๐Ÿดโ€โ˜ ๏ธ OSCP Adventures

Started December 22, 2025 ยท Closed March 9, 2026
How It Started

I've wanted the OSCP for as long as I can remember caring about offensive security. In December 2025 I finally had a real window to go after it: a new baby, three months of paternity leave, and enough time carved out to actually commit. I went in with a plan and meant every word of it.

The idea was simple. Eight hours a day, split into sessions around baby duties. Work through all 27 PEN-200 modules, complete the 11 Challenge Labs, and sit the exam before returning to work in March 2026. My DFIR background gave me an edge on the defender side, and I wanted to flip that into a real offensive skillset. I was genuinely excited.

27
PEN-200 Modules
11
Challenge Labs
70
Points to Pass
24h
Exam Duration
What I Actually Got Done

Early on I was locked in. I finished Challenge 0 - Secura on December 22nd and learned something immediately: enumeration is everything. That 80% rule is not a suggestion. Most of my time was spent digging through output, following leads, and just poking around systematically until things connected.

The tools that clicked for me early: nmap for initial scans, WinRM with pywinrm for remote access, secretsdump.py for credential extraction, BloodHound for mapping domain relationships, and pyGPOAbuse for the final domain compromise. The most unexpected moment was finding credentials sitting inside a MySQL database โ€” nowhere near where I expected them. That kind of thinking, looking everywhere, not just the obvious places, is what the course is really trying to teach.

I worked through chapters 1 through 19 of the PEN-200 content. One lab done. Good momentum early.

And then life took over. Not in a bad way.

What Actually Mattered More

Our newborn's first months went fast. I spent more time with my 10- and 8-year-old sons than I had in a long time. We played outside. I was present. The coursework started slipping, and I let it, because the alternative was being somewhere else mentally while something irreplaceable was happening in front of me.

I never came back to the coursework the way I planned. I didn't sit the exam. I failed to complete the goal I set for myself.

The honest version: I chose my family over the cert, and I would make the same choice again without hesitation.
Where I Land On OffSec

Nothing bad to say about the training. The product is genuinely solid, the lab access is excellent, and the course structure makes sense. OffSec built something real here. The fault was entirely in my timing and expectations, not the material.

I may come back to this on weekends at some point. Maybe I'll schedule the exam in a few months when it feels right. But I'm not going to force it. I care more about the skills than the piece of paper, and I picked up real things during the time I did put in.

What's Next

Back to work in DFIR. That's where I'm most useful right now and where I have the most to contribute. I plan to start writing about what I actually work on โ€” findings from incident response, patterns I see in ransomware cases, things that might be useful to someone else. No promises on frequency, but that's the direction.

GREM is still on the list. I've already studied the material and just need to schedule it. GCFA follows after that. The cert path isn't dead, just reordered.

Leaving this post up as an honest record. It didn't go the way I planned, and that's okay.

๐Ÿ“Š Progress Tracker

PEN-200 Modules: Chapters 1โ€“19 complete

Challenge Labs:

LabStatus
Challenge 0 - Securaโœ… Complete (12/22/2025)
Challenge 1 - Medtechโฌœ Not started
Challenge 2 - Reliaโฌœ Not started
Challenge 3 - Skylarkโฌœ Not started
Challenge 4 - OSCP Aโฌœ Not started
Challenge 5 - OSCP Bโฌœ Not started
Challenge 6 - OSCP Cโฌœ Not started
Challenge 7 - Zeusโฌœ Not started
Challenge 8 - Poseidonโฌœ Not started
Challenge 9 - Feastโฌœ Not started
Challenge 10 - Laserโฌœ Not started
๐Ÿ“‹ Exam Rules & Scoring

Allowed: Nmap, Gobuster, Nikto, Burp Community, sqlmap, Hydra, John, Hashcat, Impacket, BloodHound, LinPEAS/WinPEAS, MSFvenom (unlimited)

Limited: Metasploit โ€” one machine only

Prohibited: AI chatbots, Nessus/OpenVAS, Burp Pro, auto-exploitation tools, spoofing attacks

Scoring: AD Set (40pts) + 3 standalones (20+20+20pts) = 100 total. 70 to pass.

๐Ÿ”ง Tools & Resources I Was Using

Knowledge Bases

Enumeration

  • Nmap, Gobuster/Feroxbuster, Nikto, enum4linux, smbmap
  • DNS: dig, dnsrecon, dnsenum | SNMP: snmpwalk, onesixtyone

Privilege Escalation

  • LinPEAS/WinPEAS, PowerUp.ps1, Seatbelt
  • PrintSpoofer, GodPotato, JuicyPotato

Active Directory

  • BloodHound/SharpHound, Rubeus, Mimikatz, Impacket, CrackMapExec
โ† Back to Blog | โ† Back to Home