Post

The Unintentional Journey towards OSCE3

Posted
By Guy Liu
11 min read
The Unintentional Journey towards OSCE3

Just over a month ago, I attempted the hardest technical exams I have ever taken in my professional career - a Level 300 Offensive Security exam on the topic of Windows User Mode Exploit Development. In order to pass the exam, I needed to solve multiple challenges over a period of 48 hours, using skills in areas of reverse engineering, custom shellcode writing and Return Oriented Programming (ROP) in order to defeat Windows operating system security defences such as ASLR and DEP.

A few days later, with much delight and relief, I received an email from OffSec to say that I had passed and as the result, gained the OSED certification. In addition, as this being the last of the three-cert prerequisite, I had also automatically gained the OSCE3 certification. Since then, I’ve had time to rest, recover both mentally and physically, and more importantly for me, to reflect on what had happened. So I thought now it’s a good point to share some of my thoughts on my multi-year journey of achieving OSCE3.

The Unintentional First Steps

Back in 2021, a couple of years after I passed OSCP, I started to increasingly feel the desire to further develop my offensive security skillset both in breadth as well as depth. My work at the time involved a lot of infrastructure penetration test engagements, so I decided to take on the OSWE course, to gain more in-depth knowledge on web applications. I wasn’t even aware of OSCE3 at the time - I have a feeling that it might not have been a thing then as OSEP and OSED hadn’t been released.

The story basically repeated itself two years later when I decided to take on the OSEP course to further develop my skillset. Although OSCE3 did exist then, it wasn’t really on my radar. OSEP gave me the skills and knowledge which was directly relevant to my work. But the content covered in OSED, although useful and relevant, wasn’t something I would use very often in my work, and my role was also gradually turning more managerial, further reducing the requirement for hands-on technical learning.

Target Acquired

Fast forward to 2025, I once again found myself in a place of wanting a challenge and continue to learn more in the field of cyber security. By this point, I became well aware of the existence as well as the reputation of OSCE3, and having completed 2 of the 3 prerequisite certifications, a part of me really wanted to complete the trio.

Although I came from a background of programming and software development, my knowledge on assembly language and reverse engineering is almost non-existent. So OSED course for me, would have the most steep learning curve and the most challenging compared to the other OffSec courses I took. In addition, my life circumstances of being a dad with multiple young children, as well as having active involvement with the local church community, had meant that carving out time to take on structured learning would be very tough as well.

It wouldn’t be unreasonable to think that taking on OSED at this point in my life seemed overly ambitious and one may even say foolish. But to me, deep down, the toughness is what makes the challenge genuine and meaningful, and I wanted to see if I could do it. I was in the fortunate position that my employer would sponsor me to do the course, and in many ways there is nothing to lose if I don’t manage to pass the exam. I would have gained valuable knowledge regardless - and that for me, would have been worthwhile enough. So just like that, the challenge began.

The Uphill Journey

What happened after, was over 6 months of studying. Not dissimilar to the other Level 300 OffSec courses I took (OSWE and OSEP), this course required roughly 200 hours of studying (for me). And unsurprisingly, most of my studying ended up happening after 10pm once all the other duties of the day is done.

As time went on, this indeed took its toll - but I was well aware of it. I also found that with the OSED course, most exercises on debugging and reverse engineering took significant amount of time to get the lab setup, as well as to get the brain in gear. So not having continuous chunks of time to work on things has meant that most times, my progress was rather slow.

Furthermore, while many concepts covered by the course is very interesting, the process of execution in some cases were quite repetitive, time consuming and, dare I say, sometimes tedious. This in itself can be quite a mental challenge. I also found that while some material is somewhat straight-forward to comprehend, it took significant more time to gain more in-depth understanding required to turn it into a useful practical skill. Patience, perseverance and grit is the fuel needed to make this journey - for me, this is what the “Try Harder” motto is referring to.

“Hitting the Wall” and Finding Motivation

Much more so compared to the previous courses I took, I found myself asking - why do I bother to do this? Did I take on the challenge just to make my own life more difficult? Is there a better reason for this madness? Through these internal struggles, I learned to remind myself of the joys of learning. Understanding new concepts, seeing how different parts of a larger system is interconnected, knowing how things work - for my engineering mind, is incredibly satisfying and rewarding.

