no worries and Thanks for the reply hitmonkey. i suppose what you could and could not do would be based on the contract with the client.

hey so how did it go? I was hoping to read about your experience on this one

IMHO more than the risk of someone sniffing 3G (and i have no idea how practical this is), the greater risk is a customer using public WiFi to talk to your website. That would let an attacker on the same access point to launch practical attacks (man in middle via arp spoofing etc) so I would always assume that the client data to a website can be intercepted and then do the design based on this assumption (eg SSL, application level encryption etc)
Another point: sometimes a dangerous assumption is that because it is a mobile application, it will only be accessed via mobile devices. For example: I have encountered cases in which the developers assumed that they are restricting access to mobile browsers by checking the User Agent field in the HTTP request and checking that against a whitelist of mobile browser Use Agents. Based on this false assumption, the website then had other bad practises like having hidden fields to control business logic because 'who would be able to see hidden fields from a mobile device'!

Using a good RF scanner will work but like you said its not going to help much if the phones are off. Not to trivialize the issue, but a security guard that can frisk visitors will mitigate that risk to a large extent. Have lockers for visitors to put in their bags/purses etc before they enter the secure area.
What is the purpose of not allowing mobiles by the way? Is it to prevent people from taking pics? If so then the above physcial security issues would help in mitigating the risk. If it is more for preventing visitors from making phone calls while in the secure area, you can also consider moving the very high risk processes (eg cryptographic key generation) into a Tempest room/ Faraday cage which blocks RF signals from going out/coming in. thats really expensive though!

Congrats DragonGorge! This was a very good review, and it lead to major deja-vu for me, especially the wife and kids part. I agree with most parts of the review. One thing I gotta say, because OSCP is made so hard to achieve, the exhilaration on passing is incomparable and you really feel like you have achieved something and have learnt a huge amount of stuff. It has got me addicted and I WILL do OSCE eventually, I just have to, I have got hooked on to the pain and the high you get when you find the answer. the sense of achievement on getting a CISSP or CSSLP is not even a hundreth of what i felt when i got the OSCP pass email. So heart felt congrats again to you and thanks for very detailed review!!

ALso, quite liked the Pearson-Vue centers and format. Very different from the CISSP i took 5 years ago where you mark circles with a pencil. Now they have computerized tests, instant results and noise cancelling earphones. cool!

Just passed CSSLP. I am glad i took it. The format and quetion structure is very similar to CISSP as you would expect (ie you either know or you dont, not like CISA where they play arround with the English language to make it trickier)
I think it is very very relevant to those who are into secure SDLC. While going through the material I already got a ton of tips on what i should be doing to making my info-sec reviews better. I from studied the ISC2 official guide to CSSLP .

WHen i was stuck and did not know how to proceed, I found it useful to look at videos on youtube and securitytube.net to see how others had approached similar problems. g0tmi1k.blogspot.com has a lot of videos as well, although the machines being hacked are totally different, when you see the videos you understand the approach that is taken from info gathering to validating possible vulnerabilities to getting a shell and the final privilege escalation. Once you understand the approach, it should help you progress faster

Thanks don, i will!

j0rdy, i totally agree, the oscp videos on buffer overflows has to be one of the best introductions to buffer overflows for newbies. it was explained so well that i have become addicted to it, i am now on grey-corner.blogspot.com tutorials and corelan.be tutorials, to prepare myself for osce later on because i have heard that osce is mostly about fuzzing and exploit development.

One more thing I would like to add:
there is a lot of self learning involved. Its a very good idea to go through videos on securitytube and g0tmilk's blogspot site. I also found it useful during labs that, when I was suspecting a particular weakness existed but was not able to exploit it, to go on youtube/security tube and search. A lot of times someone would have made a video going through the attack steps for a similar situation, or I would find tips on how to approach the problem eg a tool in backtrack I had not tried before, but which could be used in that situation.
g0tmilks site is really good for a newbie to see how a hack is carried out (with good music in the background !) It helped me to visualise how I should be approaching targets in general. corelan.be is good for buffer overflows if you are interested in the topic. I had done the tuts on this site before I had heard of OSCP, purely because i was interested in BOFs and it helped me understand the OSCP lectures faster.

