OSCP Exam Review: Try Harder

After months of preparation and countless hours in the lab, I’m excited to share my experience passing the Offensive Security Certified Professional (OSCP) exam on my first attempt. This wasn’t just luck—it was the result of a systematic approach, relentless enumeration, and learning to embrace the “Try Harder” mindset that OffSec is famous for.

The Results

I passed the OSCP with 80 points, achieved through:

Full compromise of the Active Directory environment (40 points)
Two out of three standalone machines (20 points each)
Minimum passing points secured within 11 hours of testing

The remaining time was spent attempting the final machine and catching up on much-needed rest. This experience taught me that success in penetration testing isn’t just about technical skills—it’s about strategy, persistence, and knowing when to take a step back.

My Preparation Journey

The Foundation: OffSec’s Official Course

The official OSCP course from OffSec provided the essential foundation. The course materials, while comprehensive, were just the starting point. The real learning happened in the labs, where I spent countless hours breaking systems and learning from my failures.

Beyond the Course: Real-World Practice

What truly prepared me for the exam wasn’t just the official materials, but the diverse range of practice I engaged in:

Professional Experience: My penetration testing work at Capital One provided invaluable real-world experience with enterprise environments and Active Directory
Immersive Labs: Platform-based challenges that mirrored real-world scenarios
Hack The Box: Diverse machines covering various attack vectors and privilege escalation techniques
TryHackMe: Structured learning paths and guided challenges
TryHackMe PT1 Certification: A practice run that helped me understand the exam format and time management

The Day Before: Final Preparations

The day before the exam, I focused on three critical elements:

Final Challenge Labs: Completed OSCP A/B/C labs while emulating the actual exam environment
Physical Preparation: Early bedtime, nutritious meals, and proper hydration
Mental Preparation: Reviewing my methodology and toolset, not cramming new techniques

The Exam Experience

My Core Strategy: Enumeration is Everything

From the moment the exam started, I focused on one principle: enumerate everything, always. This meant:

Examining every open port and service for potential attack vectors
Looking for uncommon services that might be overlooked
Scanning everything, even if it didn’t initially appear to be a privilege escalation vector
Starting the enumeration process over from each new foothold or compromised user

The “Try Harder” Mindset in Action

When I got stuck (and I got stuck multiple times), I reminded myself of OffSec’s famous motto. This wasn’t just about persistence—it was about:

Taking strategic breaks to clear my head
Re-examining attack vectors I might have dismissed
Trying variations of techniques I’d already attempted
Looking at problems from completely different angles

Leveraging My Toolkit

I focused on becoming an expert with a core set of tools rather than trying to master everything:

Enumeration & Discovery:

nmap: For port scanning and service enumeration
ffuf: For web application fuzzing and directory enumeration
nxc (NetExec): For Active Directory enumeration and lateral movement

Privilege Escalation:

PEASS Scripts: For automated privilege escalation enumeration (LinPEAS, WinPEAS)
SharpUp: For Windows privilege escalation enumeration
Bloodhound: For Active Directory attack path visualization

Lateral Movement & Pivoting:

ligolo-ng: For tunneling and pivoting through networks
evil-winrm: For Windows Remote Management and file transfer
impacket suite: For various Windows protocol attacks and lateral movement

Obviously, other tools were used throughout the exam—the key was having backup tools ready when my primary choice failed. The OSCP requires you to be flexible and leverage your knowledge in unique ways. When ffuf didn’t work, I had feroxbuster ready. For exfiltration, I might use a web server in one scenario, then pivot to evil-winrm upload/download functionality in another. Building deep confidence in multiple tools for each task meant I could adapt quickly under pressure, without second-guessing my approach.

My Three-Pillar Methodology

🔍 Enumerate, Enumerate, Enumerate

Never stop looking. Every new foothold or compromised user meant starting the enumeration process all over again from that new perspective. This systematic approach often revealed attack vectors that weren’t visible from the initial enumeration.

💪 Try Harder

More than OffSec’s motto—it’s a mindset. When stuck, take a short break, clear your head, and come back ready to try attacks you may not have originally considered. Persistence, not perfection, is the key.

🛠️ Leverage What You Know

Focus on becoming an expert with a core set of tools rather than trying to master everything. Deep confidence in your toolkit is a game-changer when the clock is ticking.

Lessons Learned

What Worked

Systematic enumeration: Never assuming a service or port wasn’t worth investigating
Documentation: Keeping detailed notes of what I’d tried and what I’d found
Time management: Securing minimum points early, then expanding from there
Physical preparation: Proper rest and nutrition made a huge difference

What I’d Do Differently

More AD practice: While I passed, I could have been more efficient with AD enumeration
Script automation: Creating more automated enumeration scripts beforehand
Backup plans: Having alternative approaches ready for common scenarios

Conclusion: The Journey Continues

Passing the OSCP on my first attempt was a milestone, but it’s just the beginning. The real value wasn’t just the certification—it was developing the methodology, mindset, and persistence that will serve me throughout my career in cybersecurity.

The “Try Harder” mindset extends beyond the exam. It’s about continuous learning, pushing boundaries, and never accepting “good enough” as the final answer. Whether you’re preparing for the OSCP or any other challenge in cybersecurity, remember: enumeration is everything, persistence pays off, and sometimes the best thing you can do is take a step back and try again.

Ready to start your OSCP journey? The key isn’t just technical knowledge—it’s developing the right mindset and methodology. Focus on enumeration, embrace the “Try Harder” philosophy, and remember that every failure is just information for your next attempt.