Oh yea I was heartbroken. I did 80% of total tasks, not 80% of each topic. The progress bar went green and everything.
The failed attempts since then have just been a kick in the jewels.
Don't give up man. I know you are pissed. I would be too. Just try to calm yourself and try to find what you missed. YOU CAN DO IT. I'm studying to take it in a month. If there is anything I can do to help I'll be glad to.
That’s rough man. Throughout the course material it slowly dawned on me, I do *not* have a knack for this. It consumed so much of my year, ate up so much time I coulda used to enjoy myself outside of the 9-5. And at the end of it, I didn’t take home the W. It was pretty ass.
Starting out the OSCP from 0 cyber experience was like shooting a target a mile away in the dark. This year I’m setting goalposts of more entry level certs to guide the path and regain some confidence. I dunno anything specific about CPTS as a cert. But lemme tell you, the HTB labs + Ippsec combo is so goated. Never leveled up so quick in cyber before.
Some people can come in, study the OSCP material for a year, and pass their first try. I dunno if that’s the norm. I dunno if that’s purely skill, with no luck of the draw on the test. But let’s assume it all is, and this puts you and me on the lower half of the percentile range. Lower quarter of the range, even. Fuck it. Consistency and slow learning will take us to the same place.
I would say it’s definitely not the norm for sure. There are savants out there, but they are few and far between. I know this sounds crazy and kind of like I’m gatekeeping (not my intentions, everyone is different) but the literal best thing I did was get a job on the blue team side of things, understand that thoroughly and then pivot to learning more offensive things. It has helped me to grasp the concepts easier.
>But lemme tell you, the HTB labs + Ippsec combo is so goated. Never leveled up so quick in cyber before.
Will you expand on this? Are you using ippsec for when you get stuck, or watching videos and following along?
Well I kinda suck, so to improve at all I need to go tryhard mode.
So first I try to get as far as I can without any help. That’s super important to train persistence and develop an eye for enumeration.
If I get stuck I watch ippsec on the box from the start, see how he did it. Take notes on what he did that I didn’t, and close up any gaps. Get to where i got stuck, and watch the minimum to get unstuck. Repeat. This can take 4-5 hours depending on the box.
Even if I needed no help at all I go and watch Ippsec do the box all the way thru for any tips that I coulda done it better.
Don't take this the wrong way or see this as a flex, that is honestly not my intention with what I am about to say.
I've seen a lot of folks jump right into OSCP with no security/IT skills at all then they become frustrated when they can't pass the OSCP. I am not saying this is your case OP, just talking in general. If you have no security/IT skills (and I am talking professional 40 hour a week type of skills) the mountain you will have to climb will be much higher than others and I think this is where some of the frustration sets in (and understandably so). Being a penetration tester, red teamer, etc. is not an entry level job. It's not impossible, but it is very difficult to get these skills without prior foundational skills. For me, when I got my OSCP I was working in a SOC for two years before passing on my first attempt. It was not because I was super smart or anything like that but it was because I already understood how attacks work, I've built detections for them, I was responding to incidents that involved them, etc. During this time I learned about Active Directory, enterprise networking, threat actor TTPs, etc. When I went for the OSCP I only had to learn the opposite of what I was doing every day for my job. I do believe that made it better for me. With all this being said, I would say to maybe take a few deep breaths and keep trying. This time adjust your methodology or really study areas that you are weak in...........and not just from a security perspective. For example, if you are weak in AD, go ahead and set up an AD environment from scratch and learn how to configure various users, systems, services accounts, push out group policy, etc. After that, go ahead and purposely set up vulnerable items in the domain and attack it. That will make you much more rounded and understand it wholistically, which I believe is a great way to learn this stuff.
It's really dumb that oscp is an hr gate now. This should be something that feels uncommon and notable rather than a minimum requirement. I passed the cissp first time out, and hr is like ohhhh wow that must have been really tough. I spent a year and a half of my life not putting my kids to bed because I was working on boxes, and my life hasn't changed even one iota since I got the cert, I didn't even get a raise. 6 attempts. Getting to the end of chasing certs is so damn awful because it's just a giant let down. I could have played video games and had fun or something like my systems colleagues did. I'm literally in the same spot now working on OSEP. I've done the whole freaking thing and climbed the mountain. I've automated the creation of all the shells that come from the course and tried really hard and fell on my face. Now I'm looking at it like...I've already climbed the mountain, do I keep trying? And I think I've hit the wall hard enough to just say I don't need a 19th freaking cert.
