🔴 How I Won PEN-200 Course and Certification Exam Bundle
🔴 My OSCP Preparation
🔴 My Environment Setup & CheatSheet
🔴 Exam Experience
🔴 Advices

My name is Faraz Ahmed a.k.a. PakCyberbot. You can check out the article below to know more about my journey in cybersecurity, or visit https://pakcyberbot.com

Some of my Articles

And if you’re interested, you can also check out my other certification experience that I received for free:

OffSec (provider of OSCP) was hosting a report writing contest on their official Discord server, and the first prize was the PEN-200 Course & Certification Bundle. You can see more in the screenshot:

As I was already learning pentesting, this was a great opportunity to improve my report writing skills. I could barely afford to get PG Practice, and I didn’t expect to even make it to the top 3. I was already studying pentesting (I’ll talk more about that later), so to enhance my skills, I jumped into the challenge.

By the blessings of Allah, I secured 1st position in the report writing contest on 9th May 2025 and received my PEN-200 Course & Exam Bundle on 20th May.

What I Used in my reporting

I used Microsoft Word to write the report for this contest, but later shifted to Markdown for the OSCP exam, as it’s much more productive and makes consistent formatting easier. I converted it using Pandoc.

Due to OffSec’s policy, I can’t share my write-up, but I can tell you how I structured my report for the contest:

• I downloaded their report writing template to save time and started modifying it.
• I used a white-themed terminal in the screenshots to keep the report printer-friendly (a tip I learned from Heath Adams a.k.a. The Cyber Mentor).
• I created an Appendices section listing tools used, exploit code, and flags.
• Used this software for taking screenshots: https://getsharex.com/

Most of the other things can be found in the Markdown template I used for the OSCP exam, discussed later.

Those of you who follow me know that I’ve already completed many courses on Pentesting and other cybersecurity subfields. You can read the three articles mentioned above to learn more about my journey.

I began preparing for OSCP when I enrolled in the PNPT live classes in 2023. The article “Cybersecurity Quest: My 365 Days on TryHackMe” captures that time. I wasn’t specifically preparing for OSCP; I was just passionate about cybersecurity. I passed the free eJPTv2, practiced on TryHackMe and HackTheBox, and so on. Check the articles for more details.

So, after receiving the PEN-200 bundle, I started filling in the gaps and skimmed through some topics I already knew. I solved the challenge labs included in the PEN-200 course.

Many people online recommended doing TJ Null’s list of boxes to prepare for OSCP. Proving Grounds was also mentioned as the closest environment to the OSCP exam. My Proving Grounds subscription had expired on 15th May, just before I got the PEN-200 bundle.

Luckily, I got a free 1-month Proving Grounds subscription by being the first to answer a question in OffSec’s Live Flash Quiz on YouTube. They asked a few questions, and whoever answered first got a free subscription — both on Twitch and YouTube.

I always learn about personal development — management, productivity, time management, and automation. I automate repetitive tasks by creating scripts and tools. Some of them are on my GitHub.

I created a script to quickly spin up multiple terminal windows with different layouts for specific network pentests. It assigned a list of IP addresses, enabled terminal logging (logging input and output with color formatting), and much more.

You can check out my OSCP notes GitHub repo: https://github.com/PakCyberbot/OSCP-Notes-and-Environment

My personal Obsidian Vault looked like this:

I also uploaded my OSCP cheat sheet to the GitHub webpage so others can easily view its contents without installing Obsidian. However, I personally prefer using Obsidian because of its extensive customization options.

I also used my own HTTP server named fuzzy-httpserver during the exams and challenge labs, which significantly reduced the time required for payload delivery and data exfiltration. Since I have all the necessary binaries centralized in one place, I often have to type long URLs to access a specific category of binaries. A small typo could force me to retype the entire command — especially problematic in unstable shells.

fuzzy-httpserver solved this issue by automatically fixing typos on the server side. It also supports POST requests, allowing me to receive data from the victim machine with ease.

fuzzy-httpserver tool documentation can be found here

I scheduled my OSCP exam for 20th July at 10 AM (PKT/GMT+5), and I received my PEN-200 bundle on 20th May. It might seem early, but I was already familiar with many of the topics, so I went ahead and scheduled it.

Timeline (GMT+5)

The timings mentioned below are approximate, with a margin of ±10 minutes.

• 10:00 AM — Started exam. Faced some internet issues for 15–20 minutes, and after resolving internet problems, started with the Active Directory environment and took screenshots during exploitation.
• 1:00 PM — Pwned the entire AD environment in ~3 hours. Took a 30-minute break.
• 2:30 PM — Pwned the first standalone machine.
• 4:00 PM — Acquired passing marks (~6 hours in).
• Got stuck on the second machine during privilege escalation, so I shifted to the third one.
• 6:00 PM — Pwned the third machine and took a break.
• Already scored 90 points, so I collected remaining screenshot evidence.
• 9:00 PM — Found the final flag and scored 100/100.
• After that, I started writing a short Attack Narrative using my markdown template to double-check missing evidence.
• 11:15 PM — Ended the exam.

I rested for a bit, then started proper report writing the next day and submitted the report.

I didn’t use Metasploit during the exam, as I had already practiced performing the tasks without it.

On the 22nd of July, I received the email confirming that I had passed the OSCP exam. Alhamdulillah, I passed on my first attempt with full marks.

• Never fear failure or problems in life. Use them as motivation or an advantage. You know your own circumstances — use them wisely.
• Always stay positive. Positivity helps you overcome obstacles, while negativity and overthinking can turn small issues into major ones.

• Help others without expecting anything in return. Even if they don’t return the favor or show good behavior, Allah will open doors for you.

Final Advice

Always focus on the journey — the learning process and skills development — rather than the end goal like certifications. Certifications are only proof of your skills, not the end itself. If you keep learning without expecting anything in return, when the opportunity comes, you’ll be ready to claim those certifications just by filling a few gaps or learning new concepts.

Thank you for reading, and I hope this inspires you to continue your journey in cybersecurity!

If you found this article helpful or informative, I would greatly appreciate your support by giving it a like and following me on Medium and my social media accounts. Your support will motivate me to create more content and share my knowledge and experience with others. Thank you for your support!

You can follow me for more informative material on:

• YouTube: https://www.youtube.com/@pakcyberbot
• Twitter: https://twitter.com/PakCyberbot
• LinkedIn: https://www.linkedin.com/in/pakcyberbot/
• Medium: https://pakcyberbot.medium.com/
• GitHub: https://github.com/PakCyberbot
• Instagram: https://www.instagram.com/pakcyberbot/

☕ You can support my work here: https://buymeacoffee.com/pakcyberbot