Try Harder. No, harder! Keep going… TRY HARDER!

Try Harder! It sounds like an annoying catch phrase, doesn’t it. I thought the same, when I started PWK in January.

I thought that you do, or you do not. There is no try.

Well, having now completed my OSCP exam and lab report and having been granted the OSCP certification, I now know there is no do – there is only TRY HARDER!

“Try Harder” is a hard concept to explain. It’s probably even a very individual concept to each person who does the certification – but I know for certain that the PWK labs and the OSCP certification exam challenged me more in a short period of time than just about anything else in my professional career!

I’ve done some challenging things as a developer. Designing a secure solution for single sign on from a custom mobile application into another custom application was challenging. Designing a protocol to allow a staff member to emulate student access to a major system in an afternoon was challenging. But, these were challenging in a different way. At 3pm in the afternoon after documenting the protocol for HMAC data validation in a custom mobile application, if I get tired, and assuming I have managed my time correctly, I can task-switch to something else for the rest of the day to give the grey matter a break.

That’s challenging. Putting yourself in the mindset of an attacker for hours on end, considering what they could see on the wire, what the protocols in use are, what known weaknesses the protocols have and how they can be mitigated – that’s all pretty challenging stuff. It’s also a place I thrive in!

Then 5pm comes along – and off to the pub you go. It simmers in the back of your mind over the weekend, but not much more thought is given than that.

But PWK and the OSCP exam take the concept of challenging to a whole other level. 24 hour exam. 5 hosts. 70 points required. Metasploit on one host only. No commercial tools. But, then it’s not over. Not by a long shot. You then have 24 hours to prepare and submit your lab & exam report. This in itself is a tough challenge, and if you’re also submitting your 10 lab hosts you’d better make sure they’re finished BEFORE you need to document your 5 lab hosts!

The OSCP exam itself isn’t just a penetration testing challenge, it’s a test of your stamina. It’s a test of your preparation. It’s a test of your time management skills.

It is a test of YOU.

It gets tough.

It gets really tough.

But, if your preparation is right, if your skills are on, and if the luck is with you – it all falls into place.

But. Here’s the thing. It only falls into place if you…


It’s kind of intangible. It’s hard to explain.

If you’re considering doing PWK, you’ll just have to jump in and find out for yourself.




What the hell just happened! Did you just get PWND?

So, if you’ve been following this blog for a while (there aren’t many, but I do know of a couple) you may have just seen a whole bunch of infosec/ctf/hacking-related content added to the site.

No, my blog hasn’t been hacked.

No, I’m not a skript kiddie.

No, I don’t illegally access sites or servers I don’t have permission to access.

Yes, I do consider myself a hacker – but in the true sense of the word. Someone who uses hardware and software for purposes they were not originally designed for. Not the meaning of the word used by the media – someone who accesses systems illegally.

Yes, I do operate a small Information Security group – aimed at fostering knowledge and understanding of information security issues.

Yes, I am involved with assessing security of software as part of my full-time software development role.

Yes, I often undertake CTF challenges on the weekends.

Yes, I am aiming to move into a role with more involvement in Information Security in the future.

No, I will not hack your ex-girlfriends Facebook, and nor do I know anyone who can.

I was starting to operate a small blog hosted on to host all my CTF and security related content, but it was then becoming a little annoying to have this blog sitting here, only hosting brewing content. I can’t see a reason why it can’t do both, so I imported all the images and content over here.

So, from here on there won’t be ONLY homebrewing posts, I’ll be posting on information security related topics too. There are a stack of homebrewers who are in the IT industry too, so I think that content will also be kind of interesting for some of you anyway. Likewise, InfoSec people are often basically functioning alcoholics too – so they’ll probably get something from the homebrewing content too 🙂