So it’s been right about 5 months since I wrote my last blog and things have been wild. I ended up having to push back my OSCP due to some medical issues and a prolonged hospital stay, but because I was determined to give it a shot, I still took the test while I was in early recovery and unfortunately did not pass. However I learned a couple things:
‘Trying Harder’ doesn’t work
I think the whole thing is a false dichotomy. The idea that you just aren’t trying enough and that’s why you’re failing is inherently wrong. Sometimes you’re trying harder than they intend for you to; sometimes you’re trying hard, but at the wrong thing; and sometimes trying harder won’t get you anywhere because things are broken and need to be fixed first.
Not only that but any kind of impairment mental, emotional, physical; is going to stack the odds against you. Having an obsessive personality trait, that you can’t stop until you get something right, that’s going to be an impairment as well because once you get stuck in something you’ll just keep trying things even though none of them will work.
I don’t know if you’ve had experience driving in the snow or mud, but if you have, you know that if you get stuck the first thing that you need to do is straighten your wheels, get traction, and then drive out slow. If you just press harder on the gas pedal and move the steering wheel, you’re only going to bury yourself deeper in that hole.
So instead of trying harder when you run into something whether on a test or in the field, stop trying so hard. Get up from your chair, make sure you are feeling aligned physically, mentally and emotionally; leave the room and go outside, exercise, play video games, watch an episode of a TV show. Once you’re feeling more in control of your mind and emotions, you will be ready to tackle the issue again.
Next you’ll need to find something that will give you traction with the issue you’re dealing with. Maybe you need to go do a lab on a CTF site or training site that involves something similar to the issue you’re working on, but at an easier level and maybe with a walk-through online. This will give you something to work off of instead of just spinning your tires in unknown territory.
Finally, you’ll want to take it slow. Go back to where you were stuck, think about things again and take time to read and understand your exploits. Maybe there was a step you were missing before that was only mentioned in one particular right up. The calmer you feel, the more you understand the situation, the more likely you will be to pick up on that thing you overlooked before.
Failure is OK
Now this one is something I struggle with. Up until the OSCP, I had never failed a professional test IN MY LIFE. So when the 23 hour mark was hitting and I knew I wasn’t going to make it, I got frustrated. I had spent the majority of the test on the same box because I got stuck and was ‘trying harder’ and spinning my wheels when I had missed just one piece of code that I needed to run in an exploit. I was angry at myself, and I was angry at the course for giving poorly worded advice.
However, after the dust had settled and I had some time to think about things, I appreciated that I had learned some new techniques from the exam that I hadn’t previously used. I also appreciated that the reasons I failed the test (unaddressed health concerns, lack of sleep, obsessive tendencies for problem solving), are the same reasons why I under perform on some assessments at my regular job. So being able to identify and address these things has helped me to carve out ways to be more effective at work while taking care of my personal health.
The Takeaway
So this blog has been a long time coming and hasn’t even begun to scratch the surface of all the real world craziness we’re dealing with right now. However, I hope that this self reflection can be of some use to you in your endeavors at work, or in pursuing the OSCP.
I realize that because I have certain health issues, the testing format for the OSCP is very unhealthy for me and I probably won’t be attempting it again anytime soon. However, I still highly recommend the coursework for everyone, and the exam for those who are able to maintain a healthy schedule and are able to put self-care above their desire to pass the exam. Because if you lack that ability, you will only hurt your chances to pass the exam and you may disrupt your normal self-care routine which can damage your health, which isn’t worth it for a piece of paper.
That said, keep learning, keep improving, and stop trying so hard!
Gobias Infosec Blog 