Introduction:
Hi Friends, Myself Mohammed Adam, I’m a Senior Security Engineer in Crossbow Labs LLP, Bangalore.
This blog is all about the events happened in my life between 2019 to 2021 which made me to pursue & complete the OSCP certification.
To do anything you need dedication, passion & verithanam (means rage).
It all Started from here !
In one fine day evening, me and my friends in group where we received a notification on May 15,2019. The blog title will be like Aravazhi’s Journey – From Nothing to OSCP. I thought like it’s a normal blog like others posting in social media. But when I entered into it, I was stunned.
It is a blogpost, about real story of Aravazhi Rajendran. Aravazhi struggled a lot in his life to attain this stage. He shown us that anyone from anywhere can achieve anything. His story tells about how he learned each things about computers, networking etc. And How he overcome from his struggles & became a Red Teamer now from a remote village.
Days Passed
Everyone has their own dreams & goals. And it will be achieved in 6months or a year time or 2yrs or 5yrs or 10yrs. But if you are not setting the limits for the goals. Days will pass away. And you need to have the same essence of motivation, passion against the goals in the same time frame. So that it drives you to achieve your goals.
As a Cybersecurity Engineer, our work won’t be like a 9AM to 5PM job. It’s all about service providing, securing our client organization assets, responsive to customer emails, kickoff meetings, onboarding calls, demo calls, testing, debrief calls, retesting, providing recommendations to customers, final deliverables, researching & learning new stuffs etc.
And 2019 ends, 2020 started with COVID19 Pandemic alerts in all parts of the world. I still remember I just came to see my parents on February 2020 1st week in Villupuram and thought of returning back to Bangalore on the next fine day. But I received a call from My Manager Rosan Thomas and he asked me ” Adam when are you planning to coming back to Bangalore ?” I said next day rosan. “No man please stay in your home only We are going to shut down our offline work, you can work from Remotely itself”
I was like Super happy, Working from hometown remotely is a blessed thing for all.
It’s like kuttan going for a long weekend from Bangalore to Kerala in Bangalore days movie:
Days passed, All our team members planned to prepare for OSCP certification. So we thought of going through the OSCP syllabus each ones by surfing the topics in internet. We gathered lots of blogposts links, YouTube videos for learning etc.
And daily we spent across like 1-2hours for discussion. This activity went for 1-2weeks only after that all stick with their daily routine jobs including me.
But still I have a desire to achieve OSCP cert in upcoming days.
Mentorship & Preparation
Since my team members are busy with works & not concentrating on OSCP.
I thought of searching for mentors in group. I asked Aravazhi “he told me to practice in HTB platforms on retired boxes from Easy to medium machines first, stick with HTB platform , root each machines in multiple ways, take notes, if your good enough then start hard and insane boxes“.
Then I spoke with my another mentor Pranav Venkat bro. He also a OSCP holder & Independent researcher. He first advised me that “OSCP is not like a Udemy course bro like listening – completing videos and getting certification, it’s a discipline, you need to have consistently learning habit, develop your skillset, you need to know how a windows or Linux or any OS works fundamentally, what are the attack vectors will suit for any kind of situation etc.”
Then he asked me what is your learning time Adam ? Early morning or late night ?
I said I’m good at early mornings bro like daily I wakeup at 3AM and study new things.
Then he told ok man, its good habit to wake-up early for learning. And he given me tasks like “Complete one machine a day in retired boxes, take notes, before every Friday EOD submit weekly reports and we will discuss on how you gone through it.”
I started with TJ NULL List of OSCP like HTB boxes list for practicing.
Disclaimer: The boxes that are contained in this list should be used as a way to get started, to build your practical skills, or brush up on any weak points that you may have in your pentesting methodology. This list is not a substitute to the actual lab environment that is in the PWK/OSCP course. When you are taking the course, It is encouraged that you try to go through every system that is in the PWK/OSCP lab environment, as they will provide better insight for when you attempt to the exam itself. This list is not exhaustive, nor does it guarantee a passing grade for the OSCP Exam.
Even though my Current organization provides so many resources for learning new things.
I thought of purchasing Hackthebox VIP subscription for 60days & Started Hacking
For few initial boxes, I tired rooting it myself. After that I was stuck. Then I realized I was very weak in some concepts like Privilege escalation, enumeration techniques, buffer overflow, port forwarding, PowerShell and so on.
At the same time, TCM Academy – Heath Adams– TheCyberMentor Released New courses like below:
It is very helpful resources for me to stick with Hackthebox platform.
And I’m suggesting every OSCP Aspirants to read the following Blogposts, how other OSCP holders are done it:
TJ NULL – The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0
Rana Khalil – My OSCP Journey — A Review
Zeyu Zhang – My OSCP Journey: How I Tried Harder
Adithyan’s Blog – OSCP Preparation Guide
Cheat sheets:
LIODEUS – OSCP personal cheatsheet
Infosec Sanyam – My OSCP Preparation Notes
Hacktricks – Pentesting Network
Enrolled for OSCP
I have completed my 60days of HTB practice. So I have confidence to enroll OSCP Labs + Certification Exam.
