r/oscp

Took the OSCP on Friday, got my results today that I passed. Big shout-out to the community and looking to give back to anyone who's on their journey!

Finished AD set in approx 1:15hrs

Hit the gym for about 45 minutes

Crushed the first standalone in about an hour

Got the next foothold in about an hour.

Ended up with 80 points overall. After getting the points I took a few hours trying to priv ESC on the final 2 standalones but decided I'd just finish the report and hang out with my kids.

Just took my first OSCP exam attempt and honestly I think it was a valuable reality check.

For context, I’m doing the OffSec Learn One subscription for PEN-200/OSCP, the one with a year of lab access and two exam attempts. My subscription expires in June, and since I still had both attempts available, I decided to take the exam about a month early as a “smoke test” to see the real environment, pressure, workflow, and identify weak spots before my serious attempt.

Going in, I already knew I was underprepared. This wasn’t a surprise “I deserved to pass” situation. I mainly wanted to:
experience the exam pacing

test my methodology under pressure

figure out where my gaps actually are

I actually feel decent about parts of it. The exam itself felt fair. Enumeration and methodology mattered way more than gimmicks.

But there’s one machine that’s absolutely haunting me.

I narrowed it down to what felt like only a couple realistic attack paths. One path I eventually wrote off as a dead end. The other path I hammered on for hours. I tried multiple variations, researched techniques during the exam, watched related material, adjusted tooling, changed approaches, and every route felt blocked.

Now that the exam is over, what’s bothering me most is not failing. It’s the fact I still genuinely do not understand what the intended path may have been.
That’s the part messing with my confidence for the next attempt.

Did anyone else have this experience on their first OSCP attempt where a box completely broke your confidence because you walked away with zero clarity afterward? How did you recover from that mentally and technically?
Right now I’m trying to determine whether:
my enumeration was weak

I missed something obvious

I tunnel-visioned too hard

or I just lacked depth in one specific area

Curious how other people calibrated after their first real attempt.

So I'm at the last module in AD Enumaration, which discusses bloodhound (legacy version), but due to incompatibility with the latest Sharphound json outputs, I had to upgrade bloodhound to the CE version which seems to be less useful than the older version.

They seem to have removed shortest paths and analysis and kept it in the Enterprise version.

Community edition has less capabilities than the legacy version it seems..

What do you suggest me to do? Should I revert back to the legacy version?

I solved 2 Linux and 2 windows, but struggled with the last one in AD set. Twice.

I have solved many labs on my own, having extensive experience in Pentesting(6+) but somehow I am afraid to go 3rd time. I am open to suggestions please.

So, Last year I had 2 attempts and in both I did found the solution for the third (probably but could not tried) but by the time I did, 24 hours times up. I didn't drink coffee or caffeine to stay awake, just water.

Now my company wants to sponsor me again for the 3rd time this year with 90-days lab access and I can't say no as it would disappoint them.

So I know all resources in the group but I would appreciate if someone can say what one or many things that actually changed their style and helped with this certification. It could be few things related to timing, who gave recently what materials is most useful besides the offsec labs, or realization of rabbit hole.

How would I divide the task in 90 days, focus on passing in this short time.

Thanks in advance 😄

Edit:
Thank you everyone for helping. I don’t have much friends after I moved to different country so couldn’t find the issue but talking with everyone seems I find the mistakes I took. Much appreciated your support.

Hi yall! I’ve been interested in pen testing since I first started this kind of work. I’m a “cybersecurity” guy that got my teeth cut on IT Auditing and GRC roles. Made it to leadership and eventually running my own info sec department.

I never got over the itch to learn pen testing.

Talking to pen testers for projects was my favorite part of the job. Anyway, I’m a CISSP and been doing the above work for awhile. Had a layoff and now have more time to figure it out. I want to play offense and do red team shit!

So, I’m asking what’s a good path to train up for and attain OSCP? I have discovered Hack The Box. Seems they have good reviews. I’ve explored comptia as well. You all use of of those?

I don’t have time restraints, however I want to make sure the time I devote to it is in the right place. I want to avoid training on what I don’t need to from ignorance. So let me ask the OGs and pros here! The sail just needs a wind in the right direction. Thanks open to suggestions!

So before buying OSCP bundle i decided to buy the Proving ground first. I got some basic experience on linux and windows and AD. thats why i bought the proving ground first before the course.

So im doing the TJNull list and here is the problem, i dont feel the strugle from the practice. the reason is i keep seeing the "about this lab" when trying to start the lab. this is giving too much information that i can already tell where to go and what to look.

Is there a way to hide the description so that i can do the lab "blind"

Has anyone taken the OSCP exam on an unsupported operating system? What was your experience?

For the record, I’ve tested my connection from Arch Linux on a PC using Firefox, and the proctoring tool worked without any issues. I’m just wondering whether it’s worth taking the risk, or if it would be better to switch to a supported distro and a laptop instead of PC.