skip to content
AquiloSec
The OffSec Banner

OSWP, the Philosophy of Trying Harder, and Future Goals

/ 9 min read

disability , cybersecurity , offsec

This blog is written as a submission for OffSec’s blog challenge. All thoughts and feelings are my own.

Last weekend, I passed the OSWP. Yay! 🎉 (insert party music)

Having passed RastaMouse’s CRTO back in July, this exam was a bit of a change of pace. I’ve never done a proctored exam online before. In the past, during my in-person school days, I mostly relied on the trust of my teachers and professors, who were sort of forced to give me the benefit of the doubt that I wasn’t cheating. I was never fully alone in a classroom setting, a PA (personal assistant, aid, caregiver, whatever term you find familiar) was always in arms reach. This proved especially useful when I lost the ability to bend down, losing whatever writing I could manage with it. The last on-paper exam I can think of was done with me dictating my answers to my PA, who gave me odd looks whenever the answer seemed a bit flimsy. In retrospect, it would have been very easy to cheat, but I respected my professors enough to apprehensively trust in my brain and extract the answers from there.

The way the system worked was as follows:

  • I walk (wheel) in.
  • My professor gives me a reassuring smile and passes the test to my PA.
  • They leave me alone until the paper is filled out.

As you might imagine, a proctored exam seemed impossible to me. It’s not that I thought that there wasn’t a solution, I just wasn’t willing to spend a very big chunk of my savings on a “fun” risky idea. The worst scenarios kept popping into my head: What if I spent months preparing only to get turned away while onboarding, as I try to explain that I can’t lift my arms, actually, and that I do, in fact, need someone to move the camera for me? But hey, I wasn’t about to stop thinking about OffSec. The exams seemed really fun, and I’m a sucker for a good challenge.

And then, an opportunity presented itself: A screenshot of a message that reads "We invite talented and motivated individuals worldwide to apply for our Cyber Diversity in Action (CDIA) scholarship program!"

Woah! This was it! I’m not a white abled guy - this is my chance to try this whole OffSec thing out! And, by some luck, I managed to win the Learn Fundamentals bundle, which included an OSWP exam take. Might as well try it, right?

OSWP - Dipping my toes into the world of OffSec

OffSec OSWP badge

I’m planning on doing an OSWP-related blog post soon! This section is more so my experience with OffSec.

To put it succinctly - my experience with the OSWP was really, very good. There’s one gripe that I had with it (future blog material!), but it never set me back in any way, so I don’t consider it a flaw.

To start with, I went through the course materials once, taking notes and making my go-to cheatsheets. These proved very useful during the exam, as I could easily reference how to go about attacking whichever network the exam wanted to throw at me. The course is dense and compact, so much so that it actually took me awhile to go through the first half of the course (maybe ~2 weeks), which is focused on the theory-side of Wi-Fi. This content isn’t directly relevant for the exam, but I still felt it was important to at least note down the main stuff. Theory is cool too, it’s not just about the hackery hacks! 🧠

Once I was done with the course content, I decided it was time to figure out how this whole exam thing was going to work. I sent OffSec support a mini-thesis, explaining my situation in the clearest way possible, which is actually kind of hard to do over text. “Hey OffSec, wheelchair and no can lift arms, what do?“. The holidays were soon approaching and I wanted to sort this out before staff went on holiday. The support team was very pleasant with me, they requested proof, I got all my medical documents translated, sent them their way, and waited.

Sure enough, they processed my case and were happy to let someone help me do the pre-onboarding portion of the exam. Additionally, if I needed any physical help during the exam (asking someone to bring me water, for instance), all I had to do was let the proctor know. I was thrilled, it felt like a huge wave of uncertainty had been lifted and I finally knew what to expect. In my excitement, I booked the exam. January 7th, Saturday, it was perfect.

The next day, my mum came home from her night shift. I told her the news.

”You’re good to help me during the onboarding! I booked the exam on the 7th, is that okay?”

