Summiz Post

How I Earned OffSec’s Certs In One Year

OffSec

Thumbnail image for How I Earned OffSec’s Certs In One Year
Post

Muhammad Khed details his year-long journey to earn all OffSec certifications, highlighting the importance of persistence, foundational knowledge, and hands-on practice in offensive security.


You can also read:


Muhammad's Journey from Game Hacking to OffSec Certifications: A Year of Persistence, Passion, and Deep Learning

Muhammad's decade-long journey in cybersecurity began with game hacking, which sparked his interest in programming and penetration testing. Initially driven by passion rather than career prospects, he pursued cybersecurity without knowing the job opportunities available, especially in Egypt. His interest in OffSec certifications grew as he recognized the challenge they presented, pushing him to schedule his first exam on the same day he started his subscription to force himself to adapt to time constraints.

The most challenging certification for him was exploit development, which required a deep understanding of system internals, reverse engineering, and vulnerability discovery. He described the process of writing an exploit as a profound experience, stating, "if you can write an exploit for something then you understand that thing to the zeroth level." This transition from using exploits to creating them was a significant mindset shift, requiring self-guided learning and research.

Muhammad emphasized the importance of persistence in problem-solving, often taking breaks to return with a fresh perspective. He applied this mindset not only to his work but also to his leadership role, where he encouraged his team members' skills and fostered their passion. He noted that pentesters have a different mindset compared to ordinary employees, requiring a unique approach to leadership.

The "try hard" methodology was central to his success, where he learned by attempting to solve complex problems without prior knowledge of the solution. He accepted failure as a learning mechanism, viewing challenges from different perspectives and never giving up easily. This approach was crucial in mastering cybersecurity tools, as he believed that "you have to understand everything deeply in order to be good in the field."

Balancing personal life with professional growth was another challenge Muhammad faced. Despite personal circumstances like marriage and having a baby, he managed to complete five certifications in 10 months, often getting by on just four to five hours of sleep. He took breaks between the hardest courses but generally pushed through with minimal downtime.

Muhammad's journey also extended beyond certifications. He explored multiple areas of cybersecurity, including cloud penetration testing, and expressed a desire to continue learning. He emphasized that even experts in the field are still learning, advising others to avoid burnout and accept that cybersecurity is a continuous learning journey.

If you can write an exploit for something, then you understand that thing to the zeroth level— as deeply as a human being can understand something. You understand that thing, even if it's a really, really small thing, and that feeling just feels so amazing.

Muhammad's Journey from Game Hacking to OffSec Certifications

Muhammad’s journey into cybersecurity began over a decade ago, rooted in his passion for game hacking. This early interest led him to teach himself coding and explore IT. As he delved deeper, he discovered a cybersecurity community in Egypt, which introduced him to bug bounty programs and various domains within the field. However, it was offensive security that truly captivated him. He found it challenging and stimulating, pushing him to constantly learn and develop. "It makes you think a lot and develop," he said, reflecting on why he gravitated toward this area.

Initially, Muhammad didn’t consider cybersecurity as a career. It was purely a passion, something he enjoyed without thinking about job prospects. "I didn’t think of it as a career because I love it," he explained. It wasn’t until a few years later that he realized there were job opportunities in Egypt, the Middle East, and globally. This realization led him to pursue cybersecurity professionally, driven by the belief that "working in something you love will make you better at it."

Muhammad had known about OffSec for a while, as anyone in offensive security would. However, he didn’t pursue their certifications until he was both financially and mentally prepared. "I purchased the certificates when I was able to do this financially and mentally," he shared. He was looking for a hard challenge, and OffSec was the obvious choice. "If you want a hard challenge, you go to OffSec."

His first certification was the Offensive Wireless Professional (OLP). In a bold move, he scheduled the exam on the same day he started his subscription. "I scheduled the exam on the same day I started the subscription," he recalled. The exam was tough, but Muhammad was determined to push himself. He had prior experience with wireless and Wi-Fi, which made the content more manageable. However, he faced some technical difficulties, wasting an hour configuring his screens and cameras. Despite this, he finished the exam in just one hour. "I wasted one hour configuring my screens... but I finished it in one hour."

