The Spark: How the Idea Started

The path to the OSCP (OffSec Certified Professional) wasn’t a sudden realization. It started back at Vairav Technology with my colleague and friend, Mr. Srijan Adhikari.

At the time, Srijan was deep into his own prep. Our regular office discussions and practice sessions slowly turned a “maybe one day” thought into a concrete goal. After I resigned from my position, Srijan suggested I too take the plunge and go for it. Since he was also preparing, he became the best learning partner I could have. We spent countless hours in the PG machines together  and helping each other out whenever we hit a wall.

We even had our own discord server to discuss our shortcomings and learning.

The Preparation Phase

I pulled the trigger on the OSCP course bundle in November. During my notice period, Srijan and I kept the momentum going, practicing almost daily on Proving Grounds whenever we had a free moment at the office. Along with PG, the OSCP challenge labs were incredibly helpful.

On January 6, I finally felt ready and booked my exam for January 16. Coincidentally, that same day was a milestone for our duo: Srijan officially passed his OSCP+. Seeing him succeed on the very day I picked my date was the ultimate motivation. I knew if we had prepared together, I could follow in his footsteps (keep an eye out for his write-up coming soon!).

The anxiety hit immediately. I wasn’t 100% sure if I was ready, but I had put in the work. I had grinded through TJ Null’s and LainKusanagi’s OSCP-like lists on Proving Grounds and felt confident about my methodology for standalone machines. For the Active Directory (AD) portion, the OffSec labs were my primary training ground.

The Twist: A High-Stakes Deadline

Shortly after booking the exam, the very next day a new challenge appeared: a private invite to a BugV live hacking event on January 17, the day after my OSCP exam.

I set a strict goal. If my preparation was truly solid, I should be able to clear the exam and finish the documentation on the 16th itself. I wanted to be done within 10 hours so I wouldn’t be a total zombie for the live hacking event the next day.

Exam Day: The Costly Typo

The proctoring started at 9:45 a.m. I went straight for the standalone machines, hoping to bank points early and lower the pressure for the AD set.

Everything started perfectly. I knocked out two standalone machines within the first 90 minutes. Then, I moved to Active Directory. I got my initial foothold and escalated privileges on the first AD machine in about 40 minutes.

Then, I hit a dead end. I had the pivots and the leads, but nothing worked. I spent nearly three hours chasing rabbit holes. Later, I realized the issue was painfully simple: a spelling mistake. I had the correct credentials, but I was using the wrong username due to a typo. That single mistake cost me hours of frustration. Once I fixed it, the rest of the domain fell quickly. By around 5:00 p.m., I had the points I needed.

The Reporting Marathon

I thought the hard part was over, but the report was its own beast. Even though I had the points, I was terrified of failing on documentation. I spent eight hours obsessively rechecking screenshots and command syntax. I finally went to sleep at 2:00 a.m., exhausted but relieved.

No Sleep and a Good Finish

I caught a few hours of restless sleep before my 4:00 a.m. alarm. I did one final “sanity check” of the report, which helped me catch a few more typos and officially submitted everything by 7:00 a.m.

By this point, the challenge wasn’t just technical, it was physical. I was fasting that day, so I was hacking on a completely empty stomach while battling extreme sleep deprivation. Despite the fatigue, the adrenaline of the live environment took over. I managed to submit some reports and, to my surprise, finished in second place overall.

More than the ranking, getting to share the stage with hackers like Anand Dhakal and Baibhav Ananda Jha was incredibly inspiring. I was so drained I had to skip the networking party, but as soon as I got home, I received the best news: I had officially passed the OSCP / OSCP+.

Looking back, those 48 hours were a blur of stress and adrenaline, but crossing the finish line made every minute worth it.

Tips for your OSCP Journey

Passing the OSCP is as much about mindset and organization as it is about technical skill. Based on my experience, here are my top tips for anyone preparing for the challenge:

• Find a Learning Partner: I can’t stress this enough. Having Srijan to discuss approaches with made a massive difference. A partner keeps you accountable, helps you see angles you missed, and makes the long lab hours much more manageable.

• Master the AD Toolkit: For the Active Directory section, make sure you are comfortable with NetExec (nxc), Mimikatz, and BloodHound. These are your best friends for enumeration and lateral movement. Understanding the output of these tools is key to finding the path to Domain Admin.

• Develop Your Own “Cheat Sheet”: Don’t just rely on public notes. Build your own documentation during your prep. Having a personalized set of commands and workflows that you understand will save you precious time when the exam clock is ticking.

• Double-Check the Simple Stuff: My three-hour delay was caused by a single spelling mistake in a username. If you get stuck, step back and re-read your credentials. Sometimes the “impossible” exploit is just a typo away.

• Take Strategic Breaks: It sounds counterintuitive when you’re on a timer, but stepping away from the screen for 10 minutes can reset your brain. Most of my breakthroughs happened right after I took a breather.

• Over-Document for the Report: Don’t wait until the end to organize your screenshots. Take them as you go. When you finally sit down to write the report, you’ll be glad you have every step clearly captured. It’s better to have too much detail than to realize you missed a crucial screenshot after the lab access has expired.