Congrats on passing the exam DragonGorge. Your write up is really good, I've recently passed the OSCP as well and I loved the course, I learn better by being pushed and for ME the PWB course and exam really pushed me..

I agree with you on how much of a time sink the course can be and the effect it can have on your loved ones and work but I still think it's worth the time and effort (and pain, tears, joys rollercoaster).

I'm not a penetration tester by trade, so a lot of the content was new to me, but it's already given me a better understanding of what is required for that sort of job. Half way through my course my company had an internal pen test and the tester that was on site ran nmap, nessus then metasploit to complete the tests which at the time I thought was "cheating"..

Would I do another OffSec course, yes I probably would but next time I know what to expect so I can better prepare.

Congrats again..

Well to be honest UNIX I'm not sure, need to work on my web application security, learn python or ruby (leaning more to python at the moment), then learn more about exploit writing, malware analysis and carry on popping boxes (in a lab environment)..

Would like to "specialize" in an area but not sure what yet.

Hello, just an quick update (blog posts to follow), I sat the OSCP exam on Monday and just received notification that I passed..

Hi SephStorm,

This is the link m0wgli was talking about http://exploit.co.il/hacking/pivoting-into-a-network-using-plink-and-fpipe/

I did a blog post a few days ago with some of the useful links I found handy during my OSCP lab time.

I've got my exam booked for the end of October, then I'm thinking of doing the SecurityTube python scripting course, then I fancy spending some time on exploit development... but then I might change my mind..

I posted this last night on my blog.. some of you may find it useful (or not)..

http://itgeekchronicles.co.uk/2012/10/10/oscp-useful-resources/

Hey m0wgli,

I spend on average between 2-4 hours a day in the labs during the week and probably about 6-7 at the weekend. I will probably be pulling a few late nights during the last few weeks.

I have taken a few days off work and spent 12 hours each day in the lab which helped.

I tend to do research and mess around with VM's at work (just don't tell my boss). It's not as much time as I would like but that's life.

Glad you like it (so far) tturner. There will be more content added after my OSCP course is done and a special B-Sides London 2013 edition is in the works as well.

Rather than posting on here all the time (yes I know its a forum and that's the point), I've been updating my blog on my progress.

Check it out if you are interested:

http://itgeekchronicles.co.uk

The only reason I haven't read all the material is due to a burning desire to play in the labs, and I learn best by doing instead of reading.

I had done some of the basics before (nmap scanning that sort of thing) so as soon as I had access I was in the labs scanning and enumerating away.

I agree things would have been a bit easier if I read the material but we each do things differently and I've still enjoyed doing things the hard way..

Blimey this thread has got big..

First off sternone, well done on your progress so far you should be proud of what you have achieved..

I'm about 50 days into my lab time, so far I've watched about 20% of the videos for the course and only used the PDF as reference material.

I think I've rooted just over 30 boxes now. This isn't to brag, I'm not a pentester or security expert this is the first time I've EVER tried something like this. My biggest ally (and worse enemy) is Google, and I've lost count of the number of hours I've spent looking for something to gain access, even when its been staring me in the face I've still struggled (man have I struggled).

My point? the course material is good, but limited (like it's supposed to be) I've learnt more from trial and error or working it out myself than from