My 2 year OSCP journey is finally over!

griffondggriffondg Posts: 39Member ■■□□□□□□□□
Received the glorious email this morning that I had finally passed. As the title states, I signed up for 90 days of access back in April of 2015. Was gung ho for a couple of months and then work, family, life intervened and I sort of half-assed my effort for the next 9-10 months, getting an extension or two but not really making more than token progress. Finally got serious about a year ago and took the exam...and failed hard. Took it THREE more times and came close to passing but couldn't get over the hump (insanity is doing the same thing over and over again and expecting different results). Put it aside again until February this year and I decided to start over from scratch in the labs and purchased 90 days. That was a very good decision and I learned so much more this time and really dedicated every waking moment out of work (and some at work!) to perfecting my methodology. Took the exam this weekend and got two full shells and two partial shells so I knew it would be VERY close, depending on how they score the partial shells. Including the 10 points for lab report and exercises I figured I had a minimum of 65 points and a maximum of 75, so was sweating waiting to get the email. Obviously I had enough.

It's frankly embarrassing to tell people you failed an exam multiple times, but let me tell you it's all worth it now.

Comments

  • UnixGuyUnixGuy SABSA, GCFA, GPEN, CISM, RHCE, Security+, Server+, CCNA Posts: 3,961Mod Mod
    Well done! you didn't give up, and you got what you wanted. Now it's safe to say that your material very well

    Congratulations!!
    Goal: MBA, March 2021
  • JoJoCal19JoJoCal19 California Kid Posts: 2,772Mod Mod
    Congrats on the pass man! Good on never giving up!
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Posts: 332Member ■■■□□□□□□□
    Congratulations. How would you say your methodology changed?
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • griffondggriffondg Posts: 39Member ■■□□□□□□□□
    Thanks guys!
    SaSkiller wrote: »
    Congratulations. How would you say your methodology changed?

    When it comes down it, passing the exam comes down to methodology and enumeration - you can get away with poor methodology in the labs but it will kill you on the exam. What do I mean by that?
    1. I used to scan a system and see something intersting like a web app running on port 80 and I was off to the races, looking for login pages, potential sql injection, etc and could easily spend hours going down a rabbit hole only to find out that there was another obvious atatck vector I overlooked because I jumped in without looking at the big picture on the server. There is an awesome post on the offsec forums where they break down an attack on one of the lab servers and it really opened my eyes.
    2. For privilege escalation don't just run one of the common priv esc scripts out there and expect it to do the work for you. They are good but they have limits and you need to understand how to manually enumerate a target.
    3. Don't assume just because a tool tells you X service is running on X port that it's true. You can make a banner say ANYTHING so always investigate all open ports even if they appear uninteresting. I can't go into specifics but let's just say this one bit me.
  • NetworkNewbNetworkNewb They are watching you Posts: 3,237Member ■■■■■■■■■□
    Congrats Griffon!
    GCIH | CCNA:Sec | Net+/Sec+/A+ | CCSK
    Goals in progress: MSc in Computer Science (specializing in Cyber Ops) , CISSP
  • JoJoCal19JoJoCal19 California Kid Posts: 2,772Mod Mod
    griffondg wrote: »
    Thanks guys!


    There is an awesome post on the offsec forums where they break down an attack on one of the lab servers and it really opened my eyes.

    Unless it violates their ToS, if you could copy that post scrub any specific machine identifying information, and post it here that would be awesome. It would really help to understand the flow of attack and way to attack the machines in the lab.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • griffondggriffondg Posts: 39Member ■■□□□□□□□□
    JoJoCal19 wrote: »
    Unless it violates their ToS, if you could copy that post scrub any specific machine identifying information, and post it here that would be awesome. It would really help to understand the flow of attack and way to attack the machines in the lab.

    The post is so detailed that I don't really think I can do it justice by summarizing. Seriously, it's 3 pages of forum posts dedicated to exploiting one machine!
  • JoJoCal19JoJoCal19 California Kid Posts: 2,772Mod Mod
    griffondg wrote: »
    The post is so detailed that I don't really think I can do it justice by summarizing. Seriously, it's 3 pages of forum posts dedicated to exploiting one machine!

    Can you give me a thread number or title? Will be signing up after my CISA and PMP exams are done in the next 2 months or so and would like to reference it.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • dialecticaldialectical Posts: 55Member ■■□□□□□□□□
    I would fail this exam no matter how many times I took it. Not embarrassing. This is a serious achievement!

    Also you have something to talk about if asked in an interview about "a time that you overcame failure".
  • griffondggriffondg Posts: 39Member ■■□□□□□□□□
    JoJoCal19 wrote: »
    Can you give me a thread number or title? Will be signing up after my CISA and PMP exams are done in the next 2 months or so and would like to reference it.

    It's at htttps://forums.offensive-security.com. Once you register for the course you will get access to it under: Pentesting With Kali > Lab Machines > Public Network > 10.11.1.71 and it's the sticky at the top of the page.

    Good luck!
  • griffondggriffondg Posts: 39Member ■■□□□□□□□□
    I would fail this exam no matter how many times I took it. Not embarrassing. This is a serious achievement!

    Also you have something to talk about if asked in an interview about "a time that you overcame failure".

    If you want it bad enough you can pass it so don't sell yourself short!
    I'll have to remember that the next time I'm in an interview, lol
  • MooseboostMooseboost Senior Member Posts: 773Member ■■■■□□□□□□
    Congrats on the pass man. That is definitely some persistence.
    2019 Certification Goals: OSCE OSWE
    Blog: https://hackfox.net
  • Blade3DBlade3D Posts: 105Member ■■■□□□□□□□
    Congrats man, this seems to be the exact same thing happening to me. I signed up for 90 days back in July or August of 2015, didn't get through much. I then signed up for 30 days 2 more time in the next 5-6 months and didn't accomplish anything really. I've been considering getting another 30 days, busting my ass, and getting through it. This is a cert that really interests me, it's just hard to dedicate the time.
    Title: Systems Designer
    Degree: B.S. in Computing Science, emphasis Information Assurance
    Certifications: CISSP, Network+, Security+, OSWP
  • griffondggriffondg Posts: 39Member ■■□□□□□□□□
    Thanks guys
    Blade3D wrote: »
    Congrats man, this seems to be the exact same thing happening to me. I signed up for 90 days back in July or August of 2015, didn't get through much. I then signed up for 30 days 2 more time in the next 5-6 months and didn't accomplish anything really. I've been considering getting another 30 days, busting my ass, and getting through it. This is a cert that really interests me, it's just hard to dedicate the time.
    I totally understand. I have a wife and 3 kids so finding time and motivation was always a struggle. In the end I just forced myself to dedicate time and effort to it to get it done. If I were you I would set an exam date to force yourself to get prepared. Even if you fail you will learn so much during the exam and hey, the retakes are only $60 each. Believe me, I know ;)
  • ChilltechChilltech Posts: 8Member ■□□□□□□□□□
    Congrats man! No shame in failing trying to achieve something great. much respect.icon_thumright.gif
  • Blade3DBlade3D Posts: 105Member ■■■□□□□□□□
    Thanks, I've been considering reupping after my vacation this weekend. I could spend June working on it and take it the 4th extended weekend. I'm leaning heavily towards doing this, just don't want to waste anymore money. I passed the CISSP almost 2 months ago so I need to start working on something. I'm also considering getting a Master's degree from WGU but I don't really have the money at this time, thinking I'll wait and hopefully find a new job that would pay for most of it.
    Title: Systems Designer
    Degree: B.S. in Computing Science, emphasis Information Assurance
    Certifications: CISSP, Network+, Security+, OSWP
  • chrisonechrisone CISSP, eCPPT, CCNP RS, CCDP, CCNA SEC, LFCS Posts: 1,828Member ■■■■■■■■□□
    griffondg wrote: »
    It's frankly embarrassing to tell people you failed an exam multiple times

    its only embarrassing if you quit and gave up after failing. icon_thumright.gif

    Congrats on your victory! It was a long and tough road but I am sure you learned a few things about how to stay focused etc
    2019 Goals:
    Courses: Real World Red Team Attacks- AppSec Cali 2019 (complete), Active Directory Attacks for Red and Blue Teams Advanced Edition - BlackHat,
    Certs: SLAE, Certified Red Team Professional - Pentester Academy (in progress), Certified Red Team Expert - Pentester Academy
  • Dr. FluxxDr. Fluxx Posts: 98Member ■■□□□□□□□□
    You would probably make one of the best teachers out there as a tutor for the exam.
    Id say youre a valuable asset.
  • griffondggriffondg Posts: 39Member ■■□□□□□□□□
    Thanks for the love, guys! I mainly posted my story so others in the same boat know that it's possible to tame this beast if you really want it. Just received my certificate in the mail yesterday and let me state again it's all worth it :)
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+ Posts: 314Member ■■■■□□□□□□
    Grats on the hard work, learning, and win! :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, CCNA Cyber Ops, Sec+
    2019 goals: GWAPT, Linux+, SLAE (possible: SEC573, CCSP, Splunk F&PU)
  • JasminLandryJasminLandry Posts: 601Member
    Congrats on the pass! Good to know you didn't give up and kept going at it.

  • golab011golab011 Posts: 2Registered Users ■□□□□□□□□□
    Did you met that "lazy admin" too ? :)
  • griffondggriffondg Posts: 39Member ■■□□□□□□□□
    golab011 wrote: »
    Did you met that "lazy admin" too ? :)

    I did on the exam before and didn't get I but after looking at my notes I think I figured out how to get a shell and was hoping to get it again.
  • golab011golab011 Posts: 2Registered Users ■□□□□□□□□□
    I also thought same after first encounter, but second time met him again without success
  • Paolo264Paolo264 Posts: 13Member ■□□□□□□□□□
    Never ever ring the bell... well done.
    CISSP | CRISC | ISO27001 Lead Implementer
Sign In or Register to comment.