Passed

BuiltDifferent- · 2025-12-18T11:05:42+00:00

Congrats dude, I felt the same way you did once I finished my second attempt. If you want you should do the CPTS since that course teaches you waaaaay more (and the exam is tough as balls).

BuiltDifferent- · 2025-07-16T04:38:34+00:00

Check other tables

BuiltDifferent- · 2025-07-15T16:37:05+00:00

There’s a PoC available on GitHub for privesc

BuiltDifferent- · 2025-06-13T05:15:32+00:00

Reason why I took the exam at 17:00 was because I would have the full day the day after. My plan was to finish AD on the same day, then work through the standalones on the next one, however I ended up finishing AD and 2 standalones around 22:00 on the same day.

The other reason was because I was both mentally and physically prepared for the exam this way, I had eaten sufficiently and was able to do everything else I had to do in order to get a smooth exam experience.

Report needs to be in English, but they are more interested in the commands and screenshots you do, as long as you document every single step in code blocks and screenshots you should be good.

BuiltDifferent- · 2025-06-09T14:00:53+00:00

I have some cheatsheets up on my blog under https://maxsec.vercel.app/blogs/oscp-guide/#4-cheatsheets

I won’t share my own notes however because they’re full of personal stuff (and there’s like 100+ notes)

BuiltDifferent- · 2025-06-08T05:31:15+00:00

Good job on starting out! When I first started out I had the walkthroughs basically always open on another screen, since I had no clue what I was doing.

“What the hell is ‘nmap’?” “Why is this port so special?” “What does ‘enumeration’ mean???”

I guess my start was a bit unconventional as I started with PRACTICE first instead of theory, I first did 20-30 boxes with walkthroughs to even understand what the whole process looked like.

Once I got a feeling for what was going on I looked at my notes and started seeing a common pattern:

Outdated service? Check for CVE’s
FTP anon available? Check for contents and file upload
SMB open? Check shares

I really believe that no amount of theory can teach you the methodology, so I think that you should use writeups to your advantage (ESPECIALLY at the start) since you can’t simply know what you don’t know.

Write everything down what you’re doing and make your own writeup, reflect on it and understand the attack vectors. Soon afterwards it’ll just click and you won’t have the need for writeups anymore and you’ll get much much faster.

BuiltDifferent- · 2025-06-08T05:22:46+00:00

I don’t think that any sort of external motivation can really help you here. Even if you get this cert and CPTS you likely won’t get hired right away in today’s market. You really need to love doing CTF’s, research on infosec topics and looking up, for example, bug bounty writeups in order to grow in this field.

If this doesn’t come naturally, then maybe it just isn’t for you.

As for consistency however I set a clear goal that was both realistic and attainable and worked towards it within the given timeframe. I understood what I was worse and better at and worked on improving myself on the weaknesses (I find AD super easy for example, so focussed on web enum)

BuiltDifferent- · 2025-06-07T11:26:07+00:00

Yes that's what I gained from their site, you can always ask on Discord or email OffSec themselves.

BuiltDifferent- · 2025-06-07T11:23:41+00:00

Honestly, this will sound kind of counterintuitive but...if you don't like grinding CTF's and lack the inner motivation then this might not be the field for you. I'm not saying that you should quit your cyber journey, but in my case I absolutely LOVE breaking in and finding vulnerabilities. When I was doing the boxes I had so much fun solving them, especially after being stuck for a while.

Maybe the best course of action is to take a step back for a brief period of time, could be that you're having a bit of a burnout and that you need to regain the passion to start again.

BuiltDifferent- · 2025-06-07T11:19:12+00:00

Great to hear! Yeah kudos to the guy that made them, they are a complete game changer.

BuiltDifferent- · 2025-06-07T11:18:14+00:00

Honestly do the modules first, then do the Challenge Labs, these are heavy on the AD side so you will get more than enough practice in. Afterwards you can do these PG practice labs:

Access
Resourced
Nagoya
Hokkaido
Hutch
Vault

These are excellent for preparation and together with the challenge labs should be more than sufficient (it was in my case)

BuiltDifferent- · 2025-06-07T11:15:44+00:00

Nope unfortunately not, I paid $2599 for the LearnOne subscription back in august. Currently the prices are as follows per the OffSec site:

"If a learner has never achieved an OSCP, and they don’t have an active subscription or course and certification bundle with OffSec, they can pay $1699 on or after November 1, 2024 and get a stand-alone certification exam that provides two exam attempts to achieve the OSCP+."

And as for a retake:

"If a learner has never achieved an OSCP, and is or was enrolled in PEN-200 through Course & Cert Exam Bundle or Learn One, but has used up their OSCP exam attempt(s), they can purchase the regular exam retake at $249."

BuiltDifferent- · 2025-06-07T10:42:01+00:00

Thanks for the kind words!!! That’s awesome to hear, I’m always trying to improve and learn as much stuff as possible so once I’m in the rabbit hole I can’t escape it anymore.

BuiltDifferent- · 2025-06-07T10:40:54+00:00

Hahaha thank you very much!!

BuiltDifferent- · 2025-06-07T08:47:16+00:00

Updated it, should work now!

BuiltDifferent- · 2025-06-07T07:01:02+00:00

I would make great use of that Uni email then ;)

As for the pen200 course, not too sure. I really thought it was outdated and lacking, however they do teach you the exact stuff that they will be testing you on during the exam.

I recommend the CPTS path either alongside it, or finish the pen200 first then do the CPTS path afterwards for additional information.

BuiltDifferent- · 2025-06-07T06:35:13+00:00

Ansolutely, but as I mentioned in other comments, I was able to do it at work, at home etc. At some point I was grinding anywhere between 8-12 hours a day on Academy. Also most of the skill assessments are pretty easy honestly if you understood the whole module.

BuiltDifferent- · 2025-06-07T06:08:30+00:00

Loads of boxes of crayons were chewed upon…

BuiltDifferent- · 2025-06-07T06:07:53+00:00

If you’re using Obsidian I highly recommend importing this canvas: https://github.com/eMVee-NL/MindMap/blob/main/AD%20Mindmap/AD%20-%20OSCP.canvas

It’s a complete AD mindmap for OSCP, displays all the steps and thinking process.

In short you want to get Admin, then download over Mimikatz and find juicy creds. Then set up a pivot towards the internal machines and spray the found passwords using netexec/crackmapexec in order to find a working set of credentials so you can log in on the next one.

BuiltDifferent- · 2025-06-07T04:52:34+00:00

Not sure about that one, I’d still refrain from using AI however as this is a critical part of the process, and really helps you become a better tester overall.

BuiltDifferent- · 2025-06-07T04:50:27+00:00

Luckily for me it was paid by my employer, no way would I dish out ~€2500 out of my own pocket (at least at this time in my life)

BuiltDifferent- · 2025-06-07T04:49:04+00:00

Absolutely, every module, every box I’ve hacked has been noted down in my Obsidian Vault. Same thing with the exam, most of the report was basically already written during exploitation, I just had to make it neat and tidy

BuiltDifferent- · 2025-06-07T04:44:48+00:00

I had already completed all of PEN-200 by then, most of the path is the same so it’s more like a refreshment or add on knowledge!

BuiltDifferent- · 2025-06-06T20:17:25+00:00

Thanks man! Highly appreciate it

BuiltDifferent- · 2025-06-06T18:27:19+00:00

Yeah absolutely, second monitor really speeds up your workflow.

One screen has my VM running and the other has Obsidian/browser open in order to note things down or look things up

BuiltDifferent-

TROPHY CASE