I started the OSCP course back in 2017 and took the test on April 18th, 2018. I finished 35 machines in the lab before taking the test. I didn’t study hard enough on the buffer overflow part of the course. I thought I knew everything and could just handle all the machines on the test except the one involving buffer overflow. I was naive and wrong. I completed a 10-point and a 20-point machine. I obtained local.txt on the 25-point machine without buffer overflow, but struggled to escalate to root. In hindsight, I should have taken the time to start the buffer overflow machine. I completed and submitted the practice report, but needless to say, I failed.
Looking back, failing was a blessing because I didn’t realize how much I still had to learn. To practice more, I worked on various Hack the Box machines and completed all the Virtual Hacking Lab machines. Along the way, I also read many books listed under my book menu. I was preparing to retake the test when SANS offered the mentored GPEN course locally. I knew this would be my only chance to take it, as my job doesn’t allow me to take five consecutive days off since I work as the sole IT admin for two small companies. I took the course and passed the GPEN on July 26th, 2020. This was during the Covid pandemic, and I had to go into work to keep the two companies running remotely. It was a lot of work.
I was preparing to retake the OSCP test when they released their new 2020 course, which was said to have more Active Directory content. I started the course and completed my first lab machine on November 3rd. I finished all 70 lab machines on March 30th, 2021. By then, I was somewhat burned out from dealing with work and learning. I decided to relax during the summer before attempting the test again. My goal is to pass the OSCP, but my main objective is to learn and have fun with it.
In September 2021, I decided to take the eJPT test to get back into the groove, and I passed it easily. This motivated me to take the eCPPTv2 test because I wanted to improve my penetration testing skills in corporate networks. I also had a voucher for the test that I had bought a long time ago, so I figured why not use it. Someone recommended completing the Wreath network on Try Hack Me to enhance my pivoting skills. I really like the Try Hack Me site and wish I had started with it. I would recommend this site to anyone just starting out. I finished the Wreath network and took December off to participate in this year’s KringleCon. I have been participating since 2018 and really enjoy it. After KringleCon IV, I decided to pay for the Throwback network on Try Hack Me and completed it. It was a fun network to work on, and I was lucky to have very few, if any, people on my network at the same time.
I am waiting to schedule the eCPPTv2 test in a couple of weeks once I complete my major projects at work (Passed 05/06/2022). After that, I need to see what the new OSCP exam requires, as they have changed it this year. Learning new things is a big part of this journey, but I really want to complete that test. Regardless, I have thoroughly enjoyed the learning path it has taken me on. If I hadn’t tried it many years ago, I would have never discovered my passion for information security and playing CTFs.
Orville's Security Blog 