The most challenging certification for Muhammad was the exploit development course (EXP-301). Even with prior experience in the field, the course and exam were designed to test him deeply. "It truly makes you deeply understand the topics," he said. He spent two and a half months studying and practicing, and there were moments when he doubted whether he could complete it. "I reached some points where I felt I would not be able to do it," he admitted. But in the end, his perseverance paid off, and he successfully earned the certification.

The Challenge and Joy of Exploit Development

Exploit development is often described as "level two of hacking." While pentesters rely on pre-made exploits to test systems, exploit developers go deeper, creating those exploits from scratch. This requires not only a solid understanding of how to exploit vulnerabilities but also the ability to reverse-engineer software. "You have to learn reverse engineering" to truly master exploit development, and this is no easy task. The process involves diving into the internals of systems, especially Windows, and understanding how applications are built. This is what makes the field so challenging, but also what makes it so rewarding. "It allows me to get deeper into the internals of systems," and that depth is what drives the passion for this work.

The shift in mindset from pentesting to exploit development is significant. In pentesting, you're used to running pre-made exploits or using tools to assist you. But in exploit development, you're on your own. "Completely different perspective" is how it's described. You have to imagine vulnerabilities and then build the exploit yourself, without any external help. This is a hard concept to adapt to, but with practice, it becomes more manageable. The most challenging part is learning the internals and using all your knowledge. "I taught myself the basics," including assembly and the Windows API, which are essential for this kind of work.

The feeling of mastery that comes with writing an exploit is hard to describe. When you can write an exploit for something, it means you understand that system at the deepest possible level. "You understand that thing to the zeroth level," and that kind of understanding is incredibly powerful. The feeling of creating your own exploit is "very powerful," and it's one of the most rewarding aspects of the journey.

Of course, frustration is inevitable, especially in courses like OSED. But there are ways to manage it. One key is dedication. "I promised myself I will not move any date," and sticking to that schedule helps avoid frustration. Another important strategy is not to ignore topics you don’t understand. Instead, find alternative ways to learn. If reading doesn’t work, try watching videos, drawing diagrams, or even changing your study environment. "Convince my mind that this is not just study, we are doing something we love," and that mindset shift can make all the difference. Understanding something that once frustrated you brings a unique kind of happiness. "I don't get happy by going to the beach, I get happy by understanding a hard topic."

But even with all these strategies, there are moments when the frustration becomes overwhelming. This is especially true during the OSED course, where the challenges can push you to your limit. "I adapt a specific method in study" to handle these moments, but they are inevitable.

How Persistence, Transferable Skills, and a Pentester's Mindset Shape Success

The speaker's approach to solving challenges is rooted in persistence. They recount a particularly difficult challenge that took them a week to solve. Frustration set in, and they had to step away from their computer for a day. But when they returned, they shifted their perspective, using paper and diagrams to break down the problem. This new approach allowed them to understand the missing concept and ultimately solve the challenge. The lesson here is clear: sometimes, stepping back and looking at a problem from a different angle can be the key to success.

When it comes to transferable skills in cybersecurity, the speaker believes that all areas of study are valuable. However, they highlight specific certifications like OCP and OA as particularly useful in their day-to-day work, especially in pentesting. These certifications focus on using tools and testing web applications, which are essential skills for a pentester. The speaker emphasizes that all the certifications they've earned are important for becoming a good tester, but OCP and OA stand out for their practical application.

Balancing work and study is no easy feat, but the speaker has managed to do it through sheer dedication. They lead a pentesting team full-time, freelance on the side, and still find time to study every day from 11:30 PM to 4:00 AM. Even weekends are dedicated to studying and solving labs. This intense schedule is how they were able to earn multiple certifications in just one year. It's a testament to the level of commitment required to succeed in this field.

As a team leader, the speaker recognizes that pentesters are not like regular employees. They have a different mindset, one that requires a unique approach to leadership. The speaker focuses on encouraging and developing their team's skills, knowing that pentesters are passionate about what they do. Their team members are inspired by the speaker's achievements and often ask for advice on how to replicate their success. The speaker, in turn, motivates them by sharing their methods and emphasizing the importance of dedication.

