OSCP Preparation

I started Cyber Security career with a course about 2 years ago. It was 600 hours long. It contained network, network security, system (AD and Linux), system security, ethical hacking. In August of 2020, I started Cyber Security Center Analyst in NETAŞ. I was responsible for SIEM’s. We were analyzing cases related every security aspect. I decided to pivot my career to more offensive. In the job, stress level and density were too high. After the work, you had no energy to learn or do something. So, I quit the job in June 2021. Then, I enrolled OSCP certification in July 2021. Before the enrollment, I completed 2 paths in Tryhackme which were Complete Beginner and Offensive Pentesting Learning. Since I had a good background, it did not take time too much. PWK enrollment process was easy. I bought 90 days package. I studied only PWK labs in those times. After the ending of Lab access, I took an attempt for the exam.

I got 60 points (BOF, 25, 10). I was so close to pass. But I had not enough luck I guess 😊 and there were lots of stress. I found the initial access for a machine in last 5 minutes. That was all I need. In exam, I faced lots of network issue, hanging virtualization software etc. I was devastated after the exam. But in a very short time I gathered myself.

After the failed attempt, I found Proving Grounds Practice for more preparation. I solved lots of machines in it. Offensive Security announced new exam structure at early days in December. By the time I became aware of the it, all 1.5-month reservations were filled in 2 days. I was planning take to exam in first week of December. As a result, I took the new exam. But there were lots of hesitations. Cause of no one experienced new structure. There was no way out to take the new exam. Until to the exam date, I solved about 70 machines in PG Practice and solved all labs in PortSwigger Web Security Academy. Yeah, I doubled my knowledge in those times.

The exam was so hard. Because of I could get initial shell for AD in about 10 hours. Taking over domain took 1.5 hours 😊 I did not prepare report for extra points. I think, it was not so important in previous exam structure. And it wants lots of time to prepare. I got 2x20 machines in 4 hours with partially. I could not get the last machine. It got me a little upset. But I got 80 points. I collected enough points to pass. I did not sleep in 24h exam period. I could not sleep more than 4 hours before exam started. I often took breaks. In first 12 hours, I could not get initial access for AD. It devastated me. I tried it about 8 hours in first half. After the break, I started again for all or nothing 😊. I couldn't relive failure. When I found the way, I felt success. Then I took over domain easily (Not so easy btw). I tried again get last machine in last 8 hours. But I could not.

The reporting phase was tricky. I decided to report AD machines separately. But I wrote any dependencies clearly. In a day, after the sending report, I got the email. I PASSED! It was about 12 hours ago.

Here are my takeaways from the process:

I could not pass the exam without Proving Grounds Practice experiences.

Don't spend too much time on something you don't get results.

Tools may not always yield results, must know how to manage processes manually.

Don't lose hope.

Trust yourself.