-–

title: “oscp journey”

date: 2026-04-20

draft: false

-–

# the OSCP journey

Everything I learned prepping for, taking, and passing OSCP+. No course upsells, no affiliate links, no “5 secrets they don’t want you to know.” Just the stuff I wish someone had told me before I started.

## featured

- [**the OSCP+ experience**](/oscp/my-journey/) — the consolidated reference. Phases, frameworks, mistakes, mental models. The single page version of everything I learned.

## guides (coming soon)

- [prep strategy](/oscp/prep-strategy/) — what to study, in what order, and why

- [resources](/oscp/resources/) — labs, courses, books, videos, wordlists

- [lab strategy](/oscp/lab-strategy/) — how to actually use your 90 days

- [exam tips](/oscp/exam-tips/) — the day-of playbook

- [what I’d do differently](/oscp/mistakes/) — honest retrospective

- [post-oscp](/oscp/post-oscp/) — where to go after you pass

- [FAQ](/oscp/faq/) — the questions people ask every week

## the story version

For the long-form narrative of my two attempts — one failed, one passed — I wrote a three-part series on Medium:

- [Part 1: Failure That Taught Me More Than Success](https://medium.com/bugbountywriteup/my-oscp-journey-part-1-failure-that-taught-me-more-than-success-09870c31e54d)

- [Part 2: Success After Struggle — How I Cracked the OSCP](https://medium.com/bugbountywriteup/my-oscp-journey-part-2-success-after-struggle-how-i-cracked-the-oscp-cffa09914051)

- [Part 3: Mind Over Root — The Psychology Behind the Pass](https://medium.com/bugbountywriteup/my-oscp-journey-part-3-mind-over-root-the-psychology-behind-the-pass-f4369be82a2c)

Medium member paywall applies — the story/emotional version of the journey lives there. This site is the technical/reference version, free and open.

-–

*Prepping right now? Hit me on [email](mailto:cyberquestor.infosec@gmail.com). I answer every message.*

post-oscp

2026-04-20

#oscp #next-steps

post-oscp

You passed. Now what? The cert is a starting line, not a finish line. Full guide coming — rough directions below.

directions to go

Web deep-dive → OSWE, PortSwigger Web Security Academy
Red teaming → CRTO (Certified Red Team Operator)
AD mastery → CRTP / CRTE from Altered Security
Binary exploitation → OSED
Bug bounty → HackerOne, Bugcrowd, Intigriti
Research → pick a CVE, write your own PoC

The honest answer: stop chasing certs for a while and actually do the work. Hunt bugs, contribute to open source tools, write up what you find.

what I’d do differently

2026-04-20

#oscp #reflection

what I’d do differently

Honest retrospective. The stuff I regret and the stuff I’d keep.

what I’d change

Started PG Practice sooner — I did too much TryHackMe early on
Built my methodology doc earlier — I was 2 months in before I realized I was solving the same enum steps from scratch every time
Did more Active Directory — the AD set on the exam surprised me
Taken better notes on failed attempts — “what didn’t work” is as valuable as “what did”

what I’d keep

IppSec obsessively — worth every hour
Explaining things out loud — the rubber duck method legit works
Taking real breaks — burnout is real

Full post coming with specific anti-patterns and “if I could email past-me” advice.

-–

title: “the OSCP+ experience”

date: 2026-04-20

draft: false

tags: [“oscp”, “experience”, “lessons”]

description: “What the OSCP+ exam actually tests, what to prepare for, and the hard lessons I learned across two attempts — one failed, one passed.”

-–

# the OSCP+ experience

This is the reference version. No story, no arc, no “I cried during the exam.” If you want the full narrative, I wrote a three-part series on Medium: [Part 1](https://medium.com/bugbountywriteup/my-oscp-journey-part-1-failure-that-taught-me-more-than-success-09870c31e54d), [Part 2](https://medium.com/bugbountywriteup/my-oscp-journey-part-2-success-after-struggle-how-i-cracked-the-oscp-cffa09914051), [Part 3](https://medium.com/bugbountywriteup/my-oscp-journey-part-3-mind-over-root-the-psychology-behind-the-pass-f4369be82a2c).

< [Newer posts]