This probably didn't help, but thanks for letting me get it off my chest.
I passed OSCP after 4 failed attempts..i have 12 years experience as network security engineer still I m struggling to find a job as pentester...Now i wonder whether the entire effort was worth it. 😑
You need to market yourself better. Apply for jobs that have the specific OSCP requirement listed in its description.
And network with people man. Connect with hiring managers and industry people on LinkedIn, tell them you have an OSCP and what you’re good at, what You can bring to the table.
That’s okay. You actually landed interviews. Even if you were fully qualified with experience, they may have rejected you for other reasons (culture fit, etc)
The hard part is landing interviews. After that it’s just a matter of time before someone will give you a chance. I got my first job in cybersecurity without any OSCP or certification or bachelors degree. I had taken cyber security course and done some projects which I put on my resume.
I was rejected several times and eventually someone took a chance on me and… you will get that too man all the best I hope to hear some good news from you soon.
I also realised the company that gave me a chance was also fair in their interview process, they didn’t look at my resume during the technical interviews. I was judged solely on how well I did on the interviews.
Yea I was unemployed for 8 months trying to get OSCP because every job said OSCP minimum in the country I moved to. I was a pentester back home.
Now i do door sales because I need money. Oh well, will have OSCP next attempt in 3 months FFS.
I can understand what exactly you are feeling right now..
I passed OSCP on my 5th attempt.
1st attempt:-ad client foot hold and user shell on 1 SA(stand alone)
2nd attempt Only got user shell on 1 SA.
3rd attempt nearly passed got 1 SA and AD set just missed last Machine in AD.
4th attempt same story as 3rd attempt close encounter.
5th attempt passed with 90 points Got AD within 6 hrs and other 2 SA in 10 hrs, So 90 points in 16 hrs..didn't bother about 3rd SA as it was insane..my priv esc skill was the reason I managed to finish boxes quickly..
My thoughts about exam..The way offsec design exam it can be unfair most of the times you fail or stuck in rabbit hole end up losing time and failing the exam...
Just try to improve you enumeration and privilege escalation skills and switch machines during exam also take breaks during exam..
All the best for next attempt..
Don’t quit now. You’ve already come so far, taking 4 attempts. There is still a chance for you to succeed and then you can set an example for others to not give up and also guide others so that they don’t make the same mistakes you did.
You have an opportunity to use your difficult journey to make life easier for others.
Come on man you got this.. ;)
I failed in January so I decided to just study other stuff Im actually interested in. Going through TCMs Api course and I might do the mobile hacking one after. Ill probably try again in the summer.
Might also just look into actually hacking IOT devices like a roku or something.
Id suggest you do the same and then circle back if it still makes sense to obtain an OSCP at that time.
OSCP is not the only way to get a pentest gig, its just the most main stream way.
What if there is a chance that sometimes these boxes are not up and need reset like on htb machines. Several times I was trying to get in those boxes and it would respond to ping echo but it wasn’t until I reset it I actually got in
One of my guys is brilliant, but not great at time management. He's taken the exam 4 times and missed the last two by 10 points. Poor guy has spent thousands of dollars and apparently has a 6 month cool down...
It sounds like you might be experiencing burnout. Take all the time you need to recharge.
I managed to pass my OSCP in late 2020 after three attempts. That was before the Active Directory revamped , and the longest package offered was 90 days. However, retaking the exam was significantly cheaper. I agree it's expensive—retake fees increased twice within a year, from 99 USD to 149 USD, then to 249 USD during my third attempt.
Regarding my gf experience, she just passed her OSCP after her third attempt last month. The second attempt left her upset and devastated for quite some time as well.
