How I Passed the OSCP with 110 Points

August 5, 2023

by Kieran Jessup

oscp certification penetration-testing offensive-security career

Quick Answer

I passed the OSCP (Offensive Security Certified Professional) exam with 110 points in July 2023 after 7 months of dedicated study. The key to my success was a structured approach combining official PWK labs, Proving Grounds practice, and consistent hands-on experience with 38 Proving Grounds labs and 20 HackTheBox machines.

My OSCP Journey Timeline

January 2023: Foundation Building

LearnOne Activated: Started my official OSCP journey with OffSec’s LearnOne subscription

February 2023: PWK Exercise Phase

Started PWK Exercises: Began working through the official Penetration Testing with Kali Linux exercises
Methodology Development: Focused on building systematic enumeration and exploitation approaches
Documentation Practice: Started developing comprehensive note-taking and reporting skills, started with Obsidian but moved to Notion.

March 2023: Lab Completion & Transition

Completed 2022 PWK Exercises: Finished all exercises from the previous year’s courseware
PWK 2023 Release: Transitioned to the updated course material with new content
Active Directory Focus: Completed the AD portion of the 2023 PWK labs
Bonus Points Achieved: Secured additional points through lab completion

April 2023: Life Events & Competition

Got Married: Took time for personal milestone while maintaining study momentum
ADF Hackathon: Competed in the Australian Defence Force hackathon for practical experience
Balanced Approach: Learned to maintain study consistency during major life events

May 2023: Advanced Practice

OffSec Proving Grounds: Intensified practice with Proving Grounds labs
OSCP Labs: Completed MedTech and Relia labs for additional experience
Skill Refinement: Focused on improving speed and accuracy in exploitation

June 2023: Final Preparation

HTB Pro Lab: Dante: Completed the advanced HackTheBox Dante lab
Mock Exams: Successfully completed OSCP Mock exams A, B, and C
Exam Readiness: Built confidence through consistent mock exam success

July 2023: Certification Achieved

OSCP Exam: Sat and passed the 24-hour practical exam
110 Points: Achieved a strong score demonstrating comprehensive understanding
OSCP Certified: Officially became an Offensive Security Certified Professional

Study Resources That Worked

Primary Learning Platforms

Official OffSec Materials

PWK Courseware (2022 & 2023 versions) - Essential for understanding OffSec’s methodology
OSCP Labs (MedTech, Relia) - Direct preparation for exam environment
Proving Grounds Practice Labs - Additional practice with realistic scenarios
Official Discord Community - Support and knowledge sharing

Third-Party Resources

TCM Security Courses - Alternative explanations and methodologies
TJ NULL Trophy Room - Curated vulnerable machines
Hack The Box Academy - Structured learning modules
YouTube Channels (OverGrownCarrot1, IPPSEC) - Visual learning and walkthroughs

Practice Platforms

OffSec Proving Grounds - Additional practice with realistic scenarios
HackTheBox Machines - Exposure to diverse vulnerability types
HTB Pro Labs (Dante) - Advanced enterprise scenarios
Mock Exams (A, B, C) - Exam environment simulation

Key Learning Resources Breakdown

1. TCM Security

What: Comprehensive cybersecurity training platform
Why It Worked: Provided alternative methodologies and explanations
Best For: Understanding different approaches to common techniques

2. TJ NULL Trophy Room

What: Curated collection of vulnerable machines
Why It Worked: Focused practice on specific vulnerability types
Best For: Targeted skill development and technique refinement

3. Hack The Box Academy

What: Structured learning platform with modules
Why It Worked: Provides solid knowledge of AD.
Best For: Building foundational knowledge and methodology

4. YouTube Channels

OverGrownCarrot1: Practical walkthroughs and real-world scenarios
IPPSEC: Detailed technical explanations and methodology breakdowns
Why They Worked: Visual learning and different perspectives on techniques

What Worked for Me: Proven Strategies

1. Active OffSec Discord Participation

Why It Was Critical:

Community Support: Access to experienced professionals and fellow students
Knowledge Sharing: Learned from others’ approaches and methodologies whilst sharing my own knowledge. I found it helpful as teaching others reinforced my own concepts plus if I was wrong I would be called out by more experienced members. It was a form of QA really.
Motivation: Stayed engaged through community interaction
Problem Solving: Got help when stuck on difficult concepts

How to Maximize Discord Benefits:

Ask Questions: Don’t hesitate to seek clarification
Share Solutions: Contribute to the community knowledge base
Follow Channels: Stay updated on course changes and announcements
Network: Build relationships with other security professionals

2. Proving Grounds Labs

Why They Were Essential:

