Back to Blog
1/5/2024
15 min read
Krecendo Hui

My Journey from Zero to OSCP 2023

A comprehensive guide sharing my personal journey from cybersecurity beginner to OSCP certified professional. Learn from my mistakes, discoveries, and the strategies that led to success.

OSCP
certification
penetration-testing
journey
study-guide
offensive-security

Two years ago, I knew nothing about cybersecurity. Today, I'm OSCP certified and working as a penetration tester. This is the complete story of my journey from absolute zero to passing one of the most challenging certifications in cybersecurity.

The Starting Point: Absolute Zero

In early 2022, I was working in a completely different field with zero cybersecurity knowledge. I didn't know what a vulnerability was, had never heard of Kali Linux, and thought hacking was just what you see in movies. The decision to pivot into cybersecurity came from a growing interest in technology and a desire for a more challenging career.

My Background Before OSCP

  • • No IT or cybersecurity experience
  • • Basic computer skills only
  • • No programming knowledge
  • • Complete beginner in networking

Phase 1: Building the Foundation (Months 1-6)

Learning the Basics

I started with the absolute fundamentals. Here's what I focused on during the first six months:

  • Networking Fundamentals: CompTIA Network+ materials (didn't take the exam)
  • Linux Basics: Linux command line, file systems, permissions
  • Programming: Python basics, bash scripting
  • Web Technologies: HTML, HTTP/HTTPS, basic web application concepts

Key Resources Used

  • Professor Messer's Network+: Free YouTube course
  • OverTheWire: Bandit wargames for Linux practice
  • Cybrary: Free cybersecurity courses
  • YouTube: Countless hours of cybersecurity content

First Major Mistake

I tried to rush through the basics and jump straight into advanced topics. This led to confusion and frustration. Take time to build a solid foundation - it's crucial for everything that follows.

Phase 2: Introduction to Penetration Testing (Months 7-12)

Once I had basic IT knowledge, I started exploring penetration testing specifically:

Hands-On Practice Platforms

  • TryHackMe: Started with beginner paths, gradually increased difficulty
  • HackTheBox: Began with retired easy machines
  • VulnHub: Downloaded VMs for offline practice
  • PentesterLab: Web application security focus

Skills Developed

  • Reconnaissance: Nmap, directory enumeration, service identification
  • Web Application Testing: OWASP Top 10, Burp Suite basics
  • Linux Privilege Escalation: Common techniques and tools
  • Windows Basics: PowerShell, basic Windows administration

Breakthrough Moment

My first successful root on a HackTheBox machine was a game-changer. The feeling of chaining vulnerabilities together and achieving system access was incredibly rewarding and confirmed this was the right path.

Phase 3: OSCP Preparation (Months 13-18)

After a year of foundational learning, I felt ready to start serious OSCP preparation. This phase was the most intensive and challenging.

Study Materials

  • PWK Course: Purchased the 90-day package with lab access
  • TJ Null's OSCP List: Focused on HackTheBox and VulnHub machines
  • Additional Resources: IppSec videos, Heath Adams' courses
  • Buffer Overflow: Tib3rius's course and practice

Study Schedule

I maintained a strict study schedule while working full-time:

  • Weekdays: 2-3 hours after work
  • Weekends: 6-8 hours per day
  • Total: Approximately 25-30 hours per week

Major Challenges

  • • Buffer overflow initially seemed impossible
  • • Active Directory concepts were confusing
  • • Time management during practice exams
  • • Maintaining motivation during difficult periods

The OSCP Exam Experience

First Attempt (Failed)

My first exam attempt was a humbling experience. I scored only 50 points out of the required 70. The failure taught me valuable lessons:

  • Enumeration: I rushed and missed critical information
  • Time Management: Spent too long on difficult machines
  • Documentation: Poor note-taking hindered my progress
  • Stress Management: Anxiety affected my performance

Preparation for Second Attempt

I took a month to address my weaknesses:

  • More Practice: Completed 20 additional machines
  • Better Methodology: Developed a systematic approach
  • Improved Documentation: Created detailed templates
  • Mock Exams: Practiced 24-hour sessions

Second Attempt (Success!)

The second attempt was completely different. I approached it methodically, took regular breaks, and maintained detailed notes. After 16 hours, I had secured 80 points and passed the exam!

Success Factors

  • • Systematic enumeration methodology
  • • Better time management and breaks
  • • Detailed documentation throughout
  • • Staying calm under pressure

Key Lessons Learned

  1. Foundation is Everything: Don't rush the basics. Solid fundamentals make advanced topics much easier.
  2. Consistency Beats Intensity: Regular daily practice is more effective than occasional marathon sessions.
  3. Failure is Part of Learning: My first exam failure taught me more than any success could have.
  4. Documentation is Crucial: Good notes during practice translate to exam success.
  5. Community Matters: The cybersecurity community is incredibly supportive - don't hesitate to ask for help.

Advice for Aspiring OSCP Candidates

For Complete Beginners

  • • Start with networking and Linux fundamentals
  • • Use free resources initially (TryHackMe, YouTube)
  • • Don't rush - take 12-18 months to build skills
  • • Join cybersecurity communities and Discord servers

For OSCP Preparation

  • • Practice machines from TJ Null's list
  • • Master buffer overflow completely
  • • Develop a consistent methodology
  • • Take detailed notes and screenshots
  • • Practice time management with mock exams

Life After OSCP

Passing OSCP opened doors I never imagined. Within three months, I landed my first penetration testing role. The certification proved to employers that I had practical skills and the determination to tackle difficult challenges.

But OSCP was just the beginning. The cybersecurity field is constantly evolving, and continuous learning is essential. I've since pursued additional certifications and continue to expand my knowledge daily.

Conclusion

The journey from zero to OSCP took 18 months of dedicated study and practice. It was challenging, frustrating at times, but ultimately one of the most rewarding experiences of my life. If you're considering this path, know that it's absolutely possible with dedication and the right approach.

Remember, everyone's journey is different. Some may take longer, others shorter. The key is to stay consistent, learn from failures, and never give up. The cybersecurity community needs passionate professionals, and with determination, you can be one of them.

Your journey from zero to OSCP starts with a single step. Take that step today, and in 18 months, you could be writing your own success story. Try Harder!

Back to Blog
Built with v0