.png)
The Hacker's Cache
The show that decrypts the secrets of offensive cybersecurity, one byte at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.
The Hacker's Cache
#45 OSWA Grind: 24 Hours. No Sleep. One Last Flag ft. Pratham Shah
He stayed up for 24 hours straight to pass one of OffSec’s toughest exams. In this episode of The Hacker’s Cache, I sit down with Pratham Shah, a 21-year-old cybersecurity consultant who holds OSCE3, OSCP+, OSWA, and more. We break down his insane study grind, how OSWA pushed him harder than OSCP, and why he thinks passion matters more than paychecks. From bug bounty beginnings to expert-level certifications, this episode is packed with raw stories, certification strategy, and hard-earned advice for anyone chasing a career in offensive security. Whether you're working on OSCP, OSWA, or just breaking into hacking, this one hits deep.
Connect with Pratham Shah on Linkedin: https://www.linkedin.com/in/prathamshah529/
Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
Opinions are my own and may not represent the positions of my employer.
[Pratham Shah]
Even I think the OSCP is easier than OSWA. Just half an hour left into my exam. I just woke up 24 hours straight.
I didn't sleep for even a single minute.
[Kyser Clark]
That's try harder at work right there. 24 hours. You stayed up for 24 hours straight.
You had 30 minutes left. That's that's remarkable.
[Pratham Shah]
And I got my last flag.
[Kyser Clark]
Yeah that's great man. And that's what it takes man. That's what I tell people.
For me, OSCP took me 17 hours. OSWA took me four tries. Four tries.
Hi, I'm Kyser Clark, and welcome to The Hacker's Cache, the show that decrypts the secrets of offensive security one bite at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.
Welcome to the show. Today I have Pratham Shah, who has been doing bug bounty freelance for three years and has pivoted into full time security consultant work. He has a bachelor's degree in computer science.
And for certifications, he has the OSCE3, that's the Offsec Certified Expert 3, that is a combination of three certifications, that's the OSED, the OSEP, and the OSWE. He also has the OSCP+, the OSWA, the I&E Security Certified Professional Penetration Tester, that's the ECPPT, CCNA, and the CH Practical. So Pratham, thank you so much for coming on the show.
Go ahead and introduce yourself and walk through your background.
[Pratham Shah]
Hey, Kyser. First of all, I'm a big fan. I watch all your content, and it's really a big opportunity for me, for having me.
And thanks for having me in your podcast. I'm Pratham Shah, a 21-year-old cybersecurity researcher and enthusiast. My passion actually begins around age 11, when I got my first computer.
And after that, I have been tickling around the game files where I started, like changing anything in the code or in the background files, and that really changed the game. And that really changed how the game works. And that curious me, everything.
And that curious how everything works under the hood. So that curiosity took me into the classes of programming. When I was 12 years old, they engaged in the class.
The first language I was learning was C and C++. After that, I got into the networking and hardwiring, and eventually graduated. From the past four or five years, I have dedicated myself to learning, eventually got the range of certification along the way.
This is just the beginning of my journey.
[Kyser Clark]
How did you start in a bug bounty? What did you do to prepare yourself to get in a bug bounty to start with?
[Pratham Shah]
I just started bug bounty because I was in the learning phase of that. I'm just curious how the real world works. And just to get an experience into that and see how things work in the actual, not in the lab.
I just started bug bounty for the sake of just learning things. The first platform I found was the bug crowd.
[Kyser Clark]
When you were doing bug bounties, was your goal to go into it to make money, or was it to just to get experience so you can help you find a full-time job? What was your overall goal when it came to bug bounty?
[Pratham Shah]
No, either is not my goal. I don't want to make money at that time. I also don't want experience for the job.
I just want to learn things, how things work in the real world. We found bugs in the lab, and that didn't really work in the real world because they are well tested. We didn't see much work in the bug bounty platform, like another something like if you found zero day, that's a different thing.
But we didn't find a bug eventually like we found in the lab. So I just want to test how things work in the real world. So I didn't have a goal of the money or the getting experience, but I did around three years while I was in the learning phase.
