Editor's Note: I met Matt Lashner online on my own ill-fated quest for the OSCP 133t h4x0r certificate.
He's a Security Auditor at Vanguard in the USA and successfully passed the OSCP in 2019, and has been a good friend ever since.
This is his story of the mental side of this feared, but passable exam. Enjoy!
NB: This article was first published on Matt's personal LinkedIn profile, he allowed for us to put it up here at Comfortably Dumb, because we thought it would help a lot of people! Check Matt out here!
My name is Matt Lashner, and I’m currently a student at Drexel University in an accelerated bachelor’s/master’s program.
I am pursuing a Bachelor's in Computing and Security Technology, with a minor in Data Science, and a Master’s in Cybersecurity.
(Editor's note: Holy shit....)
Last year, I was lucky enough to be hired for a 6-month co-op with Vanguard in Internal Audit on the Security and Privacy team, working alongside extremely knowledgeable cybersecurity professionals who introduced me to the Offensive Security Certified Professional course, or OSCP.
About a year later, after staying at Vanguard part-time, and then coming back for my second co-op, I decided to take the course. After two months of extremely hard work, I am extremely proud that I recently passed my OSCP exam!
Now, I’ll be honest, I have done a few things in my life.
I managed a project for NASA to engineer a mass measurement device in a micro-gravity environment, studied and became an Emergency Medical Technician, worked a part-time job, and took full-time classes including AP calculus and AP physics, all at the same time.
None of this was anything close to the amount of time and effort included in attaining my OSCP certification.
Passing the OSCP exam was a grueling process that began with 2 months of 6-8-hour days after work in the PWK labs. I spent those two months being exhausted and not taking care of myself, but I finished it by passing the 24-hour OSCP exam on my first try!
After I passed, I started getting a lot of questions about my experience, and how to begin/how to pass the exam. I decided to write this article because I was brand new when I started my OSCP journey, and I was looking for any help I could find, especially from people who had taken the exam and passed.
I noticed that a common problem, not just with “Zero to OSCP” articles, but with box write-ups in general - was that they consistently were about the tools and methodologies that people use, and very rarely explained the mental process.
For box write-ups, they are always straight forward: I did this, then this, and got this result.
I can tell you from experience that I have never rooted a machine that smoothly.
(Editor's Note: Ain't that the damn truth!)
No one talks about what really happens: “I tried this, but it didn’t work, so I tried 15 other things until I realized I made a dumb mistake, and the second thing I tried should have worked.”
This is toxic for PWK (Offensive Security's title for the OSCP course), because it’s so easy to be defeated when you see people succeeding while you are struggling.
The reality is that this is by far the hardest, and most stressful course/exam I have ever taken (that includes my EMT course and BOTH of the exams), but it is absolutely do-able.
I decided to write this article to help people through some of the toughest parts of the class, which is dealing with your own personal obstacles.
I will not be posting any tools or methodologies that I used, not because I think that it’s cheating or anything, but simply because it generally didn’t help me to ask for other people’s stuff.
There are so many of these articles out there, and so many people have “here’s what you need to study to pass OSCP”, but in the end, you WILL design your own methodology, and until you understand what you are doing, the tools you use won’t matter.
I just used whatever I could until I actually knew what I wanted out of the tool, and then I found something that I liked better.
Everyone’s personal preference is different, so with this article I wanted to solely focus on the mental side of the OSCP. I hope that you find this helpful and reassuring, as I know that reassurance is probably the most impactful for a PWK student.
Without further ado, here are the 5 stages of OSCP:
1. Denial
The first stage is Denial. At this stage you have just gotten access to the labs and you are incredulous at the wide world of machines that is out there in the lab. Where do I start? What is the first step? For me, I used this stage to simply start the book exercises and ignore the labs entirely, figuring that once I finished the book and videos, I would know what to do. WRONG! Starting the labs was the same as the rest of the course. You make your own methodology, and stumble around until you find something.
During these first few weeks, I really denied the entire experience.
I couldn’t believe that I was doing any of it, and I denied that any small victory I achieved was a victory at all. I just kept telling myself that I should be so much farther ahead.
2. Anger
This is the stage where I could get absolutely nowhere.