Finally, the mindset of a pentester extends beyond the realm of cybersecurity. The speaker explains that the curiosity about how things are built and the belief that everything can be hacked applies to everyday life as well. Whether it's analyzing a strange object or trying to understand how something works, the pentester's mindset is always at play. This constant curiosity and analytical thinking are what make pentesters not just good at their jobs, but also adept at understanding the world around them.

Developing a Deep Thinking Methodology in Cybersecurity

The speaker, a trainer, emphasizes the importance of teaching students how to think deeply about concepts. His experience in hacking has led him to develop a unique way of thinking, where the mind starts offering solutions to problems even when you're not consciously thinking about them. This happens especially when you're solving complex problems that require multiple stages. At first, you may not fully understand what you're doing, but your mind pushes you to continue. Eventually, you reach a solution and realize the process you went through. This is part of what he calls the "try hard" methodology, where the mind focuses on solving the problem rather than finding the easiest solution.

He also talks about the importance of balancing frustration and persistence. It's crucial to accept failure and not give up too early, but also to avoid pushing yourself to the point of frustration. Solving multiple problems helps you build your own methodology, and this is why CTFs (Capture The Flag challenges) are so important in the field. They allow you to learn from failure and improve your problem-solving skills.

For beginners in cybersecurity, the speaker advises not to treat OffSec courses like ordinary courses. The "try harder" methodology is key, and students must be prepared to try repeatedly to solve problems. He recommends the OSCP (Offensive Security Certified Professional) as a good entry-level certification for penetration testing, but stresses the importance of understanding the basics and practicing daily. Hands-on practice is essential because simply absorbing information isn't enough. You need to practice every day to retain knowledge and be able to apply it in real-world scenarios.

Finally, the speaker highlights the importance of understanding tools deeply, not just using them for results. He gives the example of Hydra, a password-cracking tool, and explains that understanding what the tool is doing at a deeper level will help you appreciate the results and use them effectively.

How Understanding Tools, Research, and Burnout Shaped My Journey

When diving into penetration testing, one of the most crucial things is understanding the tools and attacks. It’s not just about running a tool and hoping it works. You need to ask yourself, "What if the tool didn’t work?" There are many scenarios where you might not have access to your usual tools, or you might be using a device that only has programming languages available. In those cases, knowing how everything is built and why certain attacks happen becomes essential. For example, when cracking a password hash, understanding why it’s crackable allows you to adapt to any situation. Adaptability is key in penetration testing, and this mindset will help you face any challenge.

This deep understanding also plays a significant role in research. Research is a completely different beast compared to penetration testing. You’re not just using tools; you need to understand every part of what you’re doing. If you want to be a good researcher, you have to grasp everything, not just the surface-level mechanics. This is what sets apart a researcher from a tester.

As for my personal interests, I’ve explored various fields like Telecom security and IVR penetration testing, but I’m particularly interested in Cloud penetration testing. I hope OffSec eventually designs a certification for cloud security. In the future, I also want to dive deeper into research and contribute more to the community.

When it came to preparing for the OSCP exam, my experience in the field allowed me to approach it differently. I focused on solving the challenges right away, skipping the content because I already knew it. I finished the OSCP in five and a half hours with a perfect score. But for new pen testers, I’d recommend solving all the challenges and not skipping any content. Proving Grounds is an excellent resource, and one of the most important things is to read the exam guide carefully. It’s surprising how often people overlook this, but it’s crucial to avoid missing anything.

Burnout is a common issue in this field, and I’ve dealt with it by taking breaks and trying to learn something new. Knowledge gives me power, and understanding new things helps me avoid burnout. But it’s also important to accept when you’re burned out. You don’t have to push yourself to the point of exhaustion. Take a break, relax, and come back when you’re ready. This approach has helped me bypass burnout and keep moving forward.

In cybersecurity, burnout is especially prevalent because there’s so much information out there. No matter who you are, you can’t possibly keep up with everything.

In the world of pentesting, it's impossible to keep up with everything. There's simply too much to learn, and trying to be the best in every domain is a losing battle. The key is to accept this reality and focus on what matters most—whether it's advancing your career, pursuing your passions, or just handling the practical tasks of your day-to-day job. Once you pick a path and focus, it becomes easier to let other things go.