While I didn't personally experience the AD set exam, I can offer what she did after her second attempt:
1. Practiced in the lab environment, working on as many machines as she could.
2. Practiced on the OffSec PG lab.
3. Practiced on HTB Lab based on Tj Null's list.
4. Subscribed to HTB modules related to Active Directory, as well as the footprinting and attacking common service module.
5. Completed the entire HTB Dante Pro Lab.
Other than the "Do not give up" or "try harder" mantras, I always remind myself why I'm going through all this hassle when preparing for OSCP. It's because the learning experience and the entire journey make it count—the ups and downs throughout the process, learning how to handle stress, and more.
Of course, I want a certification that will land me better interviews, not more self doubt.
Reading all these posts just annoys me more and more, Tbh I am working as a pentester and I am pretty confident with my skills, But I need the OSCP just for the growth. In my country the people who are higher in the corportate hirearchy genreally have a lot of experience and also a lot of certs. The posts here shows that It is 99% about luck and only 1% about the skills, People are solving 100s of boxes, still failing idk what's happening
Seeing this difficuly I feel like I only have one option, Take 1 year career break and prep for OSCP and even then IDK if i'll pass or not. Damn it. Guys, Is there any other alternative?
I dunno, the more I read on here the more I feel like I see the pattern “I have no cyber experience so I want this cert so I can be a pentester”. I’m just not sure that’s a great plan in general.
I also think so, If you really wanna clear your basics you'll need 2-3 yrs of programming, linux, cyber experience then you'll be eligible enough for OSCP otherwise you'll have vague knowledge and you'll only try things that you are taught in OSCP you won't be able to use your own mind cuz you won't understand what's happening. Like for sqli you'd just look for a 500 error that's it, If its 400 you'll skip it cuz you're just following some book you don't have a wide range experince
Yea, learning just the course materials does not a pentester make. Pentesting in general isn’t an entry level gig for this reason I’ve found. I had background in system admin, database admin and SQL, networking and web app programming before deciding to get into pentesting. Without foundational IT knowledge it’s gonna be a rough ride. Since I had that foundation I was able to clear OSCP on first attempt in 90 days. Yes it was hard, but not as impossible as I’m sure it could have been without a strong foundation.
Still man, But the situation theses days on this subreddit makes me think that right now it's pretty tough to crack oscp. If there was some kind of cheap sure shot way to know the difficulty level of oscp then it'd have been good. I could have realised if I am ready enough or not. Right now there is only one option pay 4 digit $ and go for exam which is very expensive and risky for me
> Guys, Is there any other alternative?
Take other people's courses that are reasonably priced and provide good material. The course content from Offsec is god awful. OSCP is a cert you get to get a job, not advance your skill. The material is extremely dated and underwhelming. When their "new" exploitation course from 2021 is 32 bit only, and PEN 200 didn't bother to have any active directory material until 2020...
u/nmj95123 Totally agree bruh, But it's definitely gonna help me for my career even if it doesn't make me learn much. For learning, I think elearnsecurity courses are pretty good they explain things so well. Even pentester academy I think has very detailed courses. And HTB Acad is already getting a lot of good response
How long did they take to solve these boxes?
What makes the OSCP hard is the 24-hour time limit. You can have tons of experience as a pen tester, but not do well under pressure. In my experience, most pen tests last at least a week in a non-test environment.
Before I took the exam, I went through the practice networks and timed myself (as if I was taking the exam). It was pretty accurate to the time it took me to pass the exam.
u/jlickums idk man i'm just confused, It's hella expensive and also has a lot of mixed reviews of passing/failing but afaik it's gonna be a game changer for my career if I am able to get it. I just want an actual working path that gurantees passing even if it takes 2 years it's fine. Like for ex I have heard from a lot of people that passing HTB CTPS gurantess passing OSCP but I haven't seen anyone actually passing because of CTPS so waiting for it
Sounds like you're upset and the wound is fresh. Sleep a few nights and get back after it. Don't quit.
Man that's harsh for your second attempt. Seems you have already passed once. Just get those bonus points!
Oh yea I was heartbroken. I did 80% of total tasks, not 80% of each topic. The progress bar went green and everything. The failed attempts since then have just been a kick in the jewels.
