cyberquestor CYBERQUESTOR_

-–

title: “oscp journey”

date: 2026-04-20

draft: false

-–

# the OSCP journey

Everything I learned prepping for, taking, and passing OSCP+. No course upsells, no affiliate links, no “5 secrets they don’t want you to know.” Just the stuff I wish someone had told me before I started.

## featured

- [**the OSCP+ experience**](/oscp/my-journey/) — the consolidated reference. Phases, frameworks, mistakes, mental models. The single page version of everything I learned.

## guides (coming soon)

- [prep strategy](/oscp/prep-strategy/) — what to study, in what order, and why

- [resources](/oscp/resources/) — labs, courses, books, videos, wordlists

- [lab strategy](/oscp/lab-strategy/) — how to actually use your 90 days

- [exam tips](/oscp/exam-tips/) — the day-of playbook

- [what I’d do differently](/oscp/mistakes/) — honest retrospective

- [post-oscp](/oscp/post-oscp/) — where to go after you pass

- [FAQ](/oscp/faq/) — the questions people ask every week

## the story version

For the long-form narrative of my two attempts — one failed, one passed — I wrote a three-part series on Medium:

- [Part 1: Failure That Taught Me More Than Success](https://medium.com/bugbountywriteup/my-oscp-journey-part-1-failure-that-taught-me-more-than-success-09870c31e54d)

- [Part 2: Success After Struggle — How I Cracked the OSCP](https://medium.com/bugbountywriteup/my-oscp-journey-part-2-success-after-struggle-how-i-cracked-the-oscp-cffa09914051)

- [Part 3: Mind Over Root — The Psychology Behind the Pass](https://medium.com/bugbountywriteup/my-oscp-journey-part-3-mind-over-root-the-psychology-behind-the-pass-f4369be82a2c)

Medium member paywall applies — the story/emotional version of the journey lives there. This site is the technical/reference version, free and open.

-–

*Prepping right now? Hit me on [email](mailto:cyberquestor.infosec@gmail.com). I answer every message.*

lab strategy

#oscp  #labs 

lab strategy

How to actually use your 90 days of lab access without burning out or wasting time. Full post in progress.

the core principles (preview)

  • Enumerate first, exploit second — always
  • Notes are the product, not the shells — your methodology file will save you on exam day
  • Don’t skip Windows privesc — the exam weights it heavily
  • Reset often — but try again before resetting
  • Know when to read a walkthrough — stuck for 2hrs? Fine. Stuck for 6? Read the hint.

Full strategy post coming — includes daily routine, when to take breaks, and the “stuck” checklist I used.

[]

oscp exam tips

#oscp  #exam 

exam tips

The day-of playbook. Full post coming — here’s the essentials.

the night before

  • Sleep. Do not cram.
  • Prep your environment — notes app, template for the report, screenshot tool ready.
  • Have snacks, water, coffee within arm’s reach.

the exam itself

  • First 30 min: nmap full TCP + initial UDP on every target, start them in parallel.
  • Buffer overflow (if applicable): knock it out early while your brain is fresh.
  • Rotate targets — stuck for an hour? Move on. Come back with fresh eyes.
  • Document as you go — not at the end. Screenshot everything.
  • Take breaks — 10 minute walks save your brain.

the report

  • Don’t skip it. Failing the report = failing the exam.
  • Use the OffSec template. Don’t be clever.

Full post includes my actual time breakdown, meal schedule, and what I did when I almost panicked at hour 12.

[]

oscp faq

#oscp  #faq 

faq

The questions I see asked in r/oscp and the OffSec Discord every single week. Full answers coming — short versions below.

is the PWK course enough?

No. It’s necessary but not sufficient. You need lab time on PG, HTB, or similar.

how long should I prep?

Most people: 3-6 months of consistent daily practice. Depends entirely on your starting level.

should I learn Metasploit?

Yes, but also learn to do things without it. The exam limits Metasploit usage.

[]

oscp prep strategy

#oscp  #prep 

prep strategy

What to study, in what order, and why. Full breakdown coming — here’s the TL;DR.

the ordered stack

  1. Foundations — Linux CLI, networking basics, bash + Python
  2. Web — OWASP top 10, Burp Suite, PortSwigger labs
  3. Enumeration — nmap, gobuster, methodology obsession
  4. Exploitation — public exploits, Metasploit (and then without Metasploit)
  5. Privilege escalation — Linux and Windows. Separately. Deeply.
  6. Active Directory — Kerberos attacks, BloodHound, lateral movement
  7. Buffer overflows — not on the modern exam, but worth understanding

the 80/20

If you only do one thing: own a lot of boxes, take obsessive notes. PG Practice + HTB retired boxes got me further than any course.

[]

oscp resources

#oscp  #resources 

resources

The curated list. Full annotated version coming — this is the skeleton.

labs (practice targets)

  • HackTheBox — retired boxes with writeups
  • OffSec Proving Grounds — closest thing to OSCP feel
  • TryHackMe — structured learning paths for beginners
  • Vulnhub — free, downloadable VMs

courses

  • PWK (OSCP course itself) — mandatory, but not sufficient
  • TCM Security’s PEH — great foundation
  • IppSec’s YouTube — free, better than most paid courses

cheatsheets & references

  • HackTricks — the bible
  • PayloadsAllTheThings — for when you forget a payload (you will)
  • GTFOBins — Linux privesc lookup
  • LOLBAS — Windows equivalent

books

  • The Web Application Hacker’s Handbook
  • RTFM (Red Team Field Manual)
  • Penetration Testing by Georgia Weidman

community

  • OffSec Discord
  • r/oscp subreddit
  • NetSecFocus Slack

Full annotated list (what each is good for, when to use it) drops soon.

[]