She stared at me. She didn’t seem happy…I must have been missing something.

”Ana, that’s Christmas.”

Shoot.

I forgot to consider the fact that the 7th was a National holiday and we had dinner plans. With extreme embarrassment, I rescheduled the exam and tried not to think about it. Lucky for me that OffSec offers rescheduling, otherwise this story might have had a bit of an anticlimactic ending. Don’t be like me, fellow students. Schedule your exam with the holidays in mind.

In any case, the 20th (my new, non-holiday exam day!) eventually rolled around. I was ready. Onboarding went perfectly, huge props to the proctor team for handling it with no questions. I’m sure this was a bit of an unorthodox situation for them, so I’m grateful all went well.

I’m happy to report that, after a gruelling 2 hours of fighting with the LibreOffice image formatter and having hacked into all the WiFi networks, I have passed the OSWP! Despite how apprehensive I was, mostly due to past experience with accessibility, everything went very smoothly.

A Sean Bean meme that reads "ONE DOES NOT SIMPLY PASTE IMAGES INTO LIBREOFFICE" with the text overlapping.

You could say I tried harder..wait..

Trying Harder - What Does This Even Mean?

Okay, I have a confession to make. I’ve always found the try harder mantra a little silly. Having been religious and then leaving religion behind, it felt more like a religious phrase than a practical one. You’re stuck? Just try harder. Oh, you are? Try harderer.

Having said that, I don’t think I really gave this whole mindset enough benefit, rather I think there are different ways to interpret it. I’ve seen a lot of people online talk about it as “Don’t be lazy, work hard, hustle or your failures are your own fault.” This isn’t something that resonated with me, laziness is barely real to begin with. The idea that the only reason someone failed is because they didn’t “try harder” is just vague enough that you think it could be true, but as soon as you think about it for more than a few seconds it becomes barely coherent. As opposed to the hustle culture interpretation - to me, trying harder is less about banging your head against the wall and hoping you get somewhere, and more about knowing when to step back, take a second, aand question your assumptions. If you’re stuck, you can either keep trying to dig yourself out with your hands or you can ask your friend who owns a shovel to come help you. Collaboration is key in all facets of life, it can be in pentesting too. Relying on others for guidance is something I try to do in my every-day life, but sometimes my pride gets the better of me. Asking for help is difficult! That’s what it means to try harder. (at least for me, that’s my take anyway!)

I was stuck with OffSec. I had assumptions that clouded a potential opportunity (“proctoring would be impossible for me”). I had doubts (“could I physically pull this off?“) I was lucky enough to be given an opportunity, I decided to try it, and I don’t regret it in the slightest, but I couldn’t have done it without the cooperation of the staff at OffSec. So, thanks! :)

Moving Forward - Goals & Ambitions

Now that I know that I can pull off the occassional OffSec exam, I have my sights set on the OSCE3 trio. The exam I’m most excited by right now is OSEP, with OSWE and OSED close behind. CRTO has introduced me to the world of red teaming, but I’ve heard great things about the content of OSEP (mostly related to AV Evasion, which is super cool.), so I can’t wait to get into it. It’ll also be another big challenge, my first 48h proctored exam, but considering how smoothly OSWP went, I’m very optimistic.

Certifications are scary - but they’re also incredibly fun. There’s a part of my brain that goes into overdrive whenever I have an exam looming over me. It’s also crazy to me that I’m able to learn from experienced professionals from the comfort of my room. The luxuries of the 21st century!

Thank you for reading my story. I’ll be looking to write a OSWP-centered blog post soon - with less anecdotes this time, so check back soon if you enjoyed this. 👾 Once again, I’d also like to thank the team at OffSec, both the support and proctoring team, for their help throughout. I could not have taken the exam without their help!

I’m excited to see what 2024 will bring. I have a lot of topics I want to dig into, so I’m sure it won’t be boring. If you have anything to add / want to contact me, you can find me at aquilo@omg.lol.

Thanks for reading - till next time! ♿

Aquilo