Back when I was still a student (and a forum lurker), OSCP felt like something impossibly grand. Like looking up at a star in the sky and thinking “yeah, that’s beautiful” — never daring to imagine actually reaching it.
Then I graduated. Got a job. Had some money. One day I opened the OffSec registration page and thought: let’s just give it a shot.
And so it began.
Honestly, I Procrastinated a Lot
Truth is, the gap between when I “started studying for OSCP” and when I actually sat down to study seriously was pretty long. There were many evenings that should have been spent grinding labs but were wasted on pointless stuff instead.
The period where I truly got serious was about 6 months after I gave myself a hard reality check. Not 6 months of non-stop grinding — but 6 months where every single day I opened my laptop and did something, no matter how small.
I have no natural talent whatsoever. I’m a slow learner. There were labs where I read the writeup and still couldn’t understand why they did what they did — I had to re-read it two or three times. But I kept grinding. That was the only thing I could do.
Labs — and the Writeup Dependency Problem
I practiced using 0xdf’s OffSec Exam HTB List — a solid starting point if you don’t know where to begin.
At first, I read writeups constantly. So much that I felt embarrassed about it — the moment I got stuck, I’d open a writeup, check the hint, and move on. Over and over.
It took me a while to realize the problem wasn’t reading writeups — it was that after reading them, I just… moved on. Never asked myself why. Never tried again from scratch. Never wrote anything down.
The biggest change I made was starting to take my own notes.
About Those Notes
I used Notion. Not because Notion is better than other tools — but because I was already comfortable with it.
I organized everything by category: Windows, Linux, Active Directory, then checklists for each phase — recon, service exploitation, web attacks, privilege escalation, etc. Simple, but clear.
Every time I ran a new command, I wrote it down. Every time a command failed and I figured out why, I wrote that down too — including the reason it failed, not just the fix. A lot of people just copy errors into AI, get a quick answer, and move on without really understanding what happened. I used to do that too. Eventually I broke that habit.
After 6 months, that handmade cheatsheet became something I could search faster than Google. Because I knew exactly where I put things, and I remembered the context from when I wrote them.
There are plenty of free OSCP notes shared online, and some note collections sold at a premium. I’m not saying those have no value — but other people’s notes can never replace your own. The process of categorizing, selecting, and writing things down — that is the learning. The best cheatsheet is the one you build yourself, because it fits the way you think, and it stays useful long after OSCP — well into your career.
Successful people aren’t necessarily more hardworking than you — but lazy people will always struggle to succeed. I remind myself of this often, because I’m pretty lazy too :3.
Find Someone to Walk With
There was a period when I grinded alongside a friend. We solved labs together, got stuck together, cursed the lab authors together when we couldn’t get the flag, and celebrated together when we finally rooted a box.
There’s a saying: “If you want to go fast, go alone. If you want to go far, go together.” It really hits different when you’ve lived it.
The No-AI-During-Exam Rule
OffSec doesn’t allow AI during the exam. When I first heard that, I found it a bit inconvenient — I was so used to asking AI for help that going back to plain Google felt like going backwards.
But thinking about it more, it’s actually a good thing.
If you’re used to just copying errors into AI and following whatever it says, you won’t know how much you truly understand — until you’re in the exam room and AI isn’t there anymore. Practicing without AI while studying isn’t self-torture — it’s training a more fundamental skill: knowing how to search for and read documentation on your own. That’s what a real hacker needs, not the ability to write clever AI prompts.
That’s it. No special secret. Grind labs, take your own notes, find someone to walk with, and don’t rely too much on AI.
If you’re on this path — good luck. And if you have questions, just ask.