Certified as OffSec Web Assessor (OSWA) 🧑‍🎓

I woke up to some good news this morning. I got my email confirmation that I passed my Web Attacks with Kali Linux - Certification Exam. For the last 3 mornings, I’ve been waking up and checking my emails as one of the first things I do after I wake up. I had my half-eye open and half-eye shut while opening the mailbox, hoping to find an email from OffSec.

Dear Jubeen, we are happy to inform you that you…

That’s it. That is all I needed to read. I do the due diligence and read the email carefully. But I have my OSWA certificate; honestly, this one has been a doozy.

OSWA Badge

It has been a rollercoaster since I started going down the OffSec part in Mid-2021. Every day, I feel a little more stupid.

Regarding this Certification, I made my first attempt in August 2022 and got an email on the 30th of August 2022 that I failed. I decided to change gears and go for OSDA instead.

So, I spent a good part of last year at work. Since I don’t really have a life outside of work yet, I try to piece together pieces that I was missing for this Certification, trying on/off with the OSCP material, looking to see if that widened my horizon and got me thinking a little more, about how I could tackle the OSWA Exam. I started to dig deeper into the details of everything. Since I felt more than what the Certification expected as in-scope for the exam, the part that I had to realize was to dig a deep hole in searching. Dig as far as the RFCs or internet archives or commit history on why a project shaped it the way it did. (Sometimes, not always.. as that is a skill I’m yet to perfect).

Little Alice fell
d
o
w
n
the hOle,
bumped her head
and bruised her soul - Lewis Carrol

Alice in wonderland

I can imagine the journey ahead being a little difficult than it is today, but if I am as curiosor and curiosor tomorrow, as I am today. I should be fine. As long as I remember to “live a little”.

I often forget.

Prep Work

If you’re interested in the prep I did, I don’t think I’m the best person to say much about how you should prepare for the exam. But, here are some ideas to think a little more about.

  • hack your way to an answer
  • read the fucking manual
  • don’t reach out to an LLM before you dig, simply put - it’s a garbage in - garbage out machine.
  • find the balance, you won’t… but try
  • people being people.. will do people things. embrace it