From Frustration to Root: How I Passed the OSCP+ and What Got Me Through
%20%E2%80%A2%20Lukas%20Nilsson%20%E2%80%A2%20Cybersecurity%20Training%20Badges%20from%20OffSec.png)
I didn’t pass the OSCP+ because I’m some kind of genius. I didn’t breeze through it with flawless exploits or elite hacker skills. I passed because I kept showing up. Every single day. Even when I felt stuck, even when it felt hopeless. Especially then.
This isn’t some polished story wrapped up in a bow. It’s personal. It’s about late nights staring at broken shells, notes that made no sense, and moments when I wanted to give up and walk away from the entire thing. But I didn’t. And in the end, that made all the difference.
Because make no mistake: OSCP+ isn’t just hard. It’s humbling. It’ll strip you down to your fundamentals. It’ll show you what you don’t know. And then it’ll ask you to keep going anyway.
Why I Chose the OSCP+
At some point, solving CTFs and poking around in TryHackMe and HackTheBox boxes just wasn’t enough. I wanted something real or at least as real as you can get without stepping into an actual red team role. The OSCP was always on my radar, it was everything I was curious about: Active Directory, pivoting, multiple attack paths, and no mercy.
It wasn’t about collecting badges. It wasn’t for LinkedIn likes. It was about building confidence about knowing I could walk into an unknown network and start tearing it apart with purpose. The OSCP offered that in a way no other certification did.
I wanted to suffer a bit. I wanted to hit walls and be forced to think. That might sound masochistic, but if you’ve ever been in the zone, three hours into a box, chasing some obscure misconfiguration you know exactly what I mean.
The Ramp-Up: Getting Ready to Even Begin
I didn’t just register and hope for the best. I spent months prepping before even touching the official material. I treated it like training for a marathon you don’t just roll out of bed and start running 42 kilometers.
The first thing I tackled was Linux. I already had some experience, but I wasn’t fluent. So I committed. Kali became my main OS. I forced myself to solve everyday problems from the terminal. Forgot how to do something? No GUI allowed. Look it up, learn it, remember it.
I also messed up a lot. I’d crash my VM. I’d break SSH configs. I once locked myself out of a box I built from scratch. And every time I failed, I learned something new. That mindset of treating failure as part of the grind became crucial later on and to always Try harder.
TJnull’s OSCP-Like Boxes Were a Game Changer
Eventually, I discovered TJnull’s list of OSCP-like boxes. That list became very important. I built a spreadsheet, tracked my progress, color-coded each box based on category, and forced myself to document each one.
I didn’t just solve them I dissected them. I reset boxes just to try alternate methods. I spent whole weekends on a single machine, not because it was hard, but because I wanted to explore it fully. What if I tried to manually exploit the target and not use a already finished exploit?
Over time, I began to see familiar themes: poorly configured services, lazy admin habits, exposed secrets, weird web app logic. And each time I spotted something, I’d dig into it. Why was that cron job writable? What’s the risk of leaving .git folders exposed? How does NTLM auth actually work? And with every new exploit I learned something new I learned how to program better and create exploit instead of using ones that already exists because I learn so much more.
It wasn’t just about solving puzzles it was about understanding systems and exploits.
Developing a Workflow (aka Staying Sane)
When you’re juggling multiple boxes, notes, scans, and tools, things can spiral quickly. So I forced myself to get organized.
I built a standardized workflow: run full recon, enumerate thoroughly, look for initial foothold, identify privilege escalation vectors, document everything. Rinse and repeat.
I built templates for notes in Notion. I set up screenshot hotkeys, terminal aliases, and even wrote scripts to automate parts of the recon process. I learned how to grep intelligently, how to search logs efficiently, and how to keep my desktop from looking like spaghetti.
Most importantly, I developed the habit of writing reports. Not just summaries, but full blown documentation with context, screenshots, and commentary. It slowed me down at first, but later, it gave me speed. And confidence.
By the time I was a few months in, I wasn’t just following a checklist. I was thinking like an attacker.
Tools That Helped (and the Ones That Didn’t)
It’s easy to get overwhelmed by tools in this space. There’s always a new one trending on GitHub, or someone tweeting about a niche exploit framework. But OSCP isn’t about how many tools you know it’s about how well you know the right ones.
