My Path to Attaining OSCP

Rich Amies
Dark Roast Security
6 min readFeb 15, 2021


Anyone with more than a passing interest in infosec will be familiar with the OSCP. And for those who have had more than a passing curiosity, I’m sure they’ll be familiar with the plethora of “I passed OSCP on the first attempt” posts on internet forums.

My story is different. I didn’t pass on the first attempt. Nor the second. Not even the third. But my journey has been spectacular, at least, for me. I’ve learnt a great deal, not just about everything the OSCP encompasses, but myself and humanity itself.

Rewind back to 2019. The world was relatively stable, and after spending a good number of years away from computers as a profession, the end was obvious for the field in which I’d found myself — dirty-diesel. Not your run-of-the-mill lump of metal parked outside your house, but the much larger engines for backup power generation in hospitals, locomotives, or even military applications. I have getting on for another 30 years of work ahead of me, and the market isn’t likely to blossom during that time. But my roles would likely prove to be stable in the intermediate term, but looking further ahead — there’ll be a good number of people looking for what little work remains in the market sector I’d ended up in.

You’re a spanner monkey — why the change? Well, prior to heading in this direction I had a fair start to my working life in IT. I started out on the bench, working with dealer-returns from IBM, before progressing my way into the field side of things for another employer. I thoroughly enjoyed this side of work, but realising there is little scope for progression(let’s face it — if you’re good in the field, your employer isn’t hugely likely to take you out of it!), I went off to university as a mature student to focus on software engineering, after trying to be a grown-up and thinking that one day I’d like to buy a house for the family I was yet to create. Looking back, at the age of 24 and with several years of paid employment behind me, university was one of the worst choices I’ve made. Going from being a grown-up, with a regular income, to something else entirely, spending that first year largely covering things you already know — it proved to be a soul-destroying endeavour, and I turned my back on IT completely, and went off to water flowers and contemplate life.

Obviously not me in the photo, I look far less happy and never had the legs for shorts. Image blatantly stolen from

I digress. Anyway, I’d remained somewhat in-tune with tech, running aftermarket firmware on the majority of my smartphones, running a HTPC, etc, etc. Somewhere between watering the flowers, and watering myself with a burst cooling hose one day, I’d started to love most things computer-related again. Working a 40-odd hour week, with 10 hours of commuting wasn’t going to be helpful in pushing toward learning something as huge as information security. I did try, but the total cost of sleep-deprivation, removal from those you care about — it was too much, so I took the plunge. I weighed up the financial hit of not earning for 3–6 months, and I politely handed in my notice at work. Served my notice period, came home with a lovely card, a nice bottle of champagne, and a rather unmasculine number of tears shed over numerous days.

Bought the course, not expecting the fortnight-long wait between ordering and actually starting. I defrosted the freezers, washed the cars, and did a handful of courses on udemy. Then jumped in with both feet, and loved the journey.

With the end-date of my lab time in early January, I felt quite confident and took the OSCP exam early — before Christmas, just 9 weeks or so after starting the course. Obviously I failed, but not badly — we’re not given a point score, only a pass or fail, but I had 57.5 points on that attempt, with the minimum pass mark being 70 points. A happy failure, my journey was still a headlong gamble into the unknown, but I wasn’t as useless as I could have been. With hindsight, at this point I should’ve knuckled down and completed my lab exercise and machine reports , but I nearly had root on the hardest machine in the exam, so prioritised further enumeration and escalation methods over the completion of the lab report. I thought it better to focus on the 12.5 points I was so close to, rather than the maximum of 5 I’d get from submitting full documentation.

Exam 2, a month or so later after pushing on HackTheBox and following some posts about good methodologies, and ways of improving weak points — same score, same point breakdown, totally different machines, and still full of hope.

Somewhere just about here, Offensive Security updated the course to the 2020 revision, and with it, greatly extended the “pause” between exam retakes. This hurt me a lot, I’d not banked on having to wait 3 months between exam takes.

Exam 3, another month later — 67.5 points. That lab report would’ve sure been handy right now.

Hello pandemic! Britain is in a full-on lockdown.

Lifted from Spitting Image 2020 —

Faced with the new changes in the examination retake policy, just about here I’d have picked up some local agency work to help minimise the overall cost, but there was little chance of that. We were in lockdown, and the jobs market would prove to be weak for the whole year, sadly.

I kept pushing, I kept learning. and I hit the wall hard on my next attempt — just the one machine under my belt(the buffer overflow), and little idea of what had gone wrong. I’m no wiser to the event now, truth be told — I’d have been minutes away from fully-rooting 4 machines on attempt 3, and this time, I had no clue. I’d worked at every angle where I’d felt weak during the previous exams, and just couldn’t explain this. I’d understand losing 20 points(or more), but to go from near-pass, to in the gutter?

It still evades me now. But what I can tell you is that all exam attempts are not equal — the very nature of it means the machines presented to you are often significantly different to what you’ve seen before, and some rotations are definitely harder than others.

Walk away? Can’t. There’s nothing out there for me in this world right now. There’s little in the way of income, so follow the path through to completion. The course has been revamped — buy it, buy more lab time, and start over.

The 2020 course material is, without a shadow of a doubt, much more in-line with what I’d hoped to receive when I made my first purchase. The machines in the lab are somewhat more varied — my exercise material and lab report now came in at 347 pages, rather than the incomplete 140 pages from the previous iteration of the course I’d had to submit whilst praying I’d get enough points to tip me over the edge on attempt 3.

How did the next exam go? Well, I didn’t need to submit my course material report. I very happily had more than enough points half-way through the exam, so spent my remaining time going over all my steps and ensuring I had everything I needed to complete the exam report and finally get to the end of this particular journey. I submitted my lab and exercise reports, just for completeneess, as the points won’t hurt if I’ve overlooked something I should’ve done.

Late January 2021, I finally had my OSCP pass, and proved to myself I wasn’t as useless as I worried I may be. Happy days. But despite the certification, I still worry I’m useless — hopefully that’s just in my nature. Overconfidence is not an asset of mine.

A takeaway for you — I may well have passed on the first, second, or third attempts. But in January 2021, I can honestly say I’ve earned the OSCP rather than just achieved it. It has honestly been fought-for, and the journey has brought me to tears a few times, but I’m all the better for it.

Cheers for reading. If following a similar path, I tip my hat and hope to read your story some day!



Rich Amies
Dark Roast Security

Documenting some of what I’ve learnt whilst becoming a cybergeek! Mostly HTB and OffSec Proving Grounds. Extremely human, full of imposter syndrome.