What does it mean to be OSCP certified? This is a short and simple question however the answer is quite loaded. In one sense, it’s “just” another IT certification to add to my list. Another three to four letter acronym that the majority of people I know have to ask, “What do those four letters mean?”. Sure, it’s just four letters, but what most people don’t understand is the hard work, dedication, and effort that needs to be put in to get those four letters.
When I started my journey to become an OSCP, I had no idea what I was stepping into. Being already OSWP certified, I thought I had a slight advantage, in that I knew how the Offensive Security courses were structured. I also thought that since I had a four-year university degree under my belt and several other certifications, I could handle this no problem. I couldn’t have been more wrong. There were nights I went to bed with headaches. This was the first course, [i]ever[/i], that I seriously considered throwing in the towel. I was a complete noob when it came to penetration testing and this course was proving it. It was a David and Goliath scenario and I didn’t know what to do.
Eventually, things started to take a turn. I started to root systems in the OffSec lab. Things were starting to be fun. My employer was very good to renew my lab subscription which relieved some of that time constraint which was causing a block in my head. But I still kept thinking about the time. It would take a week before I rooted one system. It wasn’t until one of the OffSec admins reiterated, “This isn’t a race, it’s a marathon,” and reminded me that the purpose isn’t to just blow through all the lab machines; there is something to be learned from each machine, something to make you think differently. At this point, my head was overwhelmed. I’m sure my blood pressure was rising - I had to leave the OSCP journey for a bit. I took a month break. Enjoyed some summertime fun with my wife.
After my month break from OSCP, I decided it was time to start again. With a fresh, clean head and knowing how things work, I felt much better this time. I started researching and googling the right terms. Learning new tips and tricks. Just trying things and for the most part they started working. Still lots of moments where I was banging my head off the keyboard. However, instead of taking one week to root a machine, I was rooting three and sometimes four in a week. It was great. I got a boost of confidence and instead of throwing in the towel, I was saying, “I can do this!”. When Offensive Security says “Try Harder!” they mean it. I was trying harder and it was working. After I conquered the server Humble, I felt pretty darn powerful. It was time to book the exam.
The exam was stressful at first. I had 24 hours to write it and I wasn’t sure what to expect. I’ve read on multiple blogs about people writing a bunch of scripts to automate the whole enumeration process. I didn’t trust my scripting abilities to do so. However, in the labs, I just scanned machines one by one and it worked just as good. Doing this, I rooted more than enough systems to pass. I love the sense of humour the Offensive Security team has. The one machine that taunted me by calling me a noob during the exam, was the one machine that I wasn’t able to root. However, this noob is OSCP certified now!