Like whatever I learned in the lab, or let's say in the tri-acme, I learned how directory busting works and how we can find bugs. Whatever I learned in the lab's environment, I tested into bug bounty platform. Whatever I found in the first in the result.
[Kyser Clark]
If your goal is just to learn, do you think that's the best way to break into your first time security position is to like go into bug bounty and get that real world experience?
[Pratham Shah]
Yeah, that kind of help when you are actually doing and actually finding something that you can showcase in your resume. That actually helps eventually. And I got help with that certification.
It's also matter because I have the OSCE3 that also people look into it and don't, every people don't have that OSCE. So that also has a big thing. But of course the bug bounty did help to get into the cybersecurity and eventually get a job.
[Kyser Clark]
Nice. Yeah. And we're going to talk about OSCE3 later in the episode.
But before we get into that, let's do the rapid fire questions. Are you ready for the rapid fire round? Yeah, sure.
All right. So for those who don't know, Pratham will have 30 seconds to answer five rapid fire questions. If he answers all five questions in 30 seconds, he'll get a bonus six question unrelated to cybersecurity.
Your time will start as soon as I stop asking the first question. Question number one. Which country has the most dangerous threat actors?
I think China. Do you think cybersecurity should be a top priority for companies? Yeah, sure.
First of all, yeah. Do you think privacy is dead in the digital age? Kind of.
Most critical security vulnerability today? Most secure vulnerability.
[Pratham Shah]
Secure vulnerability.
[Kyser Clark]
I don't know. We can skip it. Let's go to the next one.
Do you think cybersecurity is underfunded in most organizations? Uh, yeah. And back to the last one.
Most critical security vulnerability today? What do you think is the most critical? Most impactful?
[Pratham Shah]
If any at all.
[Kyser Clark]
RCE? Okay. So that was about 55 seconds.
So a little over 30 seconds. So no bonus question, but that is okay. Because you did.
You did provide a pretty good time point here. So you said. For do you think privacy is dead in the digital age?
And you said, kind of, I think you said kind of something along those lines. It was like neither here or there. And I want to know.
You know, why? Why do you think it's so? From your response, it seemed like it is partially dead, but at the same time, it's not dead.
So let's go into that. Why do you? Why do you think privacy is both dead and not dead at the same time?
[Pratham Shah]
I just said that because when you say information in any applications, let's say. Or I don't want to take the name of the company, but when you create an account, you give the all the information for of the of yours. And sometimes they ask the sensitive information for verification.
And you need a blue tick. So what happened is sometimes they even a big companies are not secure. And we eventually sees every day that something leaks and here and there.
And we can easily access to the data that are leaked from somewhere in the deep web or somewhere. And that's really hard. And that's actually increase is the the fraud starts of getting an hack to your account or getting if you have uploaded any sensitive information of your driving license that actually made the fake of the driving like that make the defect of the and put another person of yours.
And that's really sales of your identity and do like the by the illegal stuff from your identity. That's I don't know that's kind of make sense or not.
[Kyser Clark]
Yeah, I mean, it does. I mean, there's a lot of nuance. There's a lot of things that go into privacy.
So it's not it's not an easy question answer. It's not, you know, black and white. There's a lot of gray area there.
In my opinion, you know, I do think that privacy is dead in digital age for the most part. Now, when I say for the most part, there is a ways to be private in the digital age, but it comes with a major sacrifice that most people aren't willing to make. Personally, I'm you know, I don't like to give up the comfort of the modern digital age commodities that we are growing accustomed to.
I do take precautions when it comes to my privacy, but at the same time, it's if I took privacy to the extreme, then I feel like it would be such a massive inconvenience and it would be. It would just be hard to do, it'd be hard to live life that way, because so much of the world nowadays relies on the digital assets and technology that if you choose to be completely private, then you're basically choosing to not be in society. And that's, in my opinion, is not healthy, right?
If you just lock yourself up in a cave and you don't interact with people, then like that doesn't sound healthy to me. So that's why I think that privacy is dead, because if you want to be a part of society, then you do have to give up a large portion of your privacy. Unfortunately, that just seems like the way it's going.
