0 to 65: Failing my OSCP Exam on the First Attempt
I sat for my OSCP exam on Tuesday December 15, 2020. I started at 11am and ended at 10:45am Wednesday. I slept for 1 hour.
Timeline
Name | Points | Time |
Buffer Overflow | 25 | 1:20 minutes |
Windows Easy | 10 | 50 minutes |
Windows Medium | 20 | 30 minutes for user. 1.5 hours for priv esc. |
Linux Medium | 20 | 30 minutes for local.txt. No interactive shell. |
Linux Hard | 25 | Admin access to program. No local or root. |
Total | 65 points |
Outcome
I rooted 3 boxes and obtained local.txt on one. I'm very happy with the outcome. I started studying for the OSCP in late July. If I took the exam in July, I would've got 0 points. I improved by 65 points! My first goal was to not look like a fool during the exam. I was a real deal contender! Before I committed to the OSCP, I even wondered if I was smart enough to handle it. Failing the OSCP exam at 65 points is my proudest failure. Why? The OSCP is harder than anything I've done before. College, my CCNA, Black Belt or running don't come close to it. There is no peer pressure. I don't have a teacher or peers in a class with me. This journey you travel alone, at your own pace. I studied for a minimum of 300 hours, if not more. I haven't had to test my dedication this hard for this long. I've expanded my accountability and discipline.
Strengths
Attitude
I have a Naruto like "Never Give Up" attitude. I don't talk down to myself or think "I'm gonna fail the exam". My headspace is positive. I was really positive to myself and cheered at each system I took down. I thought I was going to pass the exam until 9pm hit. After I thought "Oh no, I'm in trouble". Even when it looks like I'm going to fail, I try to save the ship with all means possible.
Privilege Escalation
I'm confident when it comes to priv esc. I think its fun and enjoyable. I know I will find the answer with time.
Buffer Overflow
My most feared topic became my favorite topic. I'm going to dive into more advanced subjects with this once the OSCP is over.
Windows Boxes
I went from hating them to loving them. I rooted 100% this round.
Personal Record Pace
My current pace is solving boxes within 1 - 6 hours. Solving a box under 1 hour is an excellent pace for me. I was setting a record with the boxes I did solve on the exam. My practice pace is solving 1 or 2 boxes a day.
Progressing with the Hard Box at 3am
Even when I was totally exhausted, I managed to progress on this box at 3am. I got an adrenaline boost.
Weaknesses
Pentest Methodology
The reason why I'm so good at priv esc is because I have a rock solid methodology. With testing I have a general process, but it's not strong enough.
Enumeration
I can get better at this!
Burnout
I burned out twice during my studies. One time I can't remember. The other time was two weeks before Thanksgiving. I know I'm burned out when I'm slowed down and performing like I'm in mud. My burnouts before the OSCP could be ignored and denied. The OSCP taught me what a burnout feels like. Now I'm balancing this "burnout threat" which wasn't something I had to worry about in my past activities.
More time on the Mat
I need more practice hacking boxes. The more vulnerabilities and techniques I encounter, the better I become.
Gaining Initial Foothold
My greatest strength became my greatest weakness. I think my other abilities grew faster while this improved slower. I want to make this a fun and enjoyable experience like Priv Esc. I start off with anxiety and worry if I can get a shell.
Energy Consumption
I start off strong and end up exhausted. I think a 2nd time around I will gain 2 hours of fighting power. I won't be as stressed like the first time. My goal is to get to 70 points in 9 to 15 hours. When time drags on, the more exhausted I get.
Next Steps
I'm going to level up by 30%. Once I feel I'm at that level, I will take the exam again.
good job, I have similar experience but with a long start, I start from 2018 until December 2019 took oscp exam and failed
ReplyDelete