You’re Getting Your OSCP

Back to Back to Back

Hi everyone!

Where do I even begin?

I was wrapping up a web application penetration testing internship the last time I posted. Before that, I was an intern as a Cloud Security Associate. My goal this year was to take a few months off to decompress and focus on getting the OSCP.

Well, that didn’t pan out, and I’ve landed another internship.

What’s different this time? Well, to begin, it’s paid! So I’m feeling good about that aspect. However, it doesn’t align with my goal of getting a penetration tester/red teamer position. But, here’s the thing — it does do something called compounding, which exposes me to various fields in Cybersecurity, and keeps building what matters the most. Experience.

So, here I am, an intern in the Consultant Development Program at Tevora, working in PCI Compliance. For those unfamiliar with the term, the Payment Card Industry handles all credit card transactions from the point of sales devices you’ll find at your local merchants. You swipe your card, and there’s a process that happens in a matter of seconds to confirm you have funds available in your account, then approve your transactions.

What I’ve been doing is getting trained on how the payments industry works, reading through many technical reports, and learning how to write them. It’s a meticulous process that requires attention to detail and willpower to push through all the technical documentation. It’s my second week, and I have several projects to work on.

My eyes are strained, and I’m lost like a mother fucker. I guess that’s how things usually are when you start something new.

My time is dedicated to my current job, with very little time contributing to the OSCP. My lab time will run out in about two weeks from today. I’ve been focusing my energy on learning Active Directory because of the new exam format.

I’ve built a lab using TCM’s ethical hacking course. That gave me a general idea of what to expect however the Offsec labs have a much different approach. I find their material to be vague and difficult to digest. I don’t feel prepared at all, and I’m likely to fail because it’s all or nothing on the AD portion of the exam.

My goal for the 6 Mar 2022 (exam date) is to focus entirely on Active Directory and get the 40 points since it’s an all-or-nothing challenge. I know I won’t pass on my second attempt, but I’m looking forward to getting the most out of the experience.

Next on my agenda is to get the eCPPT. I have unlimited lab time and will take the exam this Summer. I’ve also been reading some really great reviews about the PNPT, so I think I may follow up with that certification.

Yeah, that’s pretty much it for now.

I just want to say Happy New Year to everyone out there. Thanks for following my journey into penetration testing and Cybersecurity!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store