Getting OSCP Certification in 2024: An Inspiring Journey by Ankit Singh
Let’s get deep dive into how i got my OSCP Certification in 2024 by Ankit Singh.
OffSec, short for “Offensive Security”, is a leading cybersecurity company known for its comprehensive and hands-on training programs. They offer a wide range of certifications, including OSEP , OSWP , OSMR , and many others. However, the OSCP (Offensive Security Certified Professional) is widely recognized and respected within the Penetration Testing domain.
Everyone loves the OSCP certification — not just candidates, but also recruiters and employers who value its hands-on, practical approach. At 20 years old, I didn’t worry about whether OSCP was hard or easy; it just felt like the perfect fit for me, something I was determined to achieve. The OSCP exam is famous for its real-world challenges that test your skills in ethical hacking and penetration testing. It challenges you to think critically, troubleshoot under pressure, and showcase your abilities effectively.
Course Material: October 2023 to December 2023
I purchased my OSCP course on October 2023 and received all the course material, including the Course PDF, videos, and access to the most interesting part — the Challenge Labs, also known as PWK Labs.
You can download the OSCP syllabus here.
I also recently passed my EC-Council CEH v12 exam, which was a lot of fun. You can read about my experience in my blog post here.
Within one month, I completed the course material, which is packed with tons of practical exercises across all modules. These exercises were not only educational but also really fun, especially those focused on Active Directory. I learned a lot from these hands-on Exercises. After finishing all the exercises, I tackled the “Assembling The Pieces” module. This part is super important before diving into the Challenge Labs. It’s called “Assembling The Pieces” because it brings together all the attacks from the previous modules. It was incredibly engaging and fun, offering a great review that is essential for anyone getting ready for the Challenge Labs.
When it comes to the Challenge Labs, make sure you’ve completed all the exercises, including the “Assembling The Pieces” module. Also, have a strong plan for attacking within an Active Directory networked environment. The Challenge Labs have a lot of interconnected systems, and you need to know how to compromise all the machines, even if it’s not necessary to get every single one.
For reference, I completed everything 100%, including all exercises, Challenge Labs, and everything else in the PWK course. It took me one month to finish the whole Challenge Labs. One thing I want to mention is how helpful the official OffSec Discord mentorship was. Without the help of the OffSec student mentors, this journey would have been a lot harder. A big thank you to them for their support!.
Failed Attempt with Zero Points: January 2024
As per my timeline, I finished the entire OSCP course before 2024. I scheduled my exam for January 31, 2024. Unfortunately, there were electricity issues in my area. I started my exam at 8:30 AM, and just after starting, the power went out. I felt like throwing my PC out the window! I had to wait for 2 hours until the electricity came back.
At 10:20 AM, I started again with a frustrated mind. After working for 10 hours on the Active Directory set without getting initial access, I was losing hope. At 8 AM, I tried the standalone machines, and two of them were easy for me, but I still couldn’t crack the third one. Even with the 10 bonus points, I was going to fail if I didn’t complete the AD set.
I took a break to clear my mind and did a lot more recon on the AD set, but still couldn’t get initial access. By 1 AM, I quit the exam with a zombie-like mind. I was so frustrated and couldn’t sleep, crying inside but not on the outside.
Can you imagine? After completing more than 130 machines from the TjNull list and 100% of the OSCP course, I ended up with a total of zero points. But after a week, I felt motivated again because I have a Learn-One subscription for OSCP, which means I have another attempt at the exam.
Repeating the Steps: March 2024 to May 2024
I want to share a methodology with you. Whenever you feel stuck on a CTF machine and know it should be easy for you, repeat all your enumeration steps with a fresh mind. I’m sure you’ll find a clue.
I started the TjNull list again and completed a total of 143 machines from PG-Play, PG-Practice, and HackTheBox, which took me 2 months. Then, I did the exercises again, which took me 4 to 5 days because there are a lot of tasks in the course exercises from all the modules.
When I got to the “Assembling The Pieces” module, it took me only 5 hours to get the Domain Controller. Then, I started the labs and completed MedTech, which took me only 6 hours to finish all the machines. So, I think you can see how fast I was moving at that time. I felt like Spider-Man and Batman combined because I didn’t sleep much during my OSCP preparation.
Completing all the Challenge Labs took me just one week. I had already scheduled my exam for June 18 before starting the Challenge Labs. So, according to the timeline, I had done all the hard and easy things and everything required to pass the OSCP exam.
Re-Attempt, Exam Day : 18 June 2024
My exam started at 8 AM on June 18, 2024, and thankfully, there were no electricity issues this time. I began scanning all the hosts, and upon reviewing the nmap scan of the first Active Directory (AD) host, I found a clue for initial access. I tried it and it worked!. From there, I swiftly moved on to privilege escalation and lateral movement, gaining access to the Domain Controller in just an hour. I was extremely happy to have 40 points from the AD set and still had 23 hours of exam time left.
After a quick breakfast break, I returned and within an hour, I rooted one of the standalone machines. It was dreamlike to have 40 points from AD, 20 points from standalone, and 10 bonus points, totaling 70 points — more than enough to pass — with 22 hours remaining.
Taking another break, I reflected on my strategy and decided to tackle the second standalone. It took me 45 minutes to achieve Administrator access, bringing my total to 80 points officially, or 90 points with bonus points included.
After deciding whether to attempt the last standalone, I decided to give it a try. Despite trying everything I knew, I couldn’t crack it after 3 hours. Realizing I didn’t need to reach 100 points and content with my 80 official points, I concluded that section. During this step, my electricity cut out again, jsut like my previous exam. I waited nearly 3 hours until the power returned, then carefully submitted all the flags (after triple-checking them) and ensured my report was complete with all necessary screenshots.
Moving on to the reporting phase, I completed my exam report that same day, spending a total of 5 hours. I went to sleep at 3 AM and the next day, I double-checked everything in my report to ensure no commands or screenshots were missing. After triple-checking and then checking five more times, I felt confident, also I couldn’t be more sure.
I submitted my report according to OffSec guidelines and then began the waiting game. After 40 hours of anticipation, I received the result starting with “We are happy to…” I was overjoyed — I had made it!
I want to extend a heartfelt thank you to OffSec for granting me this opportunity and for the invaluable knowledge I’ve gained.
Can I say, ‘I tried Harder ?’ Honestly, I’m not sure of the answer, but I’m incredibly grateful for this achievement. Please, Let me know in comments if you want me to share some resources for OSCP and again thank you so much for reading my journey :)
