It’s been an incredibly long journey. After nearly two years since I began in July 2017, I finally achieved my pan-ultimate goal of becoming an Offensive Security Certified Professional March 2019. Three months later, I’m finally getting around to writing my last entry in my OSCP journey.
The final attempt
In truth, I had to take the exam two more times due to an extremely stupid error when writing up my report the previous attempt. The exam went too well for me. I had gotten two boxes which I had gotten in separate, previous exam attempts. Because I was familiar with them, I knew where I went wrong previously and was able to pop both of them in extremely short order. By the time I hit my 6th hour, I had 80 points safely secured and started writing my report early, dropping my evidence into the file, and giddily preparing to go to bed early. I felt that with more than 10-points than necessary to pass, I had it in the bag. I lazily went after the last box and after a few hours without success decided I might as well go get some sleep and enjoy feeling secure in the fact that I was certain to pass.
It was the worst misstep of my entire journey.
I woke up late that morning with less than an hour in my exam left, and decided I didn’t need the rest of the time, so I turned in my report early and let my proctor know I was finished. I then enjoyed a relatively non-stressful wait for my grade email for a few days.
To my horror when I finally received the email, I saw the same heart-crushing statement I’d received several times before. “Unfortunately, you did not earn enough points to pass.” After demanding a recount and a reason why I failed, I received the response that my report was missing several key elements for a specific finding that made it impossible to accurately replicate my work. There is no worse feeling in the world than knowing you had enough flags and sufficient points to pass the exam only to shoot yourself in the foot because you forgot to include a few extra details and screenshots.
Pro-tip: Double-check your work 5 times before you hit send …
The FINAL final attempt
After falling short during my previous attempt at the OSCP due to failing to properly extrapolate my process during the report, I was resolved to succeed on this one final attempt. Like several exam attempts before, I prepared with a checklist and all of my scripts ahead of time. I did not bother buying more time in the labs as I had already gone through all the final boxes and knew I had the knowledge. After all, I had blown through 4 of the boxes in under half a day. All I had to do was to not screw up the report.
When I finally had the exam vpn opened up to me for my final exam, I never tried harder in my life. I was sick of failing this exam and hearing the words “try harder” all the time. Hearing that mantra made me want to vomit, and I never wanted to have to hear it again after that day.
I received an entirely new set of random boxes I had never seen before, but I didn’t care. It didn’t matter. I was hell-bent and determined that this was the last time I would ever touch the OSCP exam again, and god damn it it was gonna end in a pass.
It was overkill looking back, but I think I must have taken a screenshot every single step of my process for each box I popped, especially the Buffer Overflow challenge. I don’t recall taking any breaks save repeatedly running to the bathroom every 30-40 minutes because I was throwing back cup after cup of coffee and running downstairs to answer for a food delivery so I wouldn’t have to spend more than 5 minutes away from the exam at any time.
I burned straight through the exam for a solid 12 hours until it was finally done. I had fully rooted all the boxes. I then spent another several hours retracing all of my steps, getting cleaner and more information-dense screenshots to extrapolate my findings and writing my report as I did so. It became a novel more than 40 pages long by the time I was finished. I kept re-reading, revising, and reviewing my report several times, so many I lost track. My proctor must have been bored to tears.
Finally, coming up on the 16th hour, I closed my exam and submitted the report. I had tested all there was to test. I was downright paranoid about every detail, so if I didn’t pass at this point … well… it just wasn’t meant to be.
Fast forward three days later after barely any sleep because I was half-expecting to get another “you failed” nasty-gram, the results came.
I remember reading the email in the evening and just falling back into my bed, still exhausted from the exam just two days prior, and breathing a sigh of relief. More than anything, I was just glad it was over. I passed along the news and promptly passed out and let the reality of the exam result sink in over night. The feelings of satisfaction at having finally succeeded at the OSCP after repeatedly failing so many times did not come until after I came to terms with the fact that I would not have to grapple with any future decisions whether to try again.
Reflecting on the PWK course and OSCP
Without a doubt, the OSCP was the most difficult course I’d ever attempted in my entire life. I never spent so long wanting something so badly as that stupid shiny piece of paper. The skills I developed while experimenting in the labs, crafting my own tools, and repeatedly ~torturing~ pushing myself to try harder have made all the difference in how I approach penetration testing. Before beginning my journey, I approached penetration testing like a math problem. I would stare at what was in front of me and go digging through my book of formulas that were supposed to solve everything. If I didn’t find a formula/tool that worked, I just moved along.
I suddenly realized that my approach has drastically changed since three months ago when I passed my exam. I don’t feel satisfied with easy wins anymore, and I don’t just skip a host when I don’t find something at first. I have grown more methodical in my approach, digging for things that demand more of my attention while the easy/automated stuff runs in the background. I take what vulnerability scanners and automated tools tell me with a pinch of salt, and I have a tendency to explore farther and probe deeper into subjects I never paid any attention to before, even subjects that I know nothing about. Somehow the OSCP has changed my way of thinking. I have always said that “there is no such thing as unhackable,” but I never made an effort to back up that statement with action.
Suddenly, I’m doing that with every penetration test I get. I’m putting every ounce of my effort into each test, and if my clients give me enough time, I will prove I can break into it. I think that now that I’ve completed the OSCP and I’m no longer stressing about the next exam attempt, I can finally understand how it not only sharpened my mind but altered my mentality.
I’m still not going to thank Offensive Security because … seriously … I’ve never been more stressed out in my life. Even so, that exam delivered on every promise it made, especially how hard it would be. The fact I was able to do it even after so many repeated failures has made me far more confident and tenacious, so for that reason, I consider it worth the two years of agony.
If you have stuck with this series and are still on the fence about attempting the OSCP, here is my final piece of advice:
Consider yourself Iron and the OSCP a furnace. It isn’t the course itself that tempers your skills, it’s the fire – the challenge. You’ll never feel ready for it, so don’t hesitate. Don’t quit until it’s over, and keep trying harder until trying harder becomes effortless. Then you’ll finally have tried hard enough.
Thanks for sticking with me, and good luck on your journey.