My version of the r/oscp subreddit story "I passed OSCP+ on my first attempt"
When I pick up a new skill (or start chasing a new cert), I tend to rely heavily on Reddit—like many of you probably do too. My favorite posts? “I passed the exam” and “I failed the exam.” They’re real, raw, and full of advice that doesn’t sound like marketing. And this is my journey.
After getting into cybersecurity, I realized one thing: if I stop learning, I’ll become just another outdated, mid-age tech guy. So I kept pushing. I started with Security+, eventually worked my way to the CISSP, and then… the idea of the OSCP came along.
I honestly don’t remember the exact moment I decided to go for OSCP, but I definitely remember the first time I caught a reverse shell. That moment changed everything. I knew I wanted to specialize in one domain—ethical hacking—and I was willing to sacrifice my free time to get good at it.
What is OSCP+?
The OffSec Certified Professional+ (OSCP+) is a hardcore, 24-hour practical exam designed to test your penetration testing skills. You’re given 6 machines: an Active Directory (AD) set (3 machines) and 3 standalone boxes. After the exam, you get another 24 hours to submit a professional-grade pentest report.
As of November 2024, OffSec changed things up a bit:
- Passing now earns you both OSCP and OSCP+
- OSCP+ expires after 3 years
- The AD section now has a breach scenario: you’re given a set of credentials, and partial points are available across the three AD machines
- Lab bonus points (10 pts) are no longer offered
The judgement Day
08:00 – Logged in. I started with the AD set because it’s the area I was most confident in. I took my time with enumeration.
15:00 – Still had nothing. None of my usual tricks were working. Panic mode activated. I was already planning my retake. So I took a break.
16:00 – Came back with a different mindset. Treated the exam like a practice run. Switched to the standalone machines—and things started to click.
21:00 – Two standalone boxes completed. Confidence coming back. Jumped back to the AD set.
23:00 – Found something I had completely overlooked earlier. Feeling cool. Got halfway through the AD set.
01:00 – Landed a foothold on the last standalone. Saw a privesc path I knew well. Executed. BOOM, collected enough points.
After that, I wished I could’ve kept digging into the AD set… but instead, I spent the rest of the night making sure every screenshot was in place, every note was clear, and my report was flawlessly put together.
Becoming OSCP
This exam tested more than just hacking skills. It tested persistence, creativity, and the ability to stay calm under pressure. Passing it means you can:
Enumerate and identify systems/services like a pro
Write and tweak your own tools and scripts
Fix, modify, and port exploit code
Exploit both remote and local vulnerabilities
Escalate privileges on Linux & Windows
Pop XSS, SQLi, and file inclusion vulns in web apps
Pivot through networks using tunneling techniques
What I Learned
Here’s a list of the skills and tools I sharpened during this journey:
Kali Linux & CLI mastery | Bash / Powershell scripting | Passive & active recon | Vulnerability scanning | Web app hacking | Client-side attacks | Using/fixing public exploits | File transfers & AV evasion | Privilege escalation techniques | Password attacks | Tunneling & port redirection | Active Directory attacks | Metasploit | Burp Suite
Preparation and materials
Besides the official OffSec course materials from the PEN-200, a few other platforms and resources helped me out tremendously during my OSCP+ journey.
Try Hack Me – Jr Penetration Tester Path, the Windows and Linux privesc rooms are gold
LainKusanagi list | TJ Null list, These two lists are the keys to winning. If you’re hunting for lab machines that mimic the OSCP vibe, look no further.
HackTricks, An absolute Swiss army knife of knowledge. Whenever I felt stuck or needed a quick recon on a technique, HackTricks came to the rescue.
Orange AD Mind Map, A visual cheat code for Active Directory. Helped me see the big picture and think like an attacker in AD environments.
Youtube IppSec HTB playlist and S1REN Proving Ground playlist
TCM Security Academy, may help if you like structured training with video content.
Final Thoughts
If you’re thinking about OSCP+, my advice is simple: respect the process. Don’t just aim to pass—aim to understand. Learn from every box, every failed exploit, every rabbit hole. It’s not just about getting the cert; it’s about becoming someone who can walk into any environment and think like an attacker.
And when you finally catch that last shell in the exam, trust me—you’ll know it was all worth it.
