I passed OSCP+ in December 2025. It took me 18 months of consistent preparation alongside a full-time job doing enterprise VAPT. This post covers everything — what I studied, what didn't work, what finally clicked, and honest advice for Indian security professionals who are preparing for the exam.
"Try harder" is not just a motto. It is the only mindset that gets you through."
Why I decided to go for OSCP+
After 2 years of conducting real-world VAPT engagements at Panacea Infosec, I realised something: clients look at certifications. Recruiters look at certifications. OSCP is the one that carries the most weight in the Indian enterprise security market, especially for banking and CERT-IN empanelled work.
I already had eCPPTv2 and eWPTXv2 from INE Security, which gave me a solid base. But OSCP+ is different. It is a 24-hour live exploitation exam — no multiple choice, no theory. You either hack the machines or you fail. That is what I wanted.
My preparation timeline
Months 1–4: Building the foundation
Before touching PEN-200 (the official OSCP course), I spent time making sure my basics were solid. This is where most Indian students rush — they jump into OSCP prep without strong fundamentals.
- Linux command line — fluent, not just basic
- Networking — TCP/IP, subnetting, routing properly understood
- Python scripting for automation and custom tools
- TryHackMe — completed the "Jr Penetration Tester" path
- HackTheBox — started with easy machines, moved to medium
Months 5–12: PEN-200 and lab machines
I purchased the 90-day PEN-200 lab access. In those 90 days, I rooted 50+ machines in the official lab. The Active Directory sets were the hardest — and the most valuable.
# My daily lab routine (during working days)
6:00 AM — 1 hour lab practice before work
10:00 PM — 1.5 hours writeups and reading
Weekend — 5-6 hours focused lab time
Months 13–18: HackTheBox OSCP-like machines
After my lab time expired, I switched to HackTheBox machines tagged as OSCP-like. The TJnull list is your bible. I completed 40+ machines from that list.
What finally made the difference
Methodology. Not tools, not tricks — a repeatable methodology. Every machine I approached the same way:
- Full port scan first —
nmap -p- --min-rate 5000 target - Service version scan on open ports
- Manual enumeration before any automated tools
- Check every service for known CVEs and misconfigurations
- Try the obvious things first — people often overlook default creds
The exam experience
The exam is 23 hours 45 minutes. I started at 9 AM. By 4 PM I had enough points to pass. I spent the remaining time documenting everything meticulously — because you can hack every machine and still fail if your report is weak.
The Active Directory chain is the key. If you compromise the full AD set, you already have a passing score. Focus 60% of your prep time on AD.
Resources I actually used
- OffSec PEN-200 course material — read everything, not just the highlights
- HackTheBox — TJnull OSCP-like machine list
- TryHackMe — for AD fundamentals
- IppSec YouTube channel — watch after you attempt a machine yourself
- PayloadsAllTheThings — GitHub, bookmark it
- GTFOBins — for Linux privilege escalation
- LOLBAS — for Windows privilege escalation
Honest advice for Indian professionals
Many people ask me — "Anshil, I work full time. Can I still do OSCP?" Yes. I did it while conducting 194 VAPT engagements in one year. But it requires discipline, not just motivation. Motivation fades. A fixed schedule does not.
Also — do not skip the report writing practice. In India, we often focus only on the technical side. But professional report writing is half the job in real engagements and it matters in the OSCP exam too.
