Link

From Zero to OSCP: My Penetration Testing Certification Journey

The Idea

Do you remember the pandemic in 2020? People were locked in, lost jobs, and worse. My contract ended in February 2020. Lockdowns started going into effect, finding a new job was extremely difficult, maybe even impossible. The world may never know. But since I had the time, I decided that this was a good time for a career change into cyber security.

I had to come up with a plan though. I set my sights on the Offensive Security Certified Professional (OSCP), widely considered one of the most challenging hands-on penetration testing certifications. I took the Penetration Testing with Kali (PWK). I started with version 1, and I updated to version 2.

Here I was, my penetration testing experience was almost zero. I had read Penetration Testing: A Hands-On Introduction to Hacking, and that was all I had. So, I was a blank slate not really understanding what they meant by Try Harder.

PWK Version 1, my First Attempt

For PWK Version 1, I had the 60-day lab package. To make it a little spicier, I was still working at the time. This means that all of my study time had to be scheduled around my work schedule. That meant studying late nights and weekends! Woooo!

I spent the first week reviewing all the material from the Welcome email. Since I was so green, I wanted to establish my base before just diving into the boxes. After consuming the entire PDF and watching each and every single companion video, the fun begins. I got to tear into the labs and give it my all.

If hindsight is 20/20, my biggest mistake was chasing flags instead of understanding the process. I was able to compromise 18 machines completely on my own, but after that began relying more and more on the forum for hints and nudges. Now, there is nothing wrong with this except that I just focused on using the help to get the flag. I completely neglected paying attention to what they were telling me so I could grow and learn too.

By the time my lab time was ending, I had 35 proof flags and felt pretty good about my chances. Unfortunately, my first exam attempt didn’t go as planned.

PWK Version 2, Let’s go!

A few weeks later, my contract officially ended. Around that time, OffSec released PWK Version 2, and I purchased 30 more days of the sweet, sweet lab access.

I was really impressed with the new content that was added. The content almost doubled and gave great detail so I could better understand the material.

I also refined my approach for this new go around:

Jumped right into the labs while reviewing material in tandem.
Focus on why I did each step, not just blindly running the exploit.
Used the course PDF as my main source for techniques.
Treated the forums as a true last resort.

Exam Strategy

I updated my exam strategy this time:

Timing: I scheduled the exam two weeks after the class ended, not 1.5 months after.
Environment: I created poster boards of the key commands, taped behind my monitor for quick reference. Quickly seeing the commands helped keep me grounded, instead of getting frustrated (pro tip: use the matte side to reduce glare).
Mindset: I slowed my pace so I did not get frustrated. That let me turn over every stone to find that juicy vulnerability.

Twenty-four hours is a long time. Staying grounded and process-focused made all the difference. A few days later, I receive that email that we all hope to get. “Congratulation” from OffSec. I celebrated with a glass of champagne with my parents and immediately started planning the next stop of my cybersecurity journey.

Reflections

The OSCP taught me more than just exploitation. It taught me persistence, mindset shifts, and structured problem-solving.

The best advice that I could give anyone pursuing this certifications:

Chase the understanding, not just the bigger flag number.

Key Takeaways

Start early with process-based learning. Understand the why of the steps you are executing.
Balance labs and theory. Do not wait to finish the PDF. Start the labs right away.
Embrace the Suck. Frustration is just part of the process. Learn to like it and keep pushing on.

Keep grinding it out!