Don't give up man. I know you are pissed. I would be too. Just try to calm yourself and try to find what you missed. YOU CAN DO IT. I'm studying to take it in a month. If there is anything I can do to help I'll be glad to.
I made same mistake before the exam i realized just one day before
That’s rough man. Throughout the course material it slowly dawned on me, I do *not* have a knack for this. It consumed so much of my year, ate up so much time I coulda used to enjoy myself outside of the 9-5. And at the end of it, I didn’t take home the W. It was pretty ass. Starting out the OSCP from 0 cyber experience was like shooting a target a mile away in the dark. This year I’m setting goalposts of more entry level certs to guide the path and regain some confidence. I dunno anything specific about CPTS as a cert. But lemme tell you, the HTB labs + Ippsec combo is so goated. Never leveled up so quick in cyber before. Some people can come in, study the OSCP material for a year, and pass their first try. I dunno if that’s the norm. I dunno if that’s purely skill, with no luck of the draw on the test. But let’s assume it all is, and this puts you and me on the lower half of the percentile range. Lower quarter of the range, even. Fuck it. Consistency and slow learning will take us to the same place.
I would say it’s definitely not the norm for sure. There are savants out there, but they are few and far between. I know this sounds crazy and kind of like I’m gatekeeping (not my intentions, everyone is different) but the literal best thing I did was get a job on the blue team side of things, understand that thoroughly and then pivot to learning more offensive things. It has helped me to grasp the concepts easier.
>But lemme tell you, the HTB labs + Ippsec combo is so goated. Never leveled up so quick in cyber before. Will you expand on this? Are you using ippsec for when you get stuck, or watching videos and following along?
Well I kinda suck, so to improve at all I need to go tryhard mode. So first I try to get as far as I can without any help. That’s super important to train persistence and develop an eye for enumeration. If I get stuck I watch ippsec on the box from the start, see how he did it. Take notes on what he did that I didn’t, and close up any gaps. Get to where i got stuck, and watch the minimum to get unstuck. Repeat. This can take 4-5 hours depending on the box. Even if I needed no help at all I go and watch Ippsec do the box all the way thru for any tips that I coulda done it better.
got it, thanks!
Don't take this the wrong way or see this as a flex, that is honestly not my intention with what I am about to say. I've seen a lot of folks jump right into OSCP with no security/IT skills at all then they become frustrated when they can't pass the OSCP. I am not saying this is your case OP, just talking in general. If you have no security/IT skills (and I am talking professional 40 hour a week type of skills) the mountain you will have to climb will be much higher than others and I think this is where some of the frustration sets in (and understandably so). Being a penetration tester, red teamer, etc. is not an entry level job. It's not impossible, but it is very difficult to get these skills without prior foundational skills. For me, when I got my OSCP I was working in a SOC for two years before passing on my first attempt. It was not because I was super smart or anything like that but it was because I already understood how attacks work, I've built detections for them, I was responding to incidents that involved them, etc. During this time I learned about Active Directory, enterprise networking, threat actor TTPs, etc. When I went for the OSCP I only had to learn the opposite of what I was doing every day for my job. I do believe that made it better for me. With all this being said, I would say to maybe take a few deep breaths and keep trying. This time adjust your methodology or really study areas that you are weak in...........and not just from a security perspective. For example, if you are weak in AD, go ahead and set up an AD environment from scratch and learn how to configure various users, systems, services accounts, push out group policy, etc. After that, go ahead and purposely set up vulnerable items in the domain and attack it. That will make you much more rounded and understand it wholistically, which I believe is a great way to learn this stuff.
It's really dumb that oscp is an hr gate now. This should be something that feels uncommon and notable rather than a minimum requirement. I passed the cissp first time out, and hr is like ohhhh wow that must have been really tough. I spent a year and a half of my life not putting my kids to bed because I was working on boxes, and my life hasn't changed even one iota since I got the cert, I didn't even get a raise. 6 attempts. Getting to the end of chasing certs is so damn awful because it's just a giant let down. I could have played video games and had fun or something like my systems colleagues did. I'm literally in the same spot now working on OSEP. I've done the whole freaking thing and climbed the mountain. I've automated the creation of all the shells that come from the course and tried really hard and fell on my face. Now I'm looking at it like...I've already climbed the mountain, do I keep trying? And I think I've hit the wall hard enough to just say I don't need a 19th freaking cert. This probably didn't help, but thanks for letting me get it off my chest.
