Yudha P.

Offsec Say Try Harder!

2 minute read

This article is a recap of my accomplishments this year. It highlights what I’ve done and sets the stage for my goals next year.

February 2023: Passed OSCP

I’m hesitant about taking the OSCP exam and, to be honest, I never feel fully prepared for it. Especially since I lacked any prior experience in Active Directory exploitation. However, my company insists it’s my turn since other colleagues have already taken (and passed) the OSCP.

After studying the PEN-200 course and labs for two months, I decided to take the exam, even though I didn’t feel completely prepared for it. Though I couldn’t gain root access to one particular machine and only managed to obtain user access, I still successfully passed the OSCP. This experience reinforces that I’ve truly embraced the ‘try harder’ mindset.

April 2023: Passed CRTO

I felt rushed before taking the OSCP and realized I had skipped some fundamentals in AD exploitation. To solidify my knowledge, I decided to go ‘back to basics’ and thoroughly relearn Active Directory exploitation. After gaining confidence in my skills, I took the CRTO exam and successfully passed.

April 2023: Passed EWPTX

After passing the OSCP, I enrolled in the EWPTX course offered by INE Security (formerly eLearn Security). I feel more confident about this certification because I have over three years of professional-level experience in web pentesting, unlike my initial experience with OSCP.

After completing the exam and submitting the report, I had to wait for about a month to receive notification that I had passed the EWPTX.

Semptember 2023: Passed CRTA

CyberWarFare Labs recently released a new certification, CRTA, and offered a discounted price of only $50. Recognizing it as a beginner-friendly certification for those interested in Active Directory exploitation, I decided to give it a try. As expected, I successfully passed the CRTA exam.

November 2023: Passed CRTP

Now that I feel confident in Active Directory exploitation, I’ve decided to progress further on my red teaming journey by taking the CRTP exam.

After completing the exam, I waited about a week to receive notification that I had passed. CRTP marks the final certification I pursued this year.

Other Achievement: Obtained 100+ CVEs

In early 2023, my objective was to achieve 100 CVEs. Concurrently, I embarked on research endeavors within open-source projects, primarily delving into WordPress plugins. This exploration broadened my understanding and engagement in the cybersecurity landscape.

Next Year Target

Next year, my goal is to pursue CRTE. However, I plan to prepare by first taking ECPPT and PNPT, viewing them as beneficial steps towards achieving my objective.

Update: Just passed my eCPPT, but seriously, don’t take any INE certification in the moment.

Update 2: Instead of pursuing CRTE, I took and passed the OSEP exam. I plan to skip CRTE and take the CARTP exam next year.

Conclusion

In conclusion, I’ve accomplished numerous achievements this year. I’m grateful and say ‘Alhamdulillah.’ Thank you, 2023, for the opportunities and experiences.

Categories:

Updated: