I have finally earned my OSCP certification, and I figured I’d update the ol’ blog with a couple thoughts of what I really think helped me out mentally. This post will not serve as a guide for specific tools, techniques, or tactics — rather to explain my mindset through out the entirety of my time working on the course, and why I think it helped me.
Remember that OSCP is an entry level certification
The Offensive Security Certified Professional is really considered an entry level certification in the industry when you think about it. When I looked at it like this, the intimidation factor went down considerably. After OSCP, there are specific courses such as wireless penetration testing, web app, exploit development, etc.
Don’t pay attention to other people’s efforts
Forget about how many attempts it took someone else. I’ve talked with other folks also pursuing the OSCP and so many of them get psyched out by the amount of times other people fail. You’re not that person, so don’t get the thought in your head that you’re going to need several exam attempts to pass.
Find your weakness and fix it
Throughout the lab network, I assessed what I was doing well and what I was doing poorly. I came to realize a big weak point was Windows privilege escalation. Because of this, I followed tutorials online, bookmarked several Windows privesc posts, and made sure I had a mental checklist of things to check when I had user shell.
Find a community for support
I came across several communities where I could bounce ideas off of people, get motivation, and talk shop with folks. VetSec on Slack, The Cyber Mentor & PWK / OSCP Prep on Discord were the servers I joined. On these servers there is almost always someone up and willing to help answer a question if I needed some help or a little nudge in the right direction towards a lab machine. I really think that this is helpful for people actively working on the PWK course work and the lab machines. You get to see other people struggling and help them out, and vice versa. It’s good to suffer together.
That’s really all the advice I can give that I think helped me out mentally with all this madness. There are a million different blogs which will highlight how to pass, but there is no one cookie-cutter way to succeed. I just worked hard, identified my weaknesses, and made sure I understood all the steps in penetration testing.