post-oscp

You passed. Now what? The cert is a starting line, not a finish line. Full guide coming — rough directions below.

directions to go

• Web deep-dive → OSWE, PortSwigger Web Security Academy
• Red teaming → CRTO (Certified Red Team Operator)
• AD mastery → CRTP / CRTE from Altered Security
• Binary exploitation → OSED
• Bug bounty → HackerOne, Bugcrowd, Intigriti
• Research → pick a CVE, write your own PoC

The honest answer: stop chasing certs for a while and actually do the work. Hunt bugs, contribute to open source tools, write up what you find.

what I’d do differently

Honest retrospective. The stuff I regret and the stuff I’d keep.

what I’d change

• Started PG Practice sooner — I did too much TryHackMe early on
• Built my methodology doc earlier — I was 2 months in before I realized I was solving the same enum steps from scratch every time
• Did more Active Directory — the AD set on the exam surprised me
• Taken better notes on failed attempts — “what didn’t work” is as valuable as “what did”

what I’d keep

• IppSec obsessively — worth every hour
• Explaining things out loud — the rubber duck method legit works
• Taking real breaks — burnout is real

Full post coming with specific anti-patterns and “if I could email past-me” advice.