Burnout often stems from a sense of powerlessness. People who are learning, growing, and maintaining a healthy work-life balance rarely experience burnout. It’s when you spend too much time studying, feel like you're not making progress, and lose that balance that burnout creeps in. Ironically, sometimes doing less is what allows you to do more. Overloading yourself with study can be counterproductive, and stepping back can unlock new energy and focus.

Frustration is a common experience, especially in the beginning. It's normal to feel distracted and like you don’t understand anything. But after a few months, things start to click. You begin to see the missing pieces and understand what you're doing and why. This realization helps you move past the initial frustrations and gain confidence in your abilities.

When it comes to professional pentesting, getting stuck is inevitable. The more you practice, the better you become at navigating these situations. Improving your research skills and understanding the system you're working on is crucial. In fields like Telecom pentesting, where resources are scarce, you may have to rely on research papers and your own analysis of protocols during assessments. Adapting to these challenges is part of the job, and the client expects you to add value, even when the path forward isn’t clear.

Providing value doesn’t always mean finding vulnerabilities. Even if you haven’t exploited a vulnerability, you can still offer something valuable to the client. For example, you might say, "I’ve tried a hundred things, none of them worked, but here are some other approaches I could take if I had more time." This gives the client a roadmap to follow, even if the engagement didn’t result in a successful hack. The goal of pentesting isn’t just to break into systems; it’s to provide the client with actionable steps to improve their security. Reframing success in this way—focusing on the value you provide rather than just the act of hacking—can shift your mindset and help you feel more accomplished, even when the results aren’t what you initially hoped for.

How I Earned OffSec’s Certs In One Year

The systems have become more secure, and it’s getting harder to find new vulnerabilities, which is the ultimate goal. However, it’s impossible to prove something is completely secure. Instead, value can still be provided by showing the techniques used and the time spent on each task. Even if no vulnerabilities are found, there’s still value in building relationships with the blue team or IT team. After an engagement, discussing what was done, how detection occurred, and what could be done differently next time helps both sides grow. Pentesting isn’t just about finding vulnerabilities; it’s also about advising on best practices and adding value through consultancy.

When it comes to exams, you can never be 100% sure if you’re ready. The challenges in the course are designed to prepare you, but there will always be some uncertainty. The challenge labs are structured similarly to the exam, so completing them gives a good indication of readiness. The speaker completed all certifications in 10 months, with the OSEP taking about a month and five days, and the OED taking the longest at around two and a half months due to personal circumstances, including having a newborn baby. Despite the challenges of balancing family life and studying, they managed to push through.

The speaker sleeps around four to five hours a night, which they find sufficient for their lifestyle. They also took short breaks between the hardest courses (OCP, OSED, OSEP), usually a couple of days to a week, often while waiting for exam results.

Insights on Cybersecurity, Chess, and Pentesting

After completing an exam, the speaker waits for the results without touching the PC. Once the results come in, they immediately start working on the next certification. This disciplined approach reflects their commitment to continuous learning and improvement.

When asked about hobbies outside of cybersecurity, the speaker initially jokes that cybersecurity is their main activity. However, they also mention chess as a significant hobby. They have played chess for years and even competed in Egypt. Chess, for them, is closely related to hacking in terms of the mental processes involved. Both require dedication, strategic thinking, and the ability to adapt to new situations. In chess, just as in hacking, you must adjust your strategy based on your opponent's moves or the challenges presented by new technologies or networks.

The conversation then shifts to pentesting, specifically API and AI/machine learning pentesting. The speaker explains that API pentesting is very similar to application pentesting because many vulnerabilities in web, mobile, and desktop applications are API-related. However, AI and machine learning pentesting is still a developing field. While there are known vulnerabilities, such as prompt injection, the speaker hasn't had much time to explore this area in depth. Nevertheless, they believe it will become increasingly important in the future.

Finally, the speaker offers two key pieces of advice for those starting in the field. First, avoid frustration and burnout. No one is perfect, and even the most experienced researchers are still learning. Second, take your time and be relaxed, but also sprint when you can. This balance between patience and intensity is crucial for long-term success in cybersecurity.

Conclusion

Burnout is common in the field, but managing it through breaks and accepting limitations is crucial. Pentesting involves consultancy beyond just finding vulnerabilities, and API pentesting is closely tied to application pentesting.


Want to get your own summary?