Editor’s Note: This article is a guest post by Christopher Downs and has been published with permission from the author.
My interest in cybersecurity began at age twelve when Wargames was released, a movie about the Cold War that debuted in 1983. Some of you may be thinking: “I’ve never heard of that movie! How old is this guy?” I consistently find that I’m the older guy in the cybersecurity community. Despite my age, I’ve always been fascinated with computer security and exploiting systems.
Fast forward to July 8, 2019.
I had started my OSCP exam mid-afternoon the day prior. I went into it clear-minded and relaxed, but as you know, the exam is extremely difficult. I struggled heavily with the last machine but finally obtained access to the system and had enough points to pass.
I was incredibly relieved. I had taken this exam before and knew what I needed to do but kept having inclement weather issues in New Orleans, where I lived. We had almost constant storms and power outages. But despite the obstacles, I was determined to pass, no matter the circumstances.
After completing the exam, I worked on my exam report. I was about halfway done and had been up for 30+ hours straight, so I figured I would get several hours of sleep before completing my documentation and submitting my report. To my surprise, I woke up to a raging thunderstorm, with water levels rising quickly in my home.
Next thing I knew, floodwater was over two feet high outside and pushing my home’s doors in. Panic ensued. I set up shop in the kitchen, trying to finish and submit my report. Then the internet went out. The water in the living room was almost three feet high and rising quickly. My cable modem was floating in the water, so I attempted to jump through my cell phone. The lines were jammed.
We grabbed everything we could and stuffed it in the truck to get out of the city before they shut the highways down.
Hours later, we were in the middle of Mississippi with no internet connection. I drove until I got a signal, desperately attempting to contact Offensive Security and inform them of the situation.
I was in a full-blown panic. Heart attack level. I needed to pass this exam. I received a response from the OffSec team, and back to the camp I drove. I finished my report sitting in the dark by a lantern while listening to the nighttime frogs go crazy. After completing the report, I headed back out to get a cell phone signal and submit it via cell tethering.
A day or so later, I got the email that I had passed. I was like: “Welp, I lost my physical items but at least my wife, Charlie the cat, and I are fine. Everything is gone, but at least I earned my OSCP.” You could say I tried harder.
Reflecting on the entire event, I would absolutely advise future students: do not do what I did. I have been in this industry for twenty plus years and sometimes thought to myself: “This should be easy. This should be a cakewalk.” Dead wrong. It is not.
I recommended meticulously progressing through course readings. Try to nail every single machine in the lab. If you’re aware of a personal weakness, prioritize improving it. For me personally, it’s Windows. The last time I used it was NT4. I’ve been on Linux since 1996. Boy did I take a beating.
Don’t make my mistakes! You have been warned.