[Pratham Shah]
Also, that makes the simple thing more added into technology. It's like when you go into the mall, they ask for your number. So that's also a lack of your number sometimes.
And the sales data for when you try to Xerox something, like when you print your paper, important documents in the mall, that's also reproducible, like that store into that machine and that eventually get all the data back when you print something. So that's also like they make everything digital, even simple things that makes more vulnerable to the people. I think so.
[Kyser Clark]
Yeah, that's a good point. You mentioned like when you, because like these companies, you ask for information and like they ask for too much information. It's like, like some random company, like you go and like buy a cell phone, like which one's the key number?
It's like, why do you need my social security number? Like my mechanic where I used to live, like on the form would ask for my address. I'm like, why do you need my address?
Like you just need my phone number. Just call me when the car is done being worked on. You're not going to deliver the car.
So why do you need my address? You know what I mean? It's like you don't have to worry about me not paying you because if I don't pay you, then I don't get my car back.
So it's like I always just leave that kind of stuff blank. So that's that's my advice when it comes to privacy. Like if you're in a business and like you're, you're purchasing products and service for a company and you're filling out a form, you don't have to fill it out.
You know, like if it's asking for something that you don't want to give or like something that they don't actually need, then don't fill it out. And if they ask you why, tell them, why do you need that? You can ask questions like, hey, why do you need this information?
What are you going to use it for? And if they don't have a good answer, then don't do it. And if they say, well, you have to do it.
At that point, you have a choice between walking away or, you know, giving away your privacy. I feel like most people choose to give away their privacy. Like, oh, we just need it just because, okay, here's my social security number.
And then, you know, they just give it away all willy nilly. And that's the problem with society because a lot of people, I would, the vast majority of people aren't security and privacy conscious. So a lot of people are willing to give up their private data.
And they don't really see the problem with that. They don't see the dangers in that, unfortunately. And that's, in my opinion, a net negative for, you know, technology as a whole.
There's a lot of good there, obviously, because I like technology as much as the next guy. But at the same time, so many people are just giving away their private data, private information. And they don't really understand the vulnerabilities and the risk that's associated with that.
Okay, moving on. Like I said, I want to talk about the OSCE-3. So you have the OSCE-3, and you got it, like, really fast.
So how, my biggest question here, how did you get it so quickly?
[Pratham Shah]
The simple answer is that I didn't get that so quickly. I was preparing for, I don't know, like four to five years, as I said. And my goal is to do it in a year.
So I got save money to not buying every set into one by one. And what I do is, when I first tried, when I first see, when I first get into the cyber security, I was just preparing for the OSCE-3. And I just know the OSCE-3 exists with other certification after the CCNA.
And after the preparation, I have done all the, I take around one year after that. And I got a news that the OSCE, like, I got to find out that OSCE exists, the old one, and that OSCE breakdown into three, like the renew. And other than that, when I looked into the certification, the syllabus of all of these three, I really got interested.
And I also opened the new world that I didn't heard of any of this topic around the syllabus. And that makes me more curious to learn this thing because I was very interested in the cyber security. So when I first look at the OSCE-3, when I, I thought that everything I did in the past year for preparation for OSCE-3, that's really a beginning of the journey of the cyber security and the OSCE-3 pen testing, especially.
So when I started looking at around this certification, I really got interested into it. Again, I look into the syllabus of every, like I first, after the OSCE-3, I prepared for the OSCE-3. I didn't buy the course.
I just look at the syllabus and search that all the topics around in the Googling and find all the, like the resources, whatever I can found from the Try Acme Hack the Box and other resources from the GitLab or anything, GitHub or anything like that. And I prepared for it. I also buy some course from the Udemy.
I don't know the name of it. I'll give you for that. And as I've, as the OSCE-3 especially takes one year for me for preparation, then I took the, I prepared for the OSWE, didn't buy the course, just online researching, getting document, making my own lab of the OSWE by looking at some of the YouTube series they have made.
