thecyberquestor

lab strategy

Mon, 20 Apr 2026 00:00:00 +0000

lab strategy

How to actually use your 90 days of lab access without burning out or wasting time. Full post in progress.

the core principles (preview)

Enumerate first, exploit second — always
Notes are the product, not the shells — your methodology file will save you on exam day
Don’t skip Windows privesc — the exam weights it heavily
Reset often — but try again before resetting
Know when to read a walkthrough — stuck for 2hrs? Fine. Stuck for 6? Read the hint.

Full strategy post coming — includes daily routine, when to take breaks, and the “stuck” checklist I used.

oscp exam tips

Mon, 20 Apr 2026 00:00:00 +0000

exam tips

The day-of playbook. Full post coming — here’s the essentials.

the night before

Sleep. Do not cram.
Prep your environment — notes app, template for the report, screenshot tool ready.
Have snacks, water, coffee within arm’s reach.

the exam itself

First 30 min: nmap full TCP + initial UDP on every target, start them in parallel.
Buffer overflow (if applicable): knock it out early while your brain is fresh.
Rotate targets — stuck for an hour? Move on. Come back with fresh eyes.
Document as you go — not at the end. Screenshot everything.
Take breaks — 10 minute walks save your brain.

the report

Don’t skip it. Failing the report = failing the exam.
Use the OffSec template. Don’t be clever.

Full post includes my actual time breakdown, meal schedule, and what I did when I almost panicked at hour 12.

oscp faq

Mon, 20 Apr 2026 00:00:00 +0000

faq

The questions I see asked in r/oscp and the OffSec Discord every single week. Full answers coming — short versions below.

is the PWK course enough?

No. It’s necessary but not sufficient. You need lab time on PG, HTB, or similar.

how long should I prep?

Most people: 3-6 months of consistent daily practice. Depends entirely on your starting level.

should I learn Metasploit?

Yes, but also learn to do things without it. The exam limits Metasploit usage.

oscp prep strategy

Mon, 20 Apr 2026 00:00:00 +0000

prep strategy

What to study, in what order, and why. Full breakdown coming — here’s the TL;DR.

the ordered stack

Foundations — Linux CLI, networking basics, bash + Python
Web — OWASP top 10, Burp Suite, PortSwigger labs
Enumeration — nmap, gobuster, methodology obsession
Exploitation — public exploits, Metasploit (and then without Metasploit)
Privilege escalation — Linux and Windows. Separately. Deeply.
Active Directory — Kerberos attacks, BloodHound, lateral movement
Buffer overflows — not on the modern exam, but worth understanding

the 80/20

If you only do one thing: own a lot of boxes, take obsessive notes. PG Practice + HTB retired boxes got me further than any course.

oscp resources

Mon, 20 Apr 2026 00:00:00 +0000

resources

The curated list. Full annotated version coming — this is the skeleton.

labs (practice targets)

HackTheBox — retired boxes with writeups
OffSec Proving Grounds — closest thing to OSCP feel
TryHackMe — structured learning paths for beginners
Vulnhub — free, downloadable VMs

courses

PWK (OSCP course itself) — mandatory, but not sufficient
TCM Security’s PEH — great foundation
IppSec’s YouTube — free, better than most paid courses

cheatsheets & references

HackTricks — the bible
PayloadsAllTheThings — for when you forget a payload (you will)
GTFOBins — Linux privesc lookup
LOLBAS — Windows equivalent

books

The Web Application Hacker’s Handbook
RTFM (Red Team Field Manual)
Penetration Testing by Georgia Weidman

community

OffSec Discord
r/oscp subreddit
NetSecFocus Slack

Full annotated list (what each is good for, when to use it) drops soon.

post-oscp

Mon, 20 Apr 2026 00:00:00 +0000

post-oscp

You passed. Now what? The cert is a starting line, not a finish line. Full guide coming — rough directions below.

directions to go

Web deep-dive → OSWE, PortSwigger Web Security Academy
Red teaming → CRTO (Certified Red Team Operator)
AD mastery → CRTP / CRTE from Altered Security
Binary exploitation → OSED
Bug bounty → HackerOne, Bugcrowd, Intigriti
Research → pick a CVE, write your own PoC

The honest answer: stop chasing certs for a while and actually do the work. Hunt bugs, contribute to open source tools, write up what you find.

what I'd do differently

Mon, 20 Apr 2026 00:00:00 +0000

what I’d do differently

Honest retrospective. The stuff I regret and the stuff I’d keep.

what I’d change

Started PG Practice sooner — I did too much TryHackMe early on
Built my methodology doc earlier — I was 2 months in before I realized I was solving the same enum steps from scratch every time
Did more Active Directory — the AD set on the exam surprised me
Taken better notes on failed attempts — “what didn’t work” is as valuable as “what did”

what I’d keep

IppSec obsessively — worth every hour
Explaining things out loud — the rubber duck method legit works
Taking real breaks — burnout is real

Full post coming with specific anti-patterns and “if I could email past-me” advice.

Mon, 01 Jan 0001 00:00:00 +0000

-–

title: “the OSCP+ experience”

date: 2026-04-20

draft: false

tags: [“oscp”, “experience”, “lessons”]

description: “What the OSCP+ exam actually tests, what to prepare for, and the hard lessons I learned across two attempts — one failed, one passed.”

-–

# the OSCP+ experience

This is the reference version. No story, no arc, no “I cried during the exam.” If you want the full narrative, I wrote a three-part series on Medium: [Part 1](https://medium.com/bugbountywriteup/my-oscp-journey-part-1-failure-that-taught-me-more-than-success-09870c31e54d), [Part 2](https://medium.com/bugbountywriteup/my-oscp-journey-part-2-success-after-struggle-how-i-cracked-the-oscp-cffa09914051), [Part 3](https://medium.com/bugbountywriteup/my-oscp-journey-part-3-mind-over-root-the-psychology-behind-the-pass-f4369be82a2c).