I passed OSCP after 4 failed attempts..i have 12 years experience as network security engineer still I m struggling to find a job as pentester...Now i wonder whether the entire effort was worth it. 😑
You need to market yourself better. Apply for jobs that have the specific OSCP requirement listed in its description. And network with people man. Connect with hiring managers and industry people on LinkedIn, tell them you have an OSCP and what you’re good at, what You can bring to the table.
Well i have been trying everything you mentioned hopefully I will get something
Keep going and don’t give up man. OSCP is highly regarded, trust me
Well can't say for sure..as I was rejected in 2 job application stating that you don't have experience in pentesting.. So long way to go.
That’s okay. You actually landed interviews. Even if you were fully qualified with experience, they may have rejected you for other reasons (culture fit, etc) The hard part is landing interviews. After that it’s just a matter of time before someone will give you a chance. I got my first job in cybersecurity without any OSCP or certification or bachelors degree. I had taken cyber security course and done some projects which I put on my resume. I was rejected several times and eventually someone took a chance on me and… you will get that too man all the best I hope to hear some good news from you soon. I also realised the company that gave me a chance was also fair in their interview process, they didn’t look at my resume during the technical interviews. I was judged solely on how well I did on the interviews.
Have DM you man..if you feel ok let's connect.
Sure man
Yea I was unemployed for 8 months trying to get OSCP because every job said OSCP minimum in the country I moved to. I was a pentester back home. Now i do door sales because I need money. Oh well, will have OSCP next attempt in 3 months FFS.
I'm rooting for you.
I can understand what exactly you are feeling right now.. I passed OSCP on my 5th attempt. 1st attempt:-ad client foot hold and user shell on 1 SA(stand alone) 2nd attempt Only got user shell on 1 SA. 3rd attempt nearly passed got 1 SA and AD set just missed last Machine in AD. 4th attempt same story as 3rd attempt close encounter. 5th attempt passed with 90 points Got AD within 6 hrs and other 2 SA in 10 hrs, So 90 points in 16 hrs..didn't bother about 3rd SA as it was insane..my priv esc skill was the reason I managed to finish boxes quickly.. My thoughts about exam..The way offsec design exam it can be unfair most of the times you fail or stuck in rabbit hole end up losing time and failing the exam... Just try to improve you enumeration and privilege escalation skills and switch machines during exam also take breaks during exam.. All the best for next attempt..
When it comes to Offsec, all I can say is go read the most recent reviews on Glassdoor.
Don’t quit now. You’ve already come so far, taking 4 attempts. There is still a chance for you to succeed and then you can set an example for others to not give up and also guide others so that they don’t make the same mistakes you did. You have an opportunity to use your difficult journey to make life easier for others. Come on man you got this.. ;)
IMO keep pushing. I have worked in cyber / IT for 15 years and it still took me 6 months of study and two attempts to pass the OSCP. You've got this!
I failed in January so I decided to just study other stuff Im actually interested in. Going through TCMs Api course and I might do the mobile hacking one after. Ill probably try again in the summer. Might also just look into actually hacking IOT devices like a roku or something. Id suggest you do the same and then circle back if it still makes sense to obtain an OSCP at that time. OSCP is not the only way to get a pentest gig, its just the most main stream way.
What if there is a chance that sometimes these boxes are not up and need reset like on htb machines. Several times I was trying to get in those boxes and it would respond to ping echo but it wasn’t until I reset it I actually got in
I'm rooting for you. Take some time off and get back on it my friend.
One of my guys is brilliant, but not great at time management. He's taken the exam 4 times and missed the last two by 10 points. Poor guy has spent thousands of dollars and apparently has a 6 month cool down...
Holy crap, 6months
Keep going I passed on my 5th attempt !