One thing I would have liked more in the lectures was more emphasis on privilege escalation. I guess this is where sys admin experience, of which i had none, helps. g0tmilks site has a huge list of things to check for privilege escalation, on this forum Sil has a great post where he has detailed the things you should look out for as well.

Thanks all!

Hi DragonGorge
I agree the requirements are ambiguos, because its very subjective, whats rudimentary to the offsec folks may not be to others. I shouldnot worry too much about the python knowledge though. I had very basic shell scripting and perl knowledge and 0 knowledge of python.
Although python is widely used, its not hard to understand. The videos are very well designed: when they do a python script for the first time they will explain all the syntax and what it does, for the next one if there is a new command being used they will explain that as well so learning as you go along is good enough i think.

Hi guys
This is my first post in EH.net, although I have been a regular visitor for the past 6 months lurking on OSCP discussions. This forum has helped me immensely, in reading discussions by people who were in a similar situation as me, as well as from people who had got the certification and were giving tips and encouragement. So I had promised myself if I would get OSCP, I would definitely share my exp here, and hope it may help someone else.

My background: I have been working in IT sec for arround 9 years in SE Asia, as a C++ systems and Java programmer, then Web app Vuln Assessment, and now in security architecture review. So my background is IT security BUT no sys / network admin experience at all, and it was my biggest handicap in giving OSCP. My strength was the few years I had done web application VA, although VA is very different from a full fledged pen test in terms of skill and mind set.

OSCP labs: I will keep it very brief, because others have written a lot about it and I have nothing new to contribute here: its awesome, its great, there is nothing like it, you will be tortured like hell and you will love every moment of it etc. The gist of my lab experience was I rooted arround 25 machines, I took 3 months of lab time (the last month was an overkill though I was mentally too fatigued to do much). I tried to do the labs from 10 pm to 1 am every work night and as much as possible on weekends, not an easy thing when you are married with a 2 year old, so having a very understanding wife helps!

OSCP exam: Instead of the technical part of the exam, which we are not supposed to discuss anyways because of the NDA, I will focus on what I did right and wrong
- Mistake 1 : I took the exam at 10 pm on last Friday night. the plan was that I will have peace and quite while my kid is sleeping. I forgot I was not in 20 anymore, (am 32!) so the college days when I could do night outs and survive on coffee and redbull were long gone.
The result of this was: i got the exam at 10, the first 2 hours went by in a rush of adrenalin where I tried to do everything at once, the next 2 hours in a sense of dread where I realised nothing was working! And I was getting sleepier as the night progressed, by 5 am I had got no machines and I gave up for the time being and took a nap till 8.

- That was a good idea, as a lot of people have pointed out taking frequent breaks really helps. from 8 to 10.30 i got a box , gave the missus a high five and took a short nap, got another box by 1 pm.

- The rest of it was very tough going, and I have edited my previous entries so as not to give away too much info. Suffice to say I took the full 24 hours

- Big Mistake #2 i made here: Enumeration + info gathering, but let me explain before you say 'you did not know that already?!'. Info gathering has been highlighted here a lot and even on the offsec forums, after 'try harder' thats the 2nd most popular phrase used. I found out later that I did all the info gathering I could, more than enough infact, tons and tons of it. The Big mistake i did was not having the patience and the discipline to analyse each and every point and line of the info gathered, to see how it could be used in an attack. It really is a mindset that comes with experience I think, and it has made me aware of how much more I need to practise and learn before it becomes a natural thing.

So anyways, sent the report the next day and I was almost sure I would not pass, , I was not sure if what I had done would be enough. I think I was pretty borderline, I had already started sweet talking the missus for sacrificing another weekend for my second attempt,  but the results came in 2 days and yaaa, it was a pass!

It was a wild ride, i enjoyed every moment of it, and more than what I have learned, I am grateful to OSCP for making me realise what I do not know, and the gaps in my knowledge. Other certs are for HR to filter out your resume in that job hunt, and yes they are important, but OSCP is for yourself primarily. To those who are considering taking it, plan to manage your time for 2-3 months and take it, its a very worthy investment.