xsspresso
xsspresso
BlogMy Experience with OSCP+ in 2025
#OSCP#Certifications#Penetration Testing

My Experience with OSCP+ in 2025

A full breakdown of my OSCP+ journey — preparation, lab time, the exam, and lessons learned.

April 21, 2025

I Passed the OSCP – After Failing My First in 2024

After months of training, long nights of hacking away at machines, and a fair share of self-doubt, I’m proud to say: I passed the OSCP+ on February of 2025. This wasn’t a straightforward journey—in fact, I failed on my first attempt on march of 2024. But that failure became a turning point that helped me grow, reflect, and ultimately succeed. You can too!

Changes Pen-200 2025:

  • The 2025 version now is an assumed breach scenario where you are given access to the AD portion.
  • There are partial points meaning if you get successful privilege escalation on your first AD machine you get partial points.
  • There are no 10 extra bonus points anymore. In the previous version you get 10 extra points by submitting 30 proof.txt and meeting a % completion rate on the labs (exercises for each of the modules)

The Journey Begins: PEN-200

My path started with OffSec’s Penetration Testing with Kali Linux (PEN-200) course 2024. It's more than just a certification prerequisite—it’s an immersive, hands-on offensive training that trains you in real-world offensive security techniques. The course is structured into 27 modules, each packed with practical labs and supported by instructional videos, I ignored most of the videos. It covers everything from basic information gathering to advanced topics like Active Directory attacks and AWS cloud infrastructure enumeration which it wasn't on my version of the exam.

Some of the key skills I developed included:

  • Mastering tools like Nmap, Burp Suite, Metasploit, and sqlmap

  • Exploiting common web vulnerabilities (XSS, SQLi, RCE, and more)

  • Performing privilege escalation on both Linux and Windows

  • Pivoting, tunneling, and evading antivirus detection

  • Attacking Active Directory and Tunneling

But where the course really shines is in its Challenge Labs.

Challenge Labs: From Learning to Applying

PEN-200 includes 9 Challenge Labs at the time I took it designed to simulate real-world penetration test environments. Three of them (OSCP A, B, and C) are especially critical—they mimic the OSCP exam format, helping you train under similar constraints and pressure. I would save A, B, C like around 2 weeks before your exam.

I worked through all 9 challenge labs—some (Secura, Medtech, Relia, Skylark, OSCP A, B,C, Zeus, and Poseidon) took hours, others took days. Each one sharpened my methodology, deepened my understanding, and improved my ability to document findings under pressure.

You can safely ignore Zeus and Poseidon as they are part of introductory for the next offsec course. Skylark, it is good practice however it goes way beyond what OSCP teaches you. Approach if you have time. It is ok to ask question if you struggle but try first.

Join the offsec discord server as soon as you enroll in pen-200

The First OSCP Attempt: A Tough Lesson

After finishing the course and all the labs, I took my first shot at the OSCP exam. I went in confident, but I underestimated how draining the 24-hour exam environment could be.

While I was able to compromise the AD portion (40 points) this took the whole exam as I refused to move on and look at the other machines. A crucial point is to take good notes and even a certain methods were not in the labs but it is mention in the course PUT IT ON YOUR NOTES. I couldn’t hit the 70 points to pass. The biggest mistake I made? Rushing, not documenting properly, and getting stuck without a solid fallback strategy.

I was devastated. But looking back, failing was the best thing that could have happened. It pushed me to identify gaps in my preparation and rework my approach.

The Comeback: Passing the OSCP

I regrouped, built a focused study plan, and like any subject in college practice!

Revisited difficult modules

Re-did all three OSCP-style labs under time pressure

Practiced thorough documentation with each machine I rooted

Reviewed write-ups and refined my enumeration-first mindset

On my second attempt, I was calm, methodical, and well-prepared. I hit the 90 points before the time ran out, wrote my report, and submitted it with confidence.

Resources used to practice

  • TJnull's OSCP like machines: https://docs.google.com/spreadsheets/u/1/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview
  • Lainkusanagi OSCP like: https://docs.google.com/spreadsheets/d/18weuz_Eeynr6sXFQ87Cd5F0slOj9Z6rt/edit?gid=487240997#gid=487240997

I did almost all of the machines above from the list after my first failed attempt. I started with HackTheBox, Proving Grounds and Virtual Hacking Labs. HackTheBox style machines helped me to improve testing techniques. Proving Grounds machines are very close to OSCP machines. Virtual Hacking labs a helped me tremendously for individual machines in the OSCP.

HackTheBox Dante is a good ProLabs to practice pivoting skills. However, you can accommplish the same with Offsec challenge labs.

Final Thoughts: Failing Forward

The OSCP isn’t just a test of technical skill—it’s a test of endurance, and adaptability. Failing it once taught me how to learn better, prepare smarter, and stay composed under pressure. That lesson alone was worth the struggle.

To anyone thinking about taking the OSCP: Don’t be afraid to fail. Just make sure you fail forward. Learn, adapt, and keep practicing.

If you’re on this journey and need advice or encouragement, feel free to reach out. I know how tough it is but I also know it’s possible.