Introduction: My OSCP Journey
Last updated
Was this helpful?
Last updated
Was this helpful?
Hi there! I'm , a Security Engineer with over 6 years of hands-on experience in offensive security, infrastructure hardening, and application security. In 2024, I earned my , a milestone that pushed me to my limits and taught me the value of persistence, manual enumeration, and creative problem-solving.
While working full-time in a fast-paced environment like , security engineering wasn’t just about pentesting a feature/service/app when it was “ready”. It started from day zero— sitting with developers during design discussions, reviewing implementation plans, reviewing early builds for security flaws, and eventually putting on the black hat to test the feature end-to-end once it was production-ready. From triaging HackerOne reports, handling on-calls, managing incidents, to running compliance reviews, it was everything happening all at once.
But somewhere in the middle of all that, I felt like I was losing touch with the pure offensive mindset. That feeling of breaking into a box, the silence before a shell lands, chasing down an exploit chain, all of that was missing. One downside of working with really smart engineers? You don’t run into critical flaws that often.
I didn’t take up OSCP to learn privilege escalation or exploit AD. Honestly, most of it didn’t apply to my actual job. I did it to reset. To remind myself how a real red teamer thinks with zero context and a ticking clock. What I got in return wasn’t just technical. It was mental. OSCP hardwired a mindset that carried over into my job: enumerate harder, question everything, and never stop just because the docs say it’s secure.
“Try Harder!” isn’t just a tagline. It hits different when you’re staring at a shell at 3 AM, one step away from root.
When I finally cleared OSCP, one thought crystallized my entire approach: Wash, rinse, repeat! The idea is simple yet effective: start by thoroughly enumerating the target machine to identify potential entry points and vulnerabilities. Once you gain an initial foothold, the process doesn’t stop. You begin a new cycle of enumeration, this time focusing on uncovering weaknesses within the compromised system that can be exploited to further your access. This iterative process continues as you pivot from one machine to another, always starting from scratch with a fresh enumeration to adapt to the new environment. The key is to maintain a relentless focus on detailed enumeration at every stage, ensuring no stone is left unturned.
This mantra became my guiding principle, and you’ll see it reflected in both my machine writeups and preparation notes. It’s what kept me grounded during the toughest moments of OSCP prep.
This blog is my personal record of the OSCP journey, combining two pieces I relied on heavily:
Machine Writeups: Detailed breakdowns of I solved on and . They focus on real-world misconfigurations, manual enumeration, minimal tooling, and privilege escalation paths. Check the Machine Writeup Index for a quick overview!
Preparation Notes: My raw, unfiltered notes from OSCP prep, covering enumeration, exploitation, pivoting, Active Directory attacks, password cracking, and quick tips/tricks. They’re messy, but they got me through the late nights.
I created this as a quick reference for myself, but I hope it helps you too—whether you’re preparing for OSCP, sharpening your pentesting skills, or diving into offensive security with a fresh perspective.
I’m passionate about cybersecurity and love sharing insights from my journey. If this blog helps you, let’s connect on LinkedIn to discuss anything security-related. Also, check out my recent for more of my work!
Happy hacking!