Nmap became a daily ritual. I stopped using default scans and started building out custom command sets depending on the situation. I learned when to be stealthy and when to go loud.
Burp Suite stopped being just a proxy and became a full analysis suite. I used it to follow authentication flows, analyze requests, and manually fuzz parameters. I learned to watch how web apps responded to weird input.
Impacket was another MVP. Tools like secretsdump.py, wmiexec.py, and smbexec.py etc became my go-to options during the AD stages. But more than that, I learned how and when to use them. What kind of credentials did I need? What ports had to be open? What responses indicated success or failure?
The Mental Game
There’s a point in this journey where it stops being about skill and starts being about grit.
There were nights where I made zero progress. I stared scans for hours, chased dead ends, ran exploits that didn’t work. I felt stupid. I doubted myself constantly.
But I kept showing up. Even if it was just an hour. Even if all I did was clean up notes. Because momentum matters. And if you can keep moving, even when it sucks, you win in the long run.
I also learned the value of rest. Burnout is real, and it hits hard. Taking breaks real breaks helped me come back sharper. Whether it was going for a walk, gaming for a bit, or just talking to someone outside the infosec bubble, stepping away was sometimes the smartest move.
This cert tests your patience more than your technical skill. And that’s by design because as OffSec says: Try Harder. And honestly, that motto couldn’t be more accurate. It wasn’t just about hacking it was about showing up, staying focused, and pushing through the doubt. When I got stuck, I learned to look elsewhere, take a break, reset but never give up. Just regroup, and Try Harder.
The Exam: Controlled Chaos
When exam day came, I was nervous but not panicked. I treated it like a routine engagement. I had snacks, water, a checklist, and a clear plan in front of me one I had refined and rehearsed during practice runs. Getting a full night's sleep beforehand and scheduling the exam for early morning helped me stay sharp from the beginning.
I kicked things off with recon: let the scans run, reviewed notes, mapped out targets. My strategy was to start with the Active Directory machines while my mind was still fresh. I knew from the start that if I didn’t make solid progress within a few hours, I’d shift focus to standalone targets rather than waste time spinning my wheels.
Throughout the day, I kept a strict internal clock. I had given myself time limits for each phase foothold, escalation, and post-exploitation and when the timer ran out, I moved on. That structure saved me from getting stuck in rabbit holes. I took short breaks, got up to stretch, drank water, and kept my energy steady. It was a long haul, and pacing myself was just as important as technical skill.
The hardest part was ignoring the clock. You feel it ticking, always. But I stayed grounded. When something didn’t work, I moved on. When I got root, I immediately documented everything.
The machines weren’t magic. They were just puzzles. Tough ones, sure. But fair.
In the end, it took me ten hours out of the 24-hour window to reach 80 points. I resisted the urge to crash. Instead, I double-checked everything then I started writing the report.
The Report: Where It All Comes Together
The report is not just paperwork. It’s your proof. Your chance to show OffSec that you didn’t stumble through the exam you knew what you were doing.
I used a clean, consistent format. Clear headings. Accurate commands. Highlighted impact and exploitation steps. I re-ran exploits on my practice machines just to confirm commands. I even copy-edited my report like it was going to a client.
It was the most important part of the whole process. And it’s what passed me.
Aftermath: What It Gave Me
When I got the email saying I passed, I didn’t scream maybe just a little bit or jump. I just exhaled. Deeply. Like I’d been holding my breath for weeks.
More than pride, I felt changed. I was more confident. More focused. Not because I knew everything but because I had been through something. Something difficult, painful, and transformative.
OSCP+ gave me more than technical skills. It gave me discipline, clarity, and a deeper respect for the work. I don’t see boxes the same way anymore. I don’t approach problems the same. I think bigger. I dig deeper.
And if you’re reading this, wondering if you’re cut out for it let me say this: you don’t have to be brilliant. You just have to be consistent. Keep going. Take notes. Own your process. Fail better every time. And Try Harder
You’ll get there I promise you that!
Kommentarer
Skicka en kommentar