r/offensive_security

Took the OSCP on Friday, got my results today that I passed. Big shout-out to the community and looking to give back to anyone who's on their journey!

Finished AD set in approx 1:15hrs

Hit the gym for about 45 minutes

Crushed the first standalone in about an hour

Got the next foothold in about an hour.

Ended up with 80 points overall. After getting the points I took a few hours trying to priv ESC on the final 2 standalones but decided I'd just finish the report and hang out with my kids.

Hello everyone, I’m happy to share that I have passed my OSCP exam in the first attempt. Thank you to all those who have been part of my journey. Feel free to ask any questions and I will try my best to answer them.

A few days ago, I replied with “Can I DM?” on a post in the OSCP subreddit. I got backlash for it and downvotes too. Today I would like to share why I wanted to DM. My intention was to not leak any information about the course and it’s lab unintentionally and my question being about labs I wanted to ask it in private space. I never wanted to cheat just to be clear as people thought I was trying to do it.

Anyways I understand why the reaction was that way and I’ll keep that in my mind. I don’t want to argue or prove someone wrong, just wanted to share my pov. Sorry if this went a bit off topic. Apologies for posting it here as I’m unable to post it in OSCP subreddit due to negative karma.

Hello all,

I have been thinking about going for the Red Hat EX415 but haven’t found any books on Amazon or any available study material.

Any recommendations on where to find relevant study materials for this exam?

Thanks in advance!!

Hey everyone,

I made a beautiful offline pentest cheatsheet that works like a real terminal.

**Highlights:**

- 580+ commands

- Automatic variable substitution (IP, domain, username, etc.)

- Favorites, Notes & Target panel

- No internet required

**Live Demo:** https://anshu19981.github.io/Pentestcheatsheet/

**GitHub:** https://github.com/anshu19981/Pentestcheatsheet

Any feedback is highly appreciated!

https://preview.redd.it/a5p9is0xyf0h1.png?width=1919&format=png&auto=webp&s=857fcdeef2be140b1d39399737c826ca6c820734

https://preview.redd.it/070sru0xyf0h1.png?width=1919&format=png&auto=webp&s=e689319830f1ce0a30c3000ed80791fe8f339034

I’m a cybersecurity student focusing mostly on offensive security right now (HTB, CTFs, labs, etc.).

One thing I’ve been wondering about is where people actually spend most of their time during engagements, pentests, research, or even CTFs.

For me, it’s usually recon/enumeration.
At the moment my workflow is pretty basic:

• full port scan with nmap
• targeted service scan on open ports
• web enumeration
• manual inspection
• some directory/subdomain fuzzing

But I feel like experienced people probably spend a lot of time on things that beginners don’t even notice yet.

So I’m curious:
what part of offensive work actually consumes the most time for you?

Recon? Enumeration? Priv esc? Reporting? Infrastructure? Pivoting? Debugging exploit chains? Something else entirely?

Would also be interested in hearing about workflow bottlenecks or things that still feel unnecessarily painful even with experience.

Does OSCP hold any weight for other security roles? Im curious if hiring managers or HR look for oscp when considering requirements for other roles like security engineer or if seeing oscp on a candidates resume catch a hiring manager’s attention.