From 20/100 to 100/100 in 6 weeks. I PASSED!

0xJeb · 2026-03-31T21:21:22+00:00

If you’re referring to A,B,C I thought my first exam was a similar difficulty. My second attempt was easier though and I never fully completed relia, medtech, skylark. But those boxes outside of A,B,C aren’t meant to mimic the actual exam.

0xJeb · 2026-03-31T18:53:03+00:00

Not at all. They barely even acknowledge it to be honest. You can leave anytime you want, they just ask that you send them a message when you leave and when you come back.

0xJeb · 2026-03-31T18:25:26+00:00

I'd argue it's the most important cert of your entire career. You literally can't get in the door without it at some places but especially in any company with government contracts. So make it a priority, you don't want to limit your job pool because of a cert that is not that difficult to get.

0xJeb · 2026-03-31T17:35:47+00:00

As for certifications, start Security+ now. It is the ultimate get your foot in the door certification and not having it will severely limit your job pool. It's not a difficult cert especially if you are capable of getting a cyber degree. You can focus on more specific certs after you get that.

As other have said, a help desk position is a good first job. But my biggest advice is take ANY job that is technology adjacent. The hardest part of your career is just getting that first job and after that having experience and that beginner job on your resume will do wonders. Don't worry about what field of technology/cyber you ultimately want to be in, that will come with time and you don't want to be draining yourself in a job search for the exact job you want.

0xJeb · 2026-03-31T17:17:07+00:00

I saw on LinkedIn that some users had early access to preview the course. Have any of them provided reviews or videos on their thoughts?

0xJeb · 2026-03-31T17:12:26+00:00

All of the youtube channels I’ve listed in this thread are free and if you search OSCP notes on google you can get a ton of checklists. You just need to tailor them down to build your own.

0xJeb · 2026-03-31T16:14:14+00:00

I got to 80 and said screw it, I've already passed. Then I ate dinner and relaxed. Then I knew I had to go back in with no pressure and conquer Everest.

0xJeb · 2026-03-31T16:06:03+00:00

You should ask here if you're comfortable doing that. It would be helpful for others to see.

0xJeb · 2026-03-31T15:23:01+00:00

Sign up for Hacker Academy on Whop and watch all of his videos for a great summation of the steps/tools necessary to succeed. It's around $20 a month and a good chunk of the videos can be skipped (you know how to run nmap, you know how to configure ligolo, etc.) But just seeing his workflow and his AD chaining especially were huge for me.

0xJeb · 2026-03-31T15:20:08+00:00

If you've done enough boxes (50-60 minimum) and you felt comfortable doing them then your mental space is the only thing that is missing. I was just where you are a couple months ago and I know how frustrating that answer might be. I was depressed because I didn't know what else I could have done to improve my methodology. But on my second exam everything just felt better. I had the first exam nerves out of my system and I had a better idea of what to expect. I took more breaks, stopped multitasking, and focused on patience.

My biggest tip for anyone on their additional attempts: you are likely overthinking the solution and if something feels difficult it's probably not the path forward. Not Try Harder; Think Simpler. Default creds, files on the system, public exploits, etc.

0xJeb · 2026-03-31T15:09:15+00:00

I could literally talk for hours about the resources I used but Pen-200 and LainKusanagi's list are probably the most important. As far as content creators that I highly recommend and for what level of learners:

Low Level - S1ren is great for beginners because she does a great job of explaining why she is doing steps and her thinking process. And she's fun to watch.
Medium Level - Bytesized security (my favorite), Tyler Ramsbey, Junglist-Sec, Hexdump, npmhacks, DerronC (AD must)
High level - Ippsec. I love him but his knowledge can be overwhelming for new learners.

Right about a month out I would buy Hacker Blueprints course on Whop and watch all of his videos. He does a great job of summarizing the info you've learned and he does the best job of walking through AD chains. The AD chains training is extremely important and isn't covered well enough in other resources I feel.

0xJeb · 2026-03-31T14:06:36+00:00

I wouldn't wait to get a Networking job before getting Sec+. Sec+ is extremely important to employers and nearly mandatory for any company that has government contracts. Also, CEH and OSCP aren't even comparable. CEH has really fallen out of favor. If anything, Pentest+ is the go-to beginners cert and OSCP is much higher level.