Due to Pandemic, there are some financial crisis in my family. I can’t afford $999 dollars it’s like huge amount for me. I have requested to the core team of my current organization, they have approved the same without any questions or delays. I’m very much thankful for them.
I have successfully enrolled in the Offensive Security Penetration Testing with Kali Linux online course on the 27th of November 2020. The course & Labs starts on the 6th of December 2020
You will be receiving the Course PDF & Video files in same time and date mentioned as per your wish on lab start date.
I have gone through the Videos materials first, it was very informative each and every concepts are explained very well. The pdf also will be in the same manner.
Then started practicing in OSCP Labs. I have purchased only 30days lab. If you need more time for preparation you can also take 60days or 90 days as per your convivence.
As I mentioned, I was very weak in Buffer overflow. Before one week of Exam day only, My another Mentor & Friend Abdullah teached me Buffer overflow concepts.
He just taught me in Single day. And after that I was keep on practicing buffer overflow on multiple targets
Tryhackme Platform has a room called bufferoverflowprep. Please have a look on it.
Buffer overflow Playlist: https://www.youtube.com/watch?v=qSnPayW6F7U&list=PLLKT__MCUeix3O0DPbmuaRuR_4Hxo4m3G
Before Two days of exam, I was going through some of the Notes of Ranakhalil Linux & Windows boxes and Watching Ippsec Videos
Exam day
1st Attempt:
I have scheduled the Exam at 12:30AM On January 2021
I slept till 11PM and ready for the exam at 12:15am with my laptop & Government ID. As per the OSCP Exam guidelines we need to login into proctor portal before 15minutes with provided OSID and MD5.
Once we logged in, We need to enable the Webcam & Screenshare option, if your using more than one monitor you need to choose the same. Once it’s done.
Proctor will take you through some of few steps before exam starts. You need to very cooperative to complete those tasks soon.
Please go through this Article on Proctored Exam Information
Once all things are set, sharply at 12:30AM I have received the VPN pack to connect the Control panel.
Please go through this Article on OSCP Exam Guide
It will have detailed information of Do’s and Don’ts of exams, Restrictions of tools in Exam and How you can document the findings etc.
As per the Old Exam pattern Structure:
We will be having 5 Machines:
1) 25 Points box
2) 10 Points box
3) 20 Points box
4) 20 Points box
5) 25 Points box
As per the OSCP Exam Guide:
We must achieve a minimum score of 70 points to pass the exam
In my first attempt:
Exam Timeline:
25 Points (buff) – I practiced very well, but I have taken 4hours to complete it.
10 Points – In another 5hours.
I’m able to Crack only 25 Points(Buff) & 10 Points boxes = 35 Points ( I Calculated Manually)
I tried my best, but I Give up at 11PM IST.
I failed in my first attempt 😢 Very Badly.
Even though I know I failed in Exam. I documented everything and Shared to offsec team.
Failures & Reattempts
After the report submission day, I received an email from Offsec team like this:
I was very sad. Bad day for me.
Few Mistakes I done are:
1) The time slot which I scheduled the exam is 12:30AM, I’m not a night owl. So this is the first time I’m participating in an exam in night. So I got like headaches and things which made me to give-up
2) I Know OSCP is an open book exam, Using Google surfing the websites or blogs or YouTube videos are allowed. So I thought all is available in internet. I thought I can do it. But I was weak in some enumeration techniques.
In the same day, My Manager Rosan messaged me in teams and asked for OSCP exam status, I told the same, I failed in my exam. I cracked only 2boxes. He told me “No worries man, we can try in next attempt”
2nd Attempt:
In January 2021 itself I purchased the Exam reattempt voucher. But after several postpone I Scheduled my Exam on June 2021. I practiced in HTB for 30days only. I attended the exam.
Exam timeline:
25 Points (Buff) – Rooted in 1 and half hour
20 Points – Rooted in Another 6hours
20 Points – Halfly completed in next 6hours
10 Points – Halfly completed in Next 4hours
25 Points – Not got anything – but tried something
But this time, I don’t give-up I was sitting for complete 23hours in the exam.
In my 2nd attempt I calculated manually myself: 25+20+10 = 55 Points
Again I failed, But I documented everything and shared to offsec team before next 24hours end.
Next day Email from Offsec Team:
Same Message I received from my manager, How is the exam going man ??
I failed this time also Rosan
No worries man chill, we can clear in next attempt !
This time I have some hope to clear this exam,
But full of Negative vibes from my parents, that why are you wasting your money in reattempts Adam.
You know right, your failing on that then why you are trying it again !
My wife(Jimmana Barvin) was pregnant at that time before August 2021, And she motivated me that you can do it Adam, but take some time practice well then do it in November or December 2021 after our baby born.
All Couples knows how the situations will be there in the Delivery time. We need to be Physically & mentally strong for anything that is going to happen.
