TLDR: I got lifetime banned from Offensive Security. What’s next? Is my goal and dream over? Maybe.
(An open letter to all Cyber Security Professional, Ethical Hackers and Dreamers)
Hey everyone and fellow security enthusiast, I hope you’re having a marvelous week! WS here, one of you. Today I would like to share my personal experience for the past months.
As the title read, I’ve received a lifetime ban from OffSec, a renown US Based company providing Offensive Cyber Security Training for professionals. So, what’s next? is this the end?
Before I dive further into this topic, I just wish for you to know these are some of the questions and consequences I must consider before making this public:
1. Am I ready to face the consequences, backlashes or even doxed from this post?
2. Will this bring a halt to my career in Offensive Security?
3. How will I support my family if I were to lose it all?
4. How do I react when I get laughed at and scoffed at?
And a myriad of other questions, but above are the gist of it.
Regardless of which, I still feel compelled to share my story.
So why do I still choose to post this?
The reason’s simple.
No one, I repeat, no one should ever give up & resign their dream into the hands of an organisation. Secondly, to let anyone that is going through similar situation to know, you’re not alone. Finally, I don’t want to go down without a fight.
With the above clarification out of the way, let’s get into the main bulk of the story.
How it happened (TLDR):
Long story short
At the end of December, 2023. shortly after my Knee and Shoulder surgery, I was practicing my OSEP exercises in the hospital, and was stuck at one of the lab. That’s when a dude lurking in OffSec discord Channel reach out to me, going by alias of ‘Joker the Cyber Gopher’
I’ve always thought anyone on the OffSec discord channel must be legitimate,
so this guy reached out and offer to help with one of the exercises. I was elated, since the support for OSEP is way lesser than OSCP. After several interactions, His familiarity with the exercise content and access to source code of the exercises convinced me of his legitimacy as a fellow student.
A week into our interactions, it emerged that he was a young enthusiast from Zimbabwe, unable to afford official training. His passion, despite limited resources, deeply moved me, since it really remind me of my humble background. However, I soon discovered he was not an OffSec student, a fact he only revealed when oddly requesting to see my OSCP certification.
Long story short, I was moved by his passion and dedication to pursue the offensive knowledge, considering someone from Zimbabwe, where internet & monetary resource may be limited, still possessing such a strong passion and understanding content up to the OSEP level.
Compelled by his dedication, I planned to purchase a 90-day OffSec Library subscription for him once my salary was processed in March.
In preparation, he requested my contact details and daily request of my notes to help him start early, even sharing his study schedule. This constant barrage of text messages went on for weeks. Moved by his commitment, and hoping he can better prepare for the course since I can only afford 90days subscription for him.
I shared my personal obsidian notes for him, with great hassle.
(Why not right? Since I’m already purchasing the course content for him, it doesn’t make sense for him to do anything that is unethical right? … right?)
Unfortunately, my obsidian notes for OSCP which I haven’t touch for a long while since, contains my examination note. Which I overlooked after passing it fairly quick, all while busy studying for OSEP.
Well…. On January 31st, without prior warning or alert. My OffSec account suddenly was unavailable/ meaning to say can’t log in. Which left me puzzled , at which in this point I was still sitting in my office desk.
Only after going through several communication route with their support I was told, my account was put under ‘Investigation’ for suspected activities….
(What? Kinda absurd to not even reach out prior?)
Although I didn’t want to believe it, evidence pointed to the Zimbabwean individual misusing and selling my personal materials online. Though of course at this point, I cannot confirm this until much later. Nor wish divulge these information to the ‘investigators’ that will put me in an unfavourable position.
Truth is, I found myself so overwhelmed that I couldn’t focus on my work. The way it was handled, had such profound emotional impact I had to tell my manager what had happened and leave the office early, since i was unable to settle my thoughts through the day.
And this marks the beginning of my anxiety filled three months…
Below is the bulk of the conversation w ‘Joker’ during that time (which i think it’s a name that’s more apt for me at this point 🤣)
The Professional Letdown:
I reached out to OffSec’s community manager and sales representative for help, only to be met with, complete reversal in their previously engaged attitude, slow response or no response and a lack of empathy.
