
Mar 22, 2016
What it means to be an OSCP reloaded
In our recent blog post “What it means to be an OSCP” we asked OSCPs to share their experience of what it means to have earned this certification and we received many tales of hardship and reward. Mike Benich sent in an entry that we felt very much captured the essence of the Offensive Security mentality; that the path to OSCP is challenging, stressful, and demanding, but the results leave you with much more than technological expertise.
In our recent blog post “What it means to be an OSCP” we asked OSCPs to share their experience of what it means to have earned this certification and we received many tales of hardship and reward. Mike Benich sent in an entry that we felt very much captured the essence of the Offensive Security mentality; that the path to OSCP is challenging, stressful, and demanding, but the results leave you with much more than technological expertise.
Letting Mike tell it in his own words:
“After my experience with the OSCP, I can safely say that it is not like any standardized test that I have ever taken. … The people at Offensive Security do a great job of not letting you get away with just knowing the What about topics, but instead force you to delve deeper and experience the Why and the How of all the interrelated parts.”
“I have now personally experienced the simple truth that learning is directly correlated with effort. I put myself in the trenches and trudged out tired, exhausted, and proud of my accomplishment. The OSCP totally changed my perspective on learning.”
“It’s more than just a certification. It’s a paradigm shift in the way I think about teaching and learning. My students and I are no longer afraid of difficult problems because we have now internalized the concept of “trying harder” to get smarter. We have learned in a firsthand way that if it doesn’t challenge you, it doesn’t change you.”
We couldn’t agree more with you Mike, and would like to congratulate you with a brand New OnePlus One NetHunter device for winning our contest. You can read Mike’s full writeup on Medium. Penetration testing with Kali Linux and the OSCP certification is something that we are very proud of. Stories like Mike’s is why we do this, and are the most rewarding part of offering the class.
Kali Linux IRC Dojo
Over the last couple years we have been teaching the Kali Dojo at various information security conventions, such as BlackHat USA. We know that a lot of Kali users are not able to attended these live events, so we wanted to put together an event that everyone can participate in. Thus was born the IRC Kali Dojo.
On March 24th from 4pm – 5pm GMT we will be conducting the first ever IRC Kali Dojo on Freenode in the #offsec channel. We will be conducting a session guiding you how to build a customized Kali Linux ISO. To take part in this event, you will need to be able to connect to IRC with a registered user account as well as have a fully updated amd64 version of Kali Rolling with a fast broadband internet connection. If you would like to see special features included in the dojo, send topics and questions to community {at} offsec {dot} com by the 24th, and we will respond to them during the event. For those who can’t make it to the event, we will post a summary of the process on the Offsec forums and will answer some questions through the forums after the live event is over. See you there!
Stay in the know: Become an OffSec Insider
Get the latest updates about resources, events & promotions from OffSec!
Latest from OffSec

Research & Tutorials
CVE-2024-12029 – InvokeAI Deserialization of Untrusted Data vulnerability
CVE-2024-12029: A critical deserialization vulnerability in InvokeAI’s /api/v2/models/install endpoint allows remote code execution via malicious model files. Exploit risk for AI art servers.
Jul 17, 2025
0
Research & Tutorials
What is Phishing? Introduction to Phishing Demo (for Beginners)
Learn how phishing attacks work and how to spot them. Watch OffSec’s animated video to protect yourself from scams, spoofed sites, and social engineering.
Jul 15, 2025
2 min read

Research & Tutorials
CVE-2025-27636 – Remote Code Execution in Apache Camel via Case-Sensitive Header Filtering Bypass
Discover the critical Apache Camel vulnerability (CVE-2025-27636) that allows remote code execution via case-sensitive HTTP header manipulation in the exec component. Learn how attackers exploit this flaw and how to mitigate it.
Jul 10, 2025
2 min read