After 6hours, got a message from Labour ward that they gonna do C Section for my wife.
After 1hour, My Boy Came to this world – His name is Mohammed Hafeez
Goal Setting Call Notifications:
In First week of October, One of my colleague running Goal setting program. I participated with my own interest. This Goal setting call is very helpful for me to frame my upcoming goals and break them.
Every year end, I tried to recap my own achievements and failures.
So I got some motivation from the Goal setting call, Year gonna end, are we met with the 2021 Goals or not !
From August 2021 to November 1st week of 2021, I was taking care of my wife and kid. And I told my wife that I gonna write my OSCP exam 3rd attempt on December 18, 2021. I Don’t want to be a Failed Father or Failed Son or a Failed Husband for you. I need to get success in this OSCP Challenge. So Im going to Villupuram to prepare myself for exam and write it on mentioned date. She said ok Adam, but come with Success news.
3rd attempt:
I again purchased my reattempt exam voucher which expires on May 2022, bought Hackthebox VIP subscription for 1month which expires in December 17, 2021.
So I need to practice well this time, and I felt “Adam this is your last & final attempt try harder to clear this challenge”
Waked up daily like 3AM, apart from my office hours, I practiced well.
Days passed, I’m entering into December 1st week 2021.
There is a notification coming from offsec team that, there is a Change in Exam pattern on Dec 1, 2021
I was like very shocked on seeing that, But the new exam structure will applies only from January 11, 2022.
So i thought of scheduling my exam soon in December 2nd week, When I opened the Exam scheduled link it shows only Exam slots are available from Jan 11, 2022. Literally all hopes are gone. Because for new exam structure I guess at least I need to practice against AD boxes like 2-3 months as per my understandings.
Next day Morning, Dec 2nd 2021, I just had some hope, let’s try now with Exam schedule link, Luckily I got a Slot available on Dec 5th 2021 – 7:30AM IST Sunday.
So I have 3days to brush-up & revise my skills to attend my Exam.
The Final Battle is here:
From Saturday night I don’t get much sleep, But I slept for 5hours exactly.
Sunday Morning, Exam started with same energy at 7:30AM IST
Exam timeline:
25 Points (Buff) – Rooted in 2hours
10 Points – Rooted in 1hour
20 Points – Rooted in 4 hours
20 Points – Rooted in 5 hours
25 Points – Half Completed.
So this time, I Completed All 4boxes in 12hours of time frame and spent rest of the time in 5th box which is halfly completed.
I have manually calculated like 25+10+20+20+10 = 85 Points
I know I passed this time. So I ended up my exam and slept at 10PM IST.
Next day Dec6, 2021 Monday – I waked up early morning at 5AM IST and started my reporting part.
Since I used One note while in exam, its easily for me to take the screenshots and words in a sequence form.
My Reporting part ends at 1PM IST – Almost I prepared my report in 8 Hours of time frame.
And Verified myself more than 5-10 times.
As per Offsec exam guidelines I have submitted my report to the team.
Once we submitted the report, we will be getting an automated acknowledgement email from offsec team like below:
Awaited results
I know I passed this time, But the waiting time for getting official results made me more crazy.
This time, before my manager ask me, I messaged him and told I cracked the Exam this time rosan.
“He told Nice man, Cool All the best da !”
From Dec 6th to everyday Morning, afternoon, night, I was keep on Refreshing my Gmail inbox.
I know the Failing emails will come in next day itself. But I was expecting the Passed email message this time from offsec team.
Days passed. On Dec 9th Early Morning 4:50AM IST, when I half waked up & seen the email from Offensive Security like this:
After seeing my name in Offsec email, You have successfully completed the Penetration Testing with Kali Linux(PWK) certification exam and have obtained your Offensive Security Certified Professional (OSCP) cert.
I felt & told myself ” WE WON, ADAM !” (Like Soorarai Pottru Climax scene)
Then I went to my Parents they were sleeping at that time, I told them “Mom & Dad I got an official exam results from offsec team I passed in My OSCP Exam. I Did it Mom I Did it’
Then I called to mywife via mobile and told “Jim Na Pass aagiten, Oru vazhiya na pass aagiten, ipo na OSCP holder jim, thank you so much Jim for being so supportive for me.”
This is not just a certification for me, it’s a challenge against me made myself to pass.
It’s happened only because of having good mentors, positive support from family members, positive vibes people around me.
This Blogposts dedicated to all My Mentors, Family Members, Friends, My Manager Rosan Thomas, Core team of Crossbow labs, My team members and to all OSCP Aspirants.
“Nothing is impossible in this world, We can do it & Break it anything”
Final thoughts on Mental health
1) Self-care is very important
2) Work life needs to have some balance
3) Don’t Stress yourself & burn out
4) Even if you fail, take a break, travel somewhere and reattempt again
5) Sleep well
6) Your health is more important for your family
Bye Guys !!! See you all in Next Successful stories. All the very best for your future !