A few years ago I was literally googling “what is an IP address.”

Two days ago — June 18, 2026 — I passed the OSCP+. Still kind of can’t believe it. :)

It’s been almost a year of prep, and honestly it was never just an exam to me. It changed how I think, how I take problems apart, and how I sit with being completely stuck. At some point the feeling of banging my head against the same wall for hours stopped bothering me and just became… normal. (I also unlocked infinite caffeine tolerance. Worth it.)

Quick disclaimer before anything else: no exam spoilers in here. OSCP is under NDA and I’m not crossing that line — if you want to be a professional, act like one before anyone’s paying you to. So this isn’t a walkthrough of what was on my exam. It’s the stuff that actually got me ready, written for the version of me from a year ago who wasn’t sure it would ever be enough.

What OSCP+ even is

It’s the same brutal, proctored, hands-on exam OSCP has always been — they drop you into machines you’ve never seen and you have to actually break in, escalate, and pivot, then write a professional report afterward. The “+” is the newer flavor: pass it now and you get the lifetime OSCP and the renewable OSCP+ that keeps you current. The modern exam leans hard into Active Directory, so plan your prep around that.

What actually worked

1. Boxes over theory

I rooted 49+ machines on HackTheBox and OffSec Proving Grounds before the exam. That’s the single biggest reason I passed. You don’t read your way to OSCP — you fail your way to it, one box at a time, and the failing is the part that teaches you.

The boxes that destroyed me taught me the most. There was one where I had to enumerate web files for creds, SSH in, find a loopback-only service, set up port forwarding to reach it from Kali, then abuse a SUID binary to read restricted files. Took me hours. I wanted to throw my laptop. And then I never forgot any of it. That’s the trade.

2. Enumeration is the whole game

Every single time I got stuck, the answer was the same thing: I hadn’t enumerated enough. Ports, versions, web directories, shares, users, services — every rabbit hole. The exam doesn’t reward clever, it rewards thorough. Build a checklist and run it every time until it’s muscle memory. (Mine lives in my enumeration workflow and AD methodology posts.)

3. Active Directory, then more Active Directory

If you’re shaky on AD, that’s the gap that fails people on the current exam. Kerberoasting, AS-REP roasting, ACL abuse, BloodHound path analysis, lateral movement, DCSync — get fluent enough to run a full chain without stopping to Google every step. I spent a disproportionate chunk of my prep here and it paid off. My BloodHound quickstart and Active Directory playbook came straight out of that grind.

4. Notes and report practice — this blog was part of the prep

Every writeup on this site was secretly OSCP prep. The exam ends with a professional report, and if you’ve never written one on your own, that’s a rough time to learn how. Screenshot as you go. Write the finding the moment you land it. And here’s the real test: if you can’t explain an attack path in plain English, you don’t actually understand it yet — the exam will catch that even if you don’t.

5. Mindset for the clock

It’s a long exam and your brain will try to quit on you. The fix isn’t being smarter — it’s having a process you trust when you’re fried: take the break, eat the food, walk away from the box that’s beating you and come back with fresh eyes. “Try Harder” is real, but for me it was really “Try Smarter — and then try harder when smarter runs out.”

The part I want you to actually hear

I don’t have a CS degree. I did all of this while working a full-time SOC job — before shifts, after shifts, weekends, holidays. It wasn’t balanced and it definitely wasn’t pretty.

So if you’re sitting there thinking you’re not smart enough, or you started too late, or everyone else has some head start you don’t — I was googling “what is an IP address” not that long ago. Discipline beats talent that quits. The boxes don’t care how you feel; they just care that you show up and do the next one.

What’s next

OSCP+ isn’t the finish line — it’s the entry fee. The real goal is breaking things professionally, full-time. I’m aiming at penetration testing and offensive security, and I’m bringing a defender’s eye with me from the SOC.

What I got out of this was way more than a cert. It turned into a way of living: try again, try harder, and if you still can’t figure it out… you’re not enumerating enough.

Shoutout to OffSec. Turns out “Try Harder” isn’t just a slogan.

And if you’re on this path right now, mid-grind, not sure it’s working — keep going. It’s working. You just can’t see it yet.