As with any endurance race, the challenge gets harder as you progress further into the race. Towards the second half of the course, I started to feel that the effort required to learn appear to far outweigh the satisfaction and value I receive from the learning itself. This was my “hitting the wall” moment. After all there are plenty of other things I could be learning instead, that doesn’t come at such a great personal cost. I had to find a better reason to continue, other than just learning for learning’s sake.

The search for answers actually took me all the way back to my teenage years. I remembered my first interaction with a computer programming language, which was BASIC in MS-DOS. Assembly language at the time was much more popular but to me then, it just seemed complete incomprehensible. Once Windows 3.1 became the “operating system of choice”, I was scouring for books in the local bookstore on how to make my very first Windows program using Visual Basic 3.0. The idea that a few lines of code could make a beautiful window pop up on the screen seemed like utter magic to me - and while I had heard of Windows API - the concept of it seemed like some special ancient sacred text - the meaning was only comprehensible to the selected few. That intrigue of how that “magic” worked had remained with me ever since..

What dawned on me, was that the exact topics I am learning now - how to read and write code in Assembly language, understanding how the CPU executes instructions, and how those instructions are used to make Windows API calls - were exactly what’s needed to demystify those childhood intrigue I have had for many years.

Suddenly, the challenge of OSED became one of my life-long puzzles waiting to be solved. The course was no longer just a means to earn a certification, but an opportunity to re-live a childhood passion. And it’s this realisation, that gave me the motivation to continue press on with the course until finish, and not just to endure it, but also to enjoy it.

Isn’t it funny how sometimes we could actually be doing something we really enjoy, but the noise of the world around us can make us blind to the fact?

What I Have Learned from the Course

Through the OSED course, I gained deep (this is relative) understanding of how computer programs are loaded and executed. It allowed me to peel back the curtains on a number of topics at the lower-level of the software and operating system stack. But… it also made me realise that the things I have learned from the OSED course really only qualifies me as a beginner in the field.

To use an analogy - it is a bit like passing the driving test - after months of learning and practicing, when you finally pass the test, you become qualified as a… beginner driver. You are now ready to start the journey of learning roadcraft independently.

What Have I Really Learned from the Course

But I find with all OffSec courses I took - the actual knowledge and skillset gained from the course is actually a by-product (although important) of a deeper learning objective. And that is to gain the mindset and confidence required to take on future challenges in this knowledge domain. To me, this is perhaps the essence of the often misunderstood “Try Harder” mentality. To take on difficult problems with determination, to remain persistent in the search for solutions with thoroughness and creativity, to maintain clear focus and logical thinking in the chaos and uncertainty while under pressure. Those are valuable skills that we could use in many other areas of life.

And that mindset cannot be acquired by being passively taught - it has to be “forged” through experience of hard work, determination and grit, which by definition won’t be easy or pleasant. But is anything worth having in life comes easy?

Value of Knowledge

Cyber is a fast-paced field, which requires any practitioner to continuously learn to stay up-to-date. While I have been fortunately enough to work for a company that supports this, and my engineering mind finds fulfilment and satisfaction from acquisition of new knowledge, all this learning does also make me wonder - in today’s world, where information is so easily accessible over the web, and knowledge is fast becoming a consumable item with the rise of AI and LLM, is human knowledge becoming less and less valuable?

Added the fact that over time, even the knowledge we have previously acquired can become obsolete or lost/forgotten, how can we truly determine the value of knowledge with “depreciation” also as a consideration? What sort of knowledge could we gain which will stand the test of time? Maybe it will force all of us to be more selective about what we choose to spend our time learning.

OSCE3

So standing at the finish line and looking back at my accidental journey to OSCE3, I can’t help but feel a sense of gratefulness. I’m grateful for the people who believed in me enough to put me at the starting line and then cheered me on every step of the way. I’m grateful for my wife and children who supported me and have been patient and kind with me as they created time and space for me to study. It’s truly been a special journey - the knowledge I have gained may fade with time, but the life lessons I have learned will stay as part of who I am.

Will I do it all over again if I had the choice? Yes, without a doubt. Would I recommend others to walk the same path? Well, that really depends on which path you are referring to. If you are referring to OffSec courses and certifications, then the answer is it depends. But if you are referring to the path of keep taking on new challenges, setting yourself goals that you are not sure how you will manage to achieve, trying things that are just slightly beyond your comfort zone - then yes! Absolutely. It will be a tough ride and you might not know exactly where you will end up at - but it will be worth it in the end.

Learning, Certifications
OSED OSCE3 OffSec Learning
This post is licensed under CC BY 4.0 by the author.