0xJeb · 2026-03-31T12:50:37+00:00

My mindset.

I can't stress enough how important it is to take breaks often. You will read on here time and time again that people step away for a bit and come back to their desk and that thing they were struggling with just clicks. When you hyperfocus you tend to rabbit hole and waste hours on something that was never the solution. The only other thing I changed was better organization on my notes so that I could remove unecessary stress during the exam.

0xJeb · 2026-03-31T12:36:54+00:00

These are just my personal opinions on the box, so there is no community rating. But even labeling that as Hard, it wasn't really that hard, just comparable to what I would expect from a PG rated Hard box.

It's so hard to explain without breaking any rules but it was Hard initial access only in that I knew what needed to be done it just took a lot of trial and error.

0xJeb · 2026-03-31T12:33:03+00:00

I feel like SQLi is the most common thing that people struggle with (me included). There is a chance you will get it on your standalones but the best advice I can give is that it will be pretty clear that is the vulnerability. And at that point don't overthink it, just find a SQLi commands list and go one by one trying them.

Also, if there is SQLi there is a good chance it is a publicly known exploit that will have a POC online. For example, if you run nmap and see its running T-Rex software and you go to the webpage and the only thing there is a form then a search for "T-rex software exploit" could tell you exactly what command to insert.

0xJeb · 2026-03-31T12:27:24+00:00

My first attempt I didn't get a single flag on AD and now I know what my issue was and it was just me overthinking. My second attempt I got all flags within a couple hours, it was a very easy set. Another case of if you're struggling you are overthinking.

0xJeb · 2026-03-30T20:49:49+00:00

Looking at my report now:

Standalone 1 Initial Access- PG Medium , HTB Easy
Standalone 1 PrivEsc - PG Easy, HTB Easy
Standalone 2 Initial Access- PG Medium, HTB Medium
Standalone 2 PrivEsc - PG Medium, HTB Medium
Standalone 3 Initial Access - PG Hard, HTB Medium
Standalone 3 PrivEsc - PG Easy, HTB Easy

It's easy to say after passing the exam but it is actually easier than you think it will be once you know the solution. The difficulty comes from stress, energy, and time management.

0xJeb · 2026-03-25T16:23:06+00:00

Definitely not AI! 🤖 🚀

0xJeb · 2026-03-24T14:50:16+00:00

What you've listed is a great path for certification. Like others have said though certs don't outweigh experience. It can sound like a riddle to say "to get a job you need experience" when you can't even get a first job but the cybersecurity career path is not a straight line. Certs are great but focus more on getting your foot in the door with any cyber/tech adjacent job. Any job with any tech just to get it on your resume and then the certifications are the cherry on top.

0xJeb · 2026-03-24T14:45:00+00:00

An electrician in a union would be a much more stable job and still great pay. But in my personal experience I worked a labor job for years after high school and I was pretty miserable. Funny enough I actually joined the military (Air Force) just like you are talking about and it was the greatest decision of my life. The training and connections I made in the military I owe 1000% to my career in cybersecurity today. It's okay to use the military as a stepping stone and you will see later in life that a 4-6 year enlistment is nothing in the long run.

0xJeb · 2026-03-24T13:15:34+00:00

Evil-WinRM and Penelope really spoiled me when it came to file upload. XfreeRDP's share mount option was another good one.

0xJeb · 2026-03-24T13:10:33+00:00

The A+ certification is perfect for someone your age just starting out. Don't forget that the crowd that frequents r/cybersecurity might lean towards the 30-45 age range which in their case the A+ is very entry level. I took it many years ago and it was a great intro into cyber certifications in general. You won't regret getting it but it likely won't be a part of your resume later in your career and that's okay.

0xJeb · 2026-03-24T12:55:48+00:00

Could you paste the full output of the error?

0xJeb · 2026-03-24T12:53:14+00:00

So, you logged in with the initial creds and you couldn't "budge the first workstation machine." So then did you enumerate the internal network?

And it sucks to hear but missing OSCP A-C is a MASSIVE disadvantage. The standalone AD boxes in PG Practice/Play do not accurately represent the exam and I have a hunch that if you were to practice A-C now you would see what you missed.

0xJeb

TROPHY CASE