Realistic Scenarios: Closest to actual exam environment
Variety: Different difficulty levels and vulnerability types
Practice: Consistent hands-on experience
Confidence Building: Success in labs translated to exam confidence

Proving Grounds Strategy:

Start Easy: Begin with easier machines to build confidence
Gradual Progression: Move to more difficult machines as skills improve
Time Management: Practice completing machines within time constraints
Documentation: Maintain detailed notes for each machine

3. Structured Study Approach

Timeline Management:

Consistent Schedule: Dedicated study time each day/week
Milestone Tracking: Set specific goals for each month
Adaptation: Adjusted study plan based on progress and life events
Balance: Maintained study momentum during personal commitments

My OSCP Statistics

Lab Completion Summary

OSCP Labs (100% Completion)

MedTech Lab: Completed successfully
Relia Lab: Completed successfully
PWK Exercises: All exercises from both 2022 and 2023 versions
Bonus Points: Achieved through lab completion

Proving Grounds (38 Labs)

Difficulty Range: Easy to difficult machines
Vulnerability Types: Web applications, privilege escalation, Active Directory
Methodology Practice: Systematic enumeration and exploitation approaches
Time Management: Practice completing machines within exam timeframes

HackTheBox (20 Machines)

Platform Variety: Different operating systems and scenarios
Skill Development: Targeted practice on specific techniques
Real-World Scenarios: Exposure to realistic attack vectors
Community Learning: Leveraged HTB community resources

HTB Academy Module

Attacking Enterprise Networks: Comprehensive enterprise security module
Active Directory: Deep dive into AD attack techniques
Methodology: Structured approach to enterprise penetration testing
Practical Application: Real-world enterprise scenarios

Exam Day Strategy

24-Hour Exam Approach

Time Management:

First 4 Hours: Initial enumeration and low-hanging fruit, I went straight for the AD box but got stuck so pivoted to standalones. It turned out that my AD box needed a reboot as I got stuck again later in the day but after a reboot I quickly found my first foothold.
After the standalone pivot, I had all 3 standalones done within 3 hours and returned to the AD set. I was stuck here for a long time and it was almost 6 hours until I realised the box was cooked. Rebooted it and had domain admin within 3 hours.

Documentation Strategy:

Real-Time Notes: Document everything as you go
Screenshots: Capture all important findings
Command History: Save all commands and outputs
Methodology: Document your systematic approach

Career Benefits

Professional Recognition: Immediate credibility in the security community
Career Opportunities: Access to advanced penetration testing roles
Skill Validation: Demonstrated practical security expertise
Network Expansion: Connected with other OSCP holders

Skill Development

Methodology: Developed systematic penetration testing approaches
Tool Proficiency: Mastered essential security tools
Documentation: Enhanced technical writing and reporting skills
Problem Solving: Improved analytical and troubleshooting abilities

Advice for Future OSCP Candidates

Essential Tips

Start with Fundamentals: Ensure strong networking and Linux knowledge
Practice Consistently: Daily hands-on practice is crucial
Join Communities: Engage with OffSec Discord and other communities
Document Everything: Develop comprehensive note-taking habits
Mock Exams: Use mock exams to build confidence and identify gaps

Common Pitfalls to Avoid

Tool Dependency: Don’t rely too heavily on automated tools
Poor Documentation: Inadequate notes will hurt your exam performance
Time Management: Don’t spend too long on single machines
Isolation: Don’t study alone - engage with the community

Conclusion

Passing the OSCP with 110 points was the result of 7 months of dedicated study, consistent practice, and almost total burnout. Make sure you’re not riding too close to the sun as it’s very common to burnout studying for this exam, in hindsight I think I massively overprepared.

Key Takeaways:

Structured approach with clear milestones is essential
Hands-on practice should be prioritized over theory
Community engagement provides motivation and support
Mock exam practice builds confidence and identifies gaps
Documentation skills are as important as technical skills

If you’re preparing for the OSCP, you might also be interested in these related posts:

Certification Journey:

Cybersecurity Basics - Build a strong foundation before OSCP
HTB - BountyHunter - Practice web application security concepts

Learning Path:

Foundation: Cybersecurity Basics - Understand core concepts
Practice: HTB - BountyHunter - Hands-on web security
Advanced: This OSCP Journey - Certification preparation
Expert: Apply OSCP skills to real-world penetration testing

External OSCP Resources:

For additional OSCP preparation, consider these resources:

OffSec LearnOne - Official OSCP course
Proving Grounds - Practice labs
OSCP Discord - Community support
TJ NULL Trophy Room - Curated vulnerable machines
HackTheBox Academy - Structured learning modules
OverGrownCarrot1 - Youtube viddies