And the hardest certification for me is OSWE because I don't have much interested in the white box pen testing or more into the web. I didn't did all the certification, like I didn't just prepare and done all the certification in a year, but I have takes a lot of time from four to five years. And after that, I made a goal that whatever it takes, I buy the package and do all the course in a year.
[Kyser Clark]
Yeah, so that's good to know. And what a journey because the OSCE-3 is no joke because I mean, each cert that goes into that is an expert level certification. And, you know, when I said so quick, you know, you said it took you a few years and you don't feel like that's quick.
But in my opinion, that's quick because I mean, I have seven years experience and I don't have the OSCE-3. I started the OSEP and I went to that course. I just wasn't ready.
I needed to go get more experience before I could even really grasp the concepts in there fully. I mean, I was getting the concepts down individually, but I didn't understand how to link them together. That was a problem.
And I just took a huge break from the OSEP. So, yeah, those certs are no joke and hats off to you for getting those. And even though it felt like it took you a while, in my opinion, like, you know, that's pretty quick and that's hard to do.
So speaking of the OSCE-3, so out of the three certifications that that one contains for you, which one was the hardest?
[Pratham Shah]
OSWE, because as I said, I don't have much interest in web pen testing or specifically for the white box. I don't really like to read the thousands of lines of code and find a bug into them. I don't have really interested in them, but I push my limit for just for the OSCE-3.
Otherwise, I will never learn this certification, never do this certification.
[Kyser Clark]
Yeah, I did the OSWE OSWE training. I got it like, I don't know, 15, 20 percent of the way through the training and my brain was melting. I'm like, dude, this is this is rough.
This is hard. In my opinion, it was harder than OSEP because I guess I did OSEP training as well. And I don't have either one of those certifications because it was hard.
I started on my dude. I got to go get some other training. So I'm doing some other certs and some other training.
Use my real world experience and trying to accumulate as much knowledge and skills as I can before I go back into this again, because I went in there. It's like for me, it was ever. Are you a gamer at all?
Gamer?
[Pratham Shah]
Yeah. I used to play back then two to three years ago, like when I was preparing and before that, I didn't play a single touch. I didn't play the games.
I don't know, for the past four years. Yeah, I believe that.
[Kyser Clark]
When you when you go on your your grind, your certification grind or your career building phase, yeah, you pretty much had to give up video games. And I did that as well as a huge gamer before I got into cybersecurity. When I started taking it seriously, I took.
I took like four years off of video games and maybe even five, and I'm just not getting back into them because I'm kind of just chilling at this point. I'm not really grinding the certs out because I don't really have to anymore. But I want to get back in the cert grind eventually.
But the reason why I mentioned video games, because when I was doing the OSEP and the OSWE training, it felt like I was playing a video game. And like, you know, when you play a video game in your too low level, when you go to like a high level area, you just get destroyed in one hit. That's what it felt like to me.
And it's like when you're playing a game, you're like, oh, I'm not supposed to be here yet. Let me leave this area, go get some more experience and come back. That's what it felt like for me going through OSEP training and OSWE training.
So I bring that story up because I personally experienced that. And if there's, you know, viewers and listeners that, you know, you go on a certification, it's just kicking you kicking your butt like that's OK. You can just stop and then go get some experience elsewhere and then come back to it later.
And, you know, I might not ever get OSCE3, but I would like to get that one. And that's but it takes a lot of effort. You got to make so many sacrifices, right?
You pretty much got to put your social life on hold, all your hobbies on hold. It's rough. So that's why I I tip my hat off to you.
And like I said, congratulations on OSCE3, because that's that's such a huge accomplishment.
[Pratham Shah]
I used to play the games like the whole day after the school. And like I had I don't have another choice. I asked my family, my family members to give the like to buy it for me the the package of I don't have another choice.
So I used to like study around like 19, 20 hours a day for the whole one year. And before that, like the 16, 17 hours a day, like I was doing this a full time, not just like as a hobby. I really I don't have another choice or or anything.
I didn't find anything other that interest me other than this. Yeah, gaming as a career is a good choice, but sometimes I didn't have much of interest as in cyber security. So that's really amazing for doing me like everyone proud of me.
