 hours with only user access on a 25-point machine and a 20-point machine I could not get into. The next 16 hours was me trying to get those last few points I needed (70 points is the minimum to pass), but nothing was achieved. I could’ve taken a longer break, a shower and/or some sleep which could’ve helped and I made sure to learn from this experience.

There is a 4 week wait after the first failed exam before a retake is allowed. I used this time to do more machines on Hack The Box and to improve my note taking I started doing write-ups for retired machines on my newly created blog.

The retake started 11am the 29th of June and got off to a flying start with my first break 2.5 hours later and the 25-point buffer overflow and the 25 machine both completed. The 20-point machine after the break looked familiar because I had the exact same machine during my first exam attempt. During the exam you are allowed to use your own notes including notes from previous attempts, so this was an easy 20 points. I did notice that my note taking really improved in the weeks between my first and second attempt. The other 20-point machine and 10-point machine also were rooted quite fast, so I was at 100/100 points and it was only 5pm after an 11am start while taking breaks between every machine. I took a long break and made dinner before getting back to my PC and go over my notes to make sure I had everything documented for the report. A few hours later I had the feeling that I had everything I could possibly need documented so I told the proctor that my VPN access could be stopped so they wouldn’t waste their time watching me when only the report (which isn’t proctored) needed to be written.

I used noraj - OSCP-Exam-Report-Template-Markdown to create the report. I’m used to taking my notes in Markdown and also the HTB write-ups are created in Markdown. I made sure to get some quality sleep and calmly worked on my report which got send in around 4:30pm, way before the 11am the next day deadline.

Now the waiting started, looking at posts on Reddit - OSCP and Discord showed that some get their results in a few days while others might need to wait the full 10 business days. I made sure to check my email every time I had my phone in hand and the day I least expected it, Saturday 4th of July, ended up being the special day that the confirmation mail came in. I PASSED OSCP and I can start the next step in my career.

After OSCP

My next step will be finding a job where I can use the knowledge that I learned during my OSCP studies. I also plan to continue HTB write-ups, they started as a tool to improve my note taking but they ended up adding an extra layer of enjoyment to rooting the boxes.