OSCP Flood

Student Spotlight: Flood Survivor and OSCP Graduate

Editor’s Note: This article is a guest post by Christopher Downs and has been published with permission from the author.

My interest in cybersecurity began at age twelve when Wargames was released, a movie about the Cold War that debuted in 1983. Some of you may be thinking: “I’ve never heard of that movie! How old is this guy?” I consistently find that I’m the older guy in the cybersecurity community. Despite my age, I’ve always been fascinated with computer security and exploiting systems.

Fast forward to July 8, 2019.

SHALL WE EARN OUR OSCP?

I had started my OSCP exam mid-afternoon the day prior. I went into it clear-minded and relaxed, but as you know, the exam is extremely difficult. I struggled heavily with the last machine but finally obtained access to the system and had enough points to pass.

I was incredibly relieved. I had taken this exam before and knew what I needed to do but kept having inclement weather issues in New Orleans, where I lived. We had almost constant storms and power outages. But despite the obstacles, I was determined to pass, no matter the circumstances.

After completing the exam, I worked on my exam report. I was about halfway done and had been up for 30+ hours straight, so I figured I would get several hours of sleep before completing my documentation and submitting my report. To my surprise, I woke up to a raging thunderstorm, with water levels rising quickly in my home.

Next thing I knew, floodwater was over two feet high outside and pushing my home’s doors in. Panic ensued. I set up shop in the kitchen, trying to finish and submit my report. Then the internet went out. The water in the living room was almost three feet high and rising quickly. My cable modem was floating in the water, so I attempted to jump through my cell phone. The lines were jammed.

We grabbed everything we could and stuffed it in the truck to get out of the city before they shut the highways down.

CM Downs taking his OSCP exam, during a flood

Hours later, we were in the middle of Mississippi with no internet connection. I drove until I got a signal, desperately attempting to contact Offensive Security and inform them of the situation.

I was in a full-blown panic. Heart attack level. I needed to pass this exam. I received a response from the OffSec team, and back to the camp I drove. I finished my report sitting in the dark by a lantern while listening to the nighttime frogs go crazy. After completing the report, I headed back out to get a cell phone signal and submit it via cell tethering.

A day or so later, I got the email that I had passed. I was like: “Welp, I lost my physical items but at least my wife, Charlie the cat, and I are fine. Everything is gone, but at least I earned my OSCP.” You could say I tried harder.

Reflecting on the entire event, I would absolutely advise future students: do not do what I did. I have been in this industry for twenty plus years and sometimes thought to myself: “This should be easy. This should be a cakewalk.” Dead wrong. It is not.

I recommended meticulously progressing through course readings. Try to nail every single machine in the lab. If you’re aware of a personal weakness, prioritize improving it. For me personally, it’s Windows. The last time I used it was NT4. I’ve been on Linux since 1996. Boy did I take a beating.

Don’t make my mistakes! You have been warned.

Editor’s note:

Offensive Security strongly recommends and encourages students to prioritize their health and safety during their exam(s).

Try Harder, the philosophy that Offensive Security lives by, empowers students to prioritize their own physical, emotional, and psychological well being. This prioritization of health is central to trying harder. Cybersecurity professionals will often find themselves in intense, stressful, and demanding situations throughout their careers. In order to prep students for these situations, the Offensive Security exam process encourages students to always remain aware of and prioritize their health. Students who fail to prioritize their health aren’t putting themselves in positions to succeed.

Should another Offensive Security student ever find themselves in a safety compromising situation, we encourage students to immediately notify our team when safe and we will make the appropriate accommodations. Please refer to your OSCP exam guide for additional instructions.

NEW!

Advanced Web Attacks and Exploitation (AWAE)

NOW AVAILABLE ONLINE! Advanced Web Attacks and Exploitation (AWAE).

You can now take OffSec’s most popular in-person training as an online course.

Earn your OSWE

FOLLOW US ON TWITTER:

@offsectraining

@kalilinux

@exploitdb