Like my family didn't believe there's anything that happened in my family that no one has done this. Like even even they know they didn't know anything about computers. No one's they have the physical stores and they don't know anything about.
And I'm the first person to to find out something from the Internet and doing something. And they believe me and give me the amount of their ask. And eventually I got the past and got a job.
Now they are happy. So yeah, it's really you have to sacrifice anything or everything to do or to do anything that you're passionate about. Give you 100% is my suggestion.
And after that, you have free time. Like I don't have anything to do. Now I can play games all day after the job.
[Kyser Clark]
Yeah, yeah, that's what I was kind of getting at. Like, you know, once you get your first job and you don't have to grind as much because you're already in the field and you can you're working full time, you know, you're putting eight to 12 hours a day, whatever your work schedule is. For me, it's typically eight hours.
Well, it's almost always eight hours. And, you know, after eight hours of pen testing, I was like, dude, let me just go play some video games because my brain is melted. You know what I mean?
And before, you know, I used to be a sysadmin and, you know, my brain would be melted from sysadmin stuff. But then like when I was doing my cert training, like OSCP and stuff, like I don't want to say it was easy to get off of work and go get the OSCP and stuff, but it was a different kind of thinking. It was interesting because it was unrelated.
It was related, but it was different enough going from sysadmin to pentester. So, yeah, so that's like one thing that I didn't really was prepared for. Right.
I thought, you know, once I get my first full time pentesting job, I can just get off of work and just get more certs and I can keep training. But then I did do that. I have gotten several, five certifications since I got my first full time job in pentesting.
And now after five, five certs, I'm just like, I'm chilling, man. I'm I want to play some more games and kind of enjoy life a little bit more. So.
But as I said, I can't remember what episode it was. It was a handful of episodes ago. Like you got to make those sacrifices to get that first job because it's incredibly hard to get.
Moving on to Tomahawk certifications, but we're going to switch up a little bit, talk about OSCP and OSWA. So I also have OSCP and OSWA, and I asked this question a few episodes ago and I want to get your take on it. What do you think was harder, OSCP or the OSWA?
[Pratham Shah]
The OSWA takes more effort than the OSCP. I failed my first OSCP because I lack in the web pentesting because I don't have much interest into that. But for this, I did the OSWA before the OSCP because the web pentesting also like the black box.
I didn't have much experience in that, but it's different from the OSWA and the black box. Like you found a lot of way of getting into the computers and the exam and the labs are so hard that even I think the OSCP is easier than OSWA. It's so hard for me, the OSWA that it's just half an hour left into my exam and I just got passed and just half an hour left in the exam and I just woke up 24 hours straight.
I didn't sleep for even a single minute. So yes, the OSWA is harder than OSCP.
[Kyser Clark]
I'm smiling because man, what a let's try harder at work right there. 24 hours. You stay up for 24 hours straight.
You had 30 minutes left. That's remarkable.
[Pratham Shah]
And I got my last flag.
[Kyser Clark]
Yeah, that's great, man. And that's what it takes, man. That's what I tell people consistently on the show.
It takes for me, OSCP took me 17 hours. OSWA took me four tries, four tries. The first attempt, I kind of quit after like 15, no, like 13 hours or so.
The second attempt, I think I only gave it a solid eight hours and I just kind of quit. And then the third attempt, I think I gave it another 10 hours. And then the fourth attempt, I think I got it in like, I don't know.
Six hours or something like that. My last attempt was really fast, but it took me so many tries. Definitely, yeah, that one's hard to do.
That one's incredibly difficult. And I also agree with you that OSWA is harder than OSCP. I passed OSCP on my first try.
For those who are new to the show, I haven't heard my other content. And I think it's a wild take how you said the OSWA is harder than OSEP. That's not supposed to be the case.
OSEP is a 300 level exam. OSWA is a 200 level exam. So what made it?
Well, I guess you're already talking about what made the OSWA harder, but was the OSEP was a little bit easier for you or what? You're just more comfortable in the network. Is that what it is?