Notably, I had attended the DIV 0 event — an OffSec meetup — last minute while wheelchair-bound (Because ‘Try Harder’ right), since the sales representative informed me of the event. There, I met the community manager, who initially engaged by commenting on my post. However, when the situation escalated, their communication ceased, leaving my concerns unaddressed to this day.
The consequences were severe: not only did I lose my place at a SGD$16,000 OSEE conference, but I was also unexpectedly charged an additional SGD$545 for a ‘Platform Fee’ — Moreover, I had about $3,000 USD remaining value in my Learn Unlimited subscription, which apparently now, is forfeited.
All these treatments that made me feel criminalized.
Initially, the local sales representative had assured me of superior, localized support compared to his European counterparts, persuading myself and to bring in other two colleagues to invest in the Learn Unlimited program at $5,999 annually each.
However, as soon as difficulties arose, all support disappeared without a trace, offering no support or even the courtesy of a personal meeting to discuss the issues. The entire investigation into my account was opaque and black boxed. with no attempt made to genuinely explore my side of the story.
Admittedly, I made stupid and naive mistake, but the dismissive and arrogant demeanour of the company for the duration of the 3 months long ‘investigation, honestly left me feeling marginalized.
Sometimes it feels as if they believed they were too significant to fail.
It’s been nearly three months since this ordeal began. While I’ve somewhat moved on, the experience has left a lasting, bad after taste. Nevertheless, it has also highlighted a valuable lesson: true skill and determination are not limited to those with access to the best resources. This incident, though painful, has helped me recognize the value of passion and resilience.
Revisiting this episode has never really been easy and the fact of documenting it down even more so. But well, I’m motivated now more than ever to excel in my field, not out of spite, but because I believe that achieving success is the best form of resilience.
‘Success is not final, failure is not fatal: It is the courage to continue that counts’.
I might not have captured every detail here — it’s simply too much to put into words.
However, if you’re navigating similar challenges, or if there’s anything you’d like to discuss, please feel free to connect with me on Medium or LinkedIn! For those interested in a twist to the story, discover how these events unexpectedly led to the best five days of my cyber life by checking out my detailed account [insert link here later].
Let’s keep the conversation going and support each other through our journeys in cybersecurity!
UPDATES 07–07–24:
Update on My Journey and a New Beginning
Hey everyone,
It’s been a few eventful months since my last update where I shared the challenging news about my lifetime ban from Offensive Security. Life certainly didn’t pause there; instead, it took me on a transformative journey that has led to new beginnings.
A Fresh Start with REDFACE and the Cybergin Podcast
I’m thrilled to announce the launch of my latest venture, REDFACE, an AI-driven pentester poised to revolutionize offensive cybersecurity practices. This project, born from a period of reflection and redirection, aims to redefine how we approach and handle cybersecurity threats.
Simultaneously, I’ve embarked on a new journey to connect with others in the industry and beyond through the Cybergin Podcast. Our debut episode, “Wah you Hacker Ah?!”, serves as a pilot that, despite its raw execution, lays the foundation for a series where we dive deep into the intricacies of cybersecurity.
Both endeavors reflect my commitment to turning setbacks into setups for greater achievements. They embody my desire to keep learning, growing, and sharing these experiences with you all.
Join Me on This New Journey
I invite you to read about these developments in my latest post:
Listen to our first episode of the Cybergin Podcast here:
I’m eager to hear your thoughts, receive feedback, and engage in discussions that help us all grow. Let’s navigate these exciting times together, turning every setback into a significant comeback.
Thank you for your continuous support and engagement. Your encouragement makes this journey worthwhile.
Stay tuned, and let’s make cybersecurity more innovative and accessible again.
#Cybersecurity #Innovation #AI #Podcasting #CareerDevelopment #Technology #HackTheBox #BugBounty #LifeChanges #REDFACE #Cybergin
