OSCP by OffSec | An Odyssey

Hello fellow hackers,

I earlier achieved one of the most sought-after cybersecurity certifications from the OffSec library: the Offensive Security Certified Professional (OSCP). If that name sounds familiar, you're in the right place. 

This blog post has been long overdue, as I completed my certification in April 2023. Here, I'll share my approach and journey, my odyssey towards acquiring this certification. Given the abundance of documentation and references already available for OSCP, I'll keep this review concise.

I've had my eye on this certification since my college days, around 10-12 years ago, when InfoSec as a domain was nearly non-existent in India, and I wasn't certain of getting a break in this field. Fast forward about 4 years after graduating (~2018), I finally began my initial preparations before purchasing the course bundle.

I used below course & labs for preparation:

  • Completed below OverTheWire wargames 
    • Bandit : Linux command line fundamentals
    • Natas: Basics of web application security
    • Leviathan: Basics of privilege escalation on nix systems
    • Narnia: Basics of binary exploitation

Despite completing my preparations, I was unable to proceed with purchasing the course due to work commitments, and the certification remained on my wishlist for a few more years. In the meantime, the course underwent significant changes, such as the addition of the Windows AD set and the removal of Buffer Overflow. Consequently, I pursued the CRTP course and certification from Altered Security.

Finally, in February 2023, I resumed my preparations. By this time, I had already gained significant field experience and immediately dove into solving the machines from the OSCP training bundle. I successfully tackled over 30 machines (as it was a prerequisite for earning 10 marks).

Fortunately, I was able to secure an exam slot within next few days in mid of April 2023, and the exam started on a weekday around 3:00 PM. By 8:30 PM, I had solved 2 independent machines, including an hour break for a nap. After resuming at 10:30 PM, I managed to solve the AD set by 12:30 PM. By this point, I had already secured more than the required passing marks, so I decided to get some sleep.

The next day, I had to return to the office. Having already secured passing marks, I closed the exam and awaited the confirmation email below.

And got the certification:

Happy Hacking!