Yeah, it is.
[Pratham Shah]
Like I am more interested from the first in the networking, network pentesting. That makes me easy, like easy to understand everything, every step. We don't have to find the new vulnerabilities that everything has in the domain.
So we don't have, we just have the limited scope that these are the vulnerabilities that we have to find. These are the misconfiguration that we have to find. But in the web, there is a lot, ton of things that we have to find and that didn't work.
So the OSWA, why it's harder, it depends on everybody. Like someone's just interested in the web that makes that perspective easy. But for me, it's, I don't have much interest in the web, but my day-to-day job I got is for the web pentesting, network pentesting.
But it's, I think it's just, it's the interest that people make into, like, I just have interest into network and I learn more stuff every day just for the network. When anything comes in the web, I skip that part, but that's makes the harder certification than OSEP. The OSEP is just an, the advanced level of the OSEP that you learn.
And the antivirus evasion, EDR, that is not too hard to make. There are some tools available. I know that you don't have to rely on tool, you have to understand the methodology, but there are tools available that make something exe that bypass EDR. That's not too hard. Other than like, we have to find something from the web, from the black box. We don't know anything. Where is the vulnerability?
And you found somewhere SSDI, how to RCE, that's every payload didn't work. So that's makes the OSWA harder in my opinion.
[Kyser Clark]
Nice. That's good to know and interesting. That gives me more confidence that for my second go around for the OSEP.
Because like I said, I did the course. I actually went to the course twice and wasn't confident enough to go through the challenges or even do the exam. But one of these days I'm going to go through the course for a third time and then hopefully go through all the challenges and pass the exam.
So that gives me confidence because it seems like everyone who gets the OSEP is like, yeah, OSEP is like, it's not that hard. And I'm like, bro, I don't know. But I had a lot going on.
I was going through military transition and stuff. And I just, I had a lot going on when I was going through that. So now that I'm kind of more chilling, maybe I can get that a little easier.
Especially since I have real world experience and some other training under my belt now. But that was the goal anyway. I was like, let me get some real experience and let me get some other training and it should make my OSEP run a little bit easier.
[Pratham Shah]
I've seen people also taking the CRTO before the OSEP that helped a lot for the active directory thing. I didn't take it by myself, but I've seen people that really helped a lot.
[Kyser Clark]
Yeah, that's good to know. Yeah, CRTO is also on my radar. I guess some people do get the CRTO before the OSEP.
I don't know if it matters too much. But once I get both of them, I'll have more of an opinion. I'll get them eventually.
I still have a lot of time off in this field to get them. So I'm not in a rush, honestly. Prantham, thank you for being here and providing your insights.
Let's go ahead and do the final question. So the final question, as everyone gets, do you have any additional cybersecurity hot takes or hidden wisdom you'd like to share?
[Pratham Shah]
Of course, you don't have to learn this cybersecurity. You can't become anything just by watching things on YouTube or just by reading blogs. In my opinion, you have to mix the hand study into the labs, into the hack the box or just solve anything.
But don't just read or watch YouTube's video. And that's makes you something. The most important skill isn't the another thing is the most important thing is the knowing every tool like having curious of everything in this world is an automated so you don't have to be reinvented the wheel.
In cybersecurity, the most important skills isn't knowing every tool like is having the curious and the flexible mind. Technology and threats change all the time when something new appears. Don't be scared of interested into them, in my opinion.
Try out into the safe lab, ask questions and learn from the mistakes. Each time you fail, you learn what you doesn't work.
[Kyser Clark]
Our problem. Thank you for that final wisdom. Where can the audience get ahold of you if they want to connect with you?
[Pratham Shah]
I just have the LinkedIn Pratham Shah 529 is the username. I just have that. And I recently did in a blog how I did all of this certification that I also posted on so you can reach me out if you have any question or other.
[Kyser Clark]
In audience, the best place to reach me is also LinkedIn in my website. KyserClerk.com audience. Thank you so much for watching.
Thanks for listening. Hope I see you in the next episode. Until then, this is Kyser signing off.