I had finished my initial enumeration, and even rooted a couple boxes but felt that I really should be farther. I was angry at the course for not teaching me enough, and angry at myself for being stupid enough to think that I could do this.
I was more determined than ever to get this done because I put a lot of work into it, but couldn’t help being frustrated that I was banging my head against the wall so much.
NB: Honestly, this is something not enough OSCP articles talk about - the course materials cover about 30% of what you need to know, the rest is all you working your nuts off to synthesise your methodology from sheer hard work.
3. Depression
This stage hit me pretty hard.
I had already sunk about a month and a half, and countless hours into the labs, and I still felt lost. Sure, I was identifying vulnerabilities quickly, but I still felt that I should be doing better. I was reading in the forums and chats how well everyone was doing in the labs, and it was hard not to be discouraged.
On top of that, I started to read more and more about people who had failed the exam multiple times, or people who had passed, but only done so after rooting every single machine in the labs, and multiple VulnHub and HTB machines.
It was hard not to get discouraged and feel as though I would never get there. Especially as I had virtually no experience with penetration testing at all. I thought about quitting many times during this period, but luckily never did.
4. Bargaining
Bargaining was, by far, my most helpful stage.
Bargaining occurred a few weeks before my exam, which I scheduled one month before my 90-day lab time was over. I consider bargaining the stage where I began to allow myself to feel a little bit prepared. I still had a lot of self-doubt, but I began to have some positive thoughts, and I was bargaining with my own fears and doubts. In this stage I started to realize that I actually did have a solid methodology. Sure, I hadn’t rooted that many machines, but every machine I rooted, I understood why and how every piece of the exploit worked. I realized that so many of the people I had been seeing in the chats talking about how well they were doing had really gotten help on most of those machines and didn’t take the time out to learn the methodology themselves.
Did I get help? Absolutely!
When I got help, I made sure I understood how I could come to the same conclusion and why the solution worked. I then added anything I learned to my methodology.
5. Acceptance
I entered this stage about 6 hours into the exam.
It was at this point that I thought I had truly failed. During the test I relapsed through all of the stages, only to find myself with 10 points within the first hour, and not a single other point in the next 5.
I was lost.
I took some time to reflect and took a break from the exam to eat.
This was the moment that I drifted into acceptance. I was shell-shocked (no pun intended, but points to those who get it 😉), but taking a break was the perfect antidote.
I slowly came to the realization that it was just a test, and the downward slide I had made was only contributing to the lack of results.
I thought to myself that I had found every single vulnerability already, and all that was left to do was exploit them. I sat back down reinvigorated and began to work.
Within another 8 hours, I had gotten the points that I needed to succeed.
This stage was the most important to my development, because it’s when I realized that mindset is the most important part of PWK, and of the OSCP.
Mindset is what keeps you going, keeps you learning, and eventually, what will allow you to pass the exam.
Conclusion
Every part of the course is meant to push you to your limits.
The course exercises, the lab, and, of course, the exam.
They all have different challenges to overcome. I hear so often about how people did so well in the labs, but then failed the exam. It’s all about your mentality.
In the labs, the mentality has to be all about learning.
Too many people are worried about how many boxes they have rooted.
I can tell you from experience that prior to the exam I rooted only 19, and I passed on my first try. What makes me different from others is that when I took help, I actually made more of an effort to learn whatever I wasn’t seeing. I added it to my methodology.
In the exam, the mentality needs to be composure. The exam is dependent on your mindset.
The more you struggle, the more you fail. If you take time to calm yourself down, re-enumerate and re-evaluate you can and will succeed.
I almost allowed myself to wallow in self-pity, but I composed myself, and then, I was able to succeed.
In my mind, mindset is what this certification proves, and why it’s so valuable. In passing this certification, I definitely improved my resume, but I also proved to myself that I was capable.
I think that is the most important thing that I learned throughout the course.
I learned how to keep calm and confident while facing down the toughest of problems, knowing that even though there may be brick walls, and rabbit holes, I will persevere.
(Editor's Note: Matt's got a great mindset here. OSCP won't get you a job on its own, and hacking is not pentesting. But it will teach you enumeration better than just about any qualification out there and its prime benefit is it will teach you perseverance whether you like it or not.)
Comments