Preparation

Throughout my preparation for the OSCP exam, I read many blog posts by others describing their experience at a high level. I thought these were very useful, as everyone knows that the majority of the difficulty associated with the exam is the mental aspect. I thought I’d pay it forward now that I have officially passed the exam, and I hope someone else will find some value in hearing my experience.

I scheduled my exam originally for November 30th, 2024, after I had completed the PEN-200 course with the three month lab access. I was studying hard essentially every day for a few hours switching between HackTheBox and Proving Ground. I used the Lainkusanagi OSCP Like spreadsheet to ensure I was working on machines that correlated with the exam difficulty. I found there were many machines on this list and the TJ Null list that were very difficult for me to solve without hints, but after reading some similar thoughts from others on the r/oscp subreddit, my mind was at ease. About two weeks before the exam, I felt like it was getting a bit tough to continue putting in the same amount of effort into my consistent studying, so I knew it was time to take my first attempt. I checked the exam availability and I was able to bump my exam date up a week for Friday, November 22nd at 3pm. I read a lot of discussion about how many people believe the best time to start the exam is in the morning, but I thought it was better to do it that week at 3pm rather than a week later at 9am.

Exam Day

I got connected with the proctor smoothly and I was ready to go for my 3pm start time. Since my exam was after November 1st, the exam format had changed to the OSCP+. This means that there are now partial points for the Active Directory portion, so it wasn’t crucial to start there; however, I believe AD was the portion of the exam that I was most prepared for, so I started there anyway. I was actually surprised to have the success I had so quickly on the AD portion. I had all 40 points within about an hour and a half, so I was feeling great! This great feeling didn’t last long though.

I was stuck, and I mean stuck, on finding a foothold into all three of the standalone machines. With the clock ticking and finding myself retrying multiple tactics without success, I started to feel the anxiety that I’m sure many people before me have felt in this exam. It gets so difficult to continue to remain focused when that voice in the back of your head continues to say “well, it’ll be a second attempt for me”. My wife came home around 7:30pm and she could tell I was already frustrated. I took the advice from all the others that have wrote this exam before me and sat down to have a nice supper and watch some TV together. I’m surprised how easy it was to put the exam out of my mind for that hour and half break. I think I needed it!

I came back to my desk after an episode of Severance on AppleTV+ (good show!), and got back to work. I had some new ideas to try and I got a foothold on one of the machines within 30 minutes. It was something I overlooked, of course. Soon after that I had the machine rooted. I wasn’t exactly thrilled at this since this meant I still needed to gain access to one of the two other standalones that have been stumping me for hours.

It was around 11:30pm when I finally got a shell on standalone #3, and rooted the box soon after. That makes 80 points, so I was thrilled! This also meant I could have a full night’s rest and write the report with access to the exam environment — making report writing much easier. I had to remind myself at this point that the point total doesn’t mean I passed. I still have to give all my effort to make a professional report and leave no doubt in the opinion of the exam graders.

Results

I submitted my report at noon on November 24th, and received the congratulatory email on November 25th at around 5am. It was an awesome email to wake up to on a Monday morning.

I learned a lot about myself from going through the preparation for this exam and the high-stress environment of the exam itself. I was so frustrated and being so hard on myself for not being able to gain access to any standalones after a couple hours of trying. There’s a reason this exam gives you 24 hours, and if I had just slowed down and stopped listening to that anxiety-fueled voice in the back of my head, I could have gained access a lot sooner. That’s why I believe this exam is so infamous and required on many job boards. It teaches you to persevere in a pressure-cooker and let your study habits take over. Maybe that’s being too symbolic about this exam, but I don’t care! Overall, I think it was a great, necessary experience and I look forward to attempting PEN-300 sometime soon.