How did I prepare for OSCP+ with so little free time, between raising a child, working, and daily life stress? In this post, I share my full journey, plus some tips for other busy people who are also studying for this exam.

Introduction|Why I Started This Path#
My OSCP journey started in June 2023. After two failed attempts and many changes to my plan, I finally passed the exam on 2025/04/27.
At that time, I worked as a security solutions engineer. While talking with clients, I slowly noticed that many companies only did security “for show.”
Clients spent money on security tools, but they did not really think about their real risks.
I wanted to become someone who could help clients find real problems and give useful advice. This idea pushed me to start learning penetration testing.
When I first signed up for the course in 2023, my baby was only six months old. I only had about two hours a day to study. To get more practice time, I paid extra to add four more months to my course.
Because of time pressure and life stress, I finished the course material without fully understanding everything. I took my first exam in January 2024, and of course, I failed.
Still, what I learned helped me change my job in May 2024. I became a penetration tester.
I still wanted to earn this certificate. Since I knew my study time was limited, I signed up for OffSec’s Learn One course in August, together with some coworkers.
I heard the exam would change a lot on November 1st. I was worried the new version would be too different, so I rushed to take the exam again in October 2024, without being fully ready. I failed again.
Kepp Going|Building Skills and Habits, Step by Step#
After failing twice, I listened to my manager’s advice. I slowly worked through the HTB Academy Penetration Tester Path, and signed up for the April 2025 exam. This gave me enough time to prepare well. Before the exam, I finished these modules:
Active Directory Enumeration & Attacks
Login Brute Forcing
File Inclusion
File Upload Attacks
Command Injections
Linux Privilege Escalation
Windows Privilege Escalation
The Tomcat, Jenkins, and WordPress parts of Attacking Common Applications

It’s worth saying that HTB Academy covers not just the OSCP exam topics, but goes even deeper and wider than what the exam needs. Its structure is also great for people who want strong basic skills.
Besides studying the material, I also found a note-taking style that worked well for me. This helped me a lot.

Every day, I used my lunch break and the time after my child fell asleep to study for 1 to 3 hours. Even on busy days, I tried not to skip practice.
Preparation|Building Lab Experience: Every Hour of Practice Counts#
For lab practice, I focused on:
Capstone Labs (I did them again)
OffSec Challenge Labs (I redid the original OSCP A, B, C labs, plus Challenge 0, 7, and 8, 10)
OSCP-like boxes on PG Practice, recommended by the NetSecFocus Trophy Room (I finished more than 30 machines)
I really recommend PG Practice. It trains you to put information together, and it also covers attack methods that PEN-200 Labs don’t focus on much.
At first, I could only find one weak point at a time. Later, I learned to link 2 to 3 weak points into a full attack chain. This training made me much faster and more accurate at finding attack paths and privilege escalation paths during the real exam.
Of course, during practice, I got stuck many, many times. Sometimes I made silly mistakes and started to wonder if this job was even right for me.
But I always tried to solve problems on my own first. Only when I was stuck for too long did I check a writeup, and I wrote down each sticking point in a To-Do list.
This time was different from my first two attempts, because I learned to match the difficulty of my practice to my mental state:
When I was tired, I did easy boxes. When I felt sharp, I tried harder ones. My advice is: when you are tired, just rest, because making some progress is enough. If you push through hard boxes while tired, you will burn out. Hard boxes work best when your mind is fresh.
Exam Experience|Staying Calm on Exam Day#
On exam day, I officially started at 10 AM on 2025/04/25.
At first, I was so nervous that my mind went blank. I could not even follow the To-Do notes I had prepared.
So I took breaks often. I left my seat, drank water, and walked around to calm down. Little by little, I got my rhythm back. As long as you can calm down during the exam, the time spent resting is small compared to the whole exam.
My strategy was clear: work on the AD environment first, to lock in the most important points, then move on to finish the standalone machines steadily.
While working on AD, I got stuck in a rabbit hole for almost seven hours. I ate food, took a short nap, and took a shower to reset my mind. In the end, I broke through.
When attacking the standalone machines, I stayed alert because of my AD experience. As soon as I felt stuck, I switched my direction right away, instead of wasting time on the same approach.
Here is my full exam timeline:
Finished the first AD machine at 11:13
Finished the second AD machine at 18:21 (including breaks to reset)
Finished the third AD machine at 21:53
Finished Target 1 at 23:12
Finished Target 2 at 01:48
Gave up on Target 3
Ended the exam at 9:36 (I saved time on purpose to write the report)
As you can see, even if your start is rough, you can still finish the exam well if you stay calm and slowly find your rhythm again.
During the exam, I took screenshots as I went, and wrote notes in Chinese for every step. This made writing the report much easier later. After the exam, I used SysReptor with the OSCP report template to finish my report quickly (I used the self-hosted Docker version).
Resources|Recommended Resources#
If you are preparing for OSCP+, here are the resources I strongly recommend:
HTB Academy’s Penetration Tester Path: Covers all OSCP topics fully. Some content goes beyond the exam, but the teaching is well organized and great for building a strong base.
OffSec Capstone Lab and Challenge Labs: Use Capstone Lab to get used to attack techniques. Challenge Labs match the difficulty of the real OSCP exam, and train your ability to find vulnerabilities.
PG Practice platform: Strengthens your ability to combine information and chain multiple weak points together.
HTB OSCP-like AD Labs (Easy difficulty): Great for practicing AD-style challenges and building a solid AD foundation. The medium difficulty may go a bit beyond OSCP scope, but you can try it if you have extra time.
I suggest you plan your practice intensity and scope based on your own progress and weak areas.
Conclusion#
If you have not signed up for PEN-200 yet, I suggest starting with the HTB Academy Penetration Tester Path to build a strong base first. After you sign up for the course, combine it with OffSec Capstone, Challenge Labs, and PG Practice. With this kind of practice, you should find it easier to score points on the OSCP exam. Good luck to everyone!
Hard work may not succeed exactly when you hope it will. But if you keep trying, you will succeed in the end.