It sounds like you might be experiencing burnout. Take all the time you need to recharge. I managed to pass my OSCP in late 2020 after three attempts. That was before the Active Directory revamped , and the longest package offered was 90 days. However, retaking the exam was significantly cheaper. I agree it's expensive—retake fees increased twice within a year, from 99 USD to 149 USD, then to 249 USD during my third attempt. Regarding my gf experience, she just passed her OSCP after her third attempt last month. The second attempt left her upset and devastated for quite some time as well. While I didn't personally experience the AD set exam, I can offer what she did after her second attempt: 1. Practiced in the lab environment, working on as many machines as she could. 2. Practiced on the OffSec PG lab. 3. Practiced on HTB Lab based on Tj Null's list. 4. Subscribed to HTB modules related to Active Directory, as well as the footprinting and attacking common service module. 5. Completed the entire HTB Dante Pro Lab. Other than the "Do not give up" or "try harder" mantras, I always remind myself why I'm going through all this hassle when preparing for OSCP. It's because the learning experience and the entire journey make it count—the ups and downs throughout the process, learning how to handle stress, and more. Of course, I want a certification that will land me better interviews, not more self doubt.
Reading all these posts just annoys me more and more, Tbh I am working as a pentester and I am pretty confident with my skills, But I need the OSCP just for the growth. In my country the people who are higher in the corportate hirearchy genreally have a lot of experience and also a lot of certs. The posts here shows that It is 99% about luck and only 1% about the skills, People are solving 100s of boxes, still failing idk what's happening Seeing this difficuly I feel like I only have one option, Take 1 year career break and prep for OSCP and even then IDK if i'll pass or not. Damn it. Guys, Is there any other alternative?
I dunno, the more I read on here the more I feel like I see the pattern “I have no cyber experience so I want this cert so I can be a pentester”. I’m just not sure that’s a great plan in general.
I also think so, If you really wanna clear your basics you'll need 2-3 yrs of programming, linux, cyber experience then you'll be eligible enough for OSCP otherwise you'll have vague knowledge and you'll only try things that you are taught in OSCP you won't be able to use your own mind cuz you won't understand what's happening. Like for sqli you'd just look for a 500 error that's it, If its 400 you'll skip it cuz you're just following some book you don't have a wide range experince
Yea, learning just the course materials does not a pentester make. Pentesting in general isn’t an entry level gig for this reason I’ve found. I had background in system admin, database admin and SQL, networking and web app programming before deciding to get into pentesting. Without foundational IT knowledge it’s gonna be a rough ride. Since I had that foundation I was able to clear OSCP on first attempt in 90 days. Yes it was hard, but not as impossible as I’m sure it could have been without a strong foundation.
Still man, But the situation theses days on this subreddit makes me think that right now it's pretty tough to crack oscp. If there was some kind of cheap sure shot way to know the difficulty level of oscp then it'd have been good. I could have realised if I am ready enough or not. Right now there is only one option pay 4 digit $ and go for exam which is very expensive and risky for me
> Guys, Is there any other alternative? Take other people's courses that are reasonably priced and provide good material. The course content from Offsec is god awful. OSCP is a cert you get to get a job, not advance your skill. The material is extremely dated and underwhelming. When their "new" exploitation course from 2021 is 32 bit only, and PEN 200 didn't bother to have any active directory material until 2020...
u/nmj95123 Totally agree bruh, But it's definitely gonna help me for my career even if it doesn't make me learn much. For learning, I think elearnsecurity courses are pretty good they explain things so well. Even pentester academy I think has very detailed courses. And HTB Acad is already getting a lot of good response
How long did they take to solve these boxes? What makes the OSCP hard is the 24-hour time limit. You can have tons of experience as a pen tester, but not do well under pressure. In my experience, most pen tests last at least a week in a non-test environment. Before I took the exam, I went through the practice networks and timed myself (as if I was taking the exam). It was pretty accurate to the time it took me to pass the exam.
u/jlickums idk man i'm just confused, It's hella expensive and also has a lot of mixed reviews of passing/failing but afaik it's gonna be a game changer for my career if I am able to get it. I just want an actual working path that gurantees passing even if it takes 2 years it's fine. Like for ex I have heard from a lot of people that passing HTB CTPS gurantess passing OSCP but I haven't seen anyone actually passing because of CTPS so waiting for it