Brandon T. Elliott
I Tried Harder: My OSCP Experience
Image Source: OffSec
Trying Harder
Sometime after 2AM on a Monday, I finally ended the hands-on portion of my exam. I was in some sort of state of shock, disbelief, relief, and exhaustion.
Adrenaline was likely the only thing that had enabled me to focus well enough to push on for the better part of the final eight hours or so.
I had started the exam at 6AM on Sunday, the day prior.
I had prepared for it with everything I had in me.
Every day after work, and for almost the entirety of every weekend, I gave it all I had in the PWK labs. I took notes on every machine. By the end of my lab access, I had fully rooted nearly 40 of the PWK lab machines, which according to OffSec’s infographic showing the relationship between # of PWK lab machines compromised vs. OSCP pass rate, I still only had somewhere around a 54% chance of passing.
That number lingered in the back of my head.
But, it didn’t mean all that much to me, because I was determined, and I knew I had put the work in. Even prior to the PWK labs, I had already done a significant amount of learning and preparation in platforms such as Proving Grounds and TryHackMe.
Yet, during the exam, for almost a 12 hour period, I was stuck on a machine in the AD set. And I was having to face my biggest fear, which was being confronted with a problem where I tried everything that I could possibly think to try, and I still just couldn’t figure it out.
Although my exam experience was far from what I would describe as perfect, I’m actually glad it wasn’t. There’s a mantra “Try Harder” associated with OffSec certifications that definitely holds true for me.
The primary question I think people should be prepared to answer is: What do you do when you think you’ve already tried everything? How do you try harder?
For me, my answer is: take a break, even if it’s only for a few minutes.
Don’t let your brain get stuck in a loop. Go back to your preparation. Go back to the fundamentals.
Reset your brain, and approach the problem with a fresh set of eyes and a new perspective.
And, most importantly: be prepared to have to do that over and over and over again.
It can be extremely mentally exhausting. It requires grit, persistence, determination, and an unwavering comfortability with feeling like you’re failing, yet still pressing forward.
Climbing Out
When I finally compromised the full AD set, I think I was nearly 16 hours in.
My eyes welling with tears, I thought back to everything that had led me to this point.
I don’t know that I can fully describe the feeling with words, but just like with anything else, I can try.
Imagine being stuck in a hole with the weight of the world on your shoulders, and there’s no one that can help you out of it but yourself. Imagine watching the dirt pile up around you higher and higher as time goes on.
In this scenario, you can cower in fear and choose to resign yourself to what you’ve come to see as your fate, or you can accept the fact that you might as well continue trying to pull yourself out, even if your chances are getting smaller and smaller as the dirt starts to eventually suffocate you.
And then, all of a sudden, something gives. The dirt piles up so high that you find that you can now climb out. You’re free, and you can breathe again.
Although at this point I was what I can only describe as traumatized, yet hopeful, and already extremely tired, the milestone of the full AD set was enough to re-invigorate me to press on, because I knew that the finish line was now at least in sight.
All those late nights that I spent learning when I could have been chilling and watching television had already prepared me for this exact scenario.
In my adrenaline-filled exhaustion, I became entranced in some sort of flow-state.
I quickly moved on to the other machines, and within a couple of more hours, I had fully compromised two more machines, meaning I now had compromised everything except for one machine, which was enough for a theoretical 90 points (including 10 bonus points).
By this point, I was fighting off complete exhaustion, both mentally and physically. I briefly attempted to compromise the final machine, but seeing as I still needed to gather a lot of screenshots and ensure my notes were fully developed for the report portion of the exam, I decided it was best to turn my focus to that in order to fully secure my chance of passing.
Sometime after 2AM on that Monday, I finally had all the notes and screenshots that I needed. After over 20 hours straight.
I went to sleep as quickly as I could after I ended my exam, which wasn’t for a few more hours, because my brain absolutely refused to turn itself off.
And then…
Tornado Warnings
Only three hours after going to sleep, I started to hear the sound of thunderstorms crashing around my house. I started having dreams (or, nightmares rather) where my power would go out and I wouldn’t be able to submit my report within the 24 hour deadline proceeding my exam.
I woke up because I realized that it was a real possibility that I now needed to be prepared for.
I looked at the weather report.
I had some time before the bad weather would return, but there were tornado warnings and severe weather planned for most of the evening.
To make matters worse, the neighborhood I live in is usually prone to the power going out in these types of storms.
So, I got started on my report.
After several hours, over 60 pages, and multiple revisions later, I managed to submit my report in the early evening, with a lot of time left.
Although I would have preferred to have had the liberty of not having to complete the report in a rushed, sleep-deprived, and stressful scenario due to the inclement weather, I think this is a perfect way to summarize my overall OSCP experience.
A lot of it wasn’t preferable, ideal, or how I imagined it would go, but if you want to Try Harder, you have to be prepared to not be ready, as well as be determined enough to persist regardless of what trials or tribulations come your way.
You have to develop callouses on your mind.
You have to be comfortable with failure.
Having “skills” is not just enough.
You have to be relentlessly determined.
Yes, you have to be prepared, and put in a significant amount of hours of work.
But even if you were to prepare forever, there’s always going to be something, no matter how big or small, that you haven’t prepared for.
So, my advice is: learn how to be comfortable with that.
Learn how to stay calm while you’re digging yourself out of that hole as the dirt continues to fill up around you.
Rely on your experience.
Rely on your instincts.
Trust in your ability to persevere.
And climb out.
Exam Results
A nerve-wracking few days after submitting my report, I finally got my results:
I passed.