DOKKAEBILABS
Contact
WhatsApp us
← All case studies
Education3 months structured prep

OSCP Cleared First Attempt After Months of Going in Circles

Self-studying for months, grinding TryHackMe, failed OSCP once. Needed a methodology, not more practice.

Kali LinuxMetasploitBurp SuiteActive Directory

The Problem

Reuben had been grinding TryHackMe for months. He knew what a buffer overflow was. He could run nmap. He'd compromised plenty of boxes. But when he sat the OSCP exam, he ran out of time and couldn't articulate what he'd done.

The issue wasn't knowledge. It was methodology. Without a structured approach, every machine became a guessing game. He'd spend two hours on a rabbit hole, not know when to cut losses, and lose the exam on time management rather than skill.

What We Rebuilt

Our offensive security instructor — OSCE3 certified, which means he's completed the full OffSec trifecta (OSCP, OSEP, OSED) — worked through Reuben's entire approach from scratch.

Enumeration methodology — A repeatable, documented process for every machine. No more ad-hoc scanning. Every service, every port, every finding logged in a consistent format before any exploitation attempt.

Exploitation decision trees — Given a finding, what do you try first? What's the signal that tells you to move on? Reuben had been treating exploitation as creative. We made it systematic.

Privilege escalation checklists — Linux and Windows. Manual checks before automated tools. Understanding what you're looking for and why, not just running LinPEAS and hoping something jumps out.

Active Directory attack paths — Kerberoasting, AS-REP roasting, BloodHound enumeration, lateral movement, DCSync. Covered the exam's AD set properly, with worked examples.

Report writing to exam standard — OSCP grades your report. Reuben had never written a proper pentest report. We worked through structure, evidence requirements, screenshot standards, and the exact level of technical detail OffSec expects.

Lab strategy and time management — When to take a break, when to move on, how to manage the 24-hour clock without burning out in hour 6.

Outcome

  • Cleared OSCP on second attempt
  • Submitted a clean, well-structured report
  • Could explain every step of every compromise

Quote

"Failed OSCP once before finding Dokkaebi Labs. The difference was how I think during the exam. They fixed my methodology. Cleared it on second attempt, clean report." — Reuben, Penetration Tester, Singapore

Outcome

Passed OSCP

Cleared OSCP on second attempt with clean report

Failed OSCP once before finding Dokkaebi Labs. The difference was how I think during the exam.

Reuben, Penetration Tester, Singapore

More case studies

Have a similar problem?

Get in touch and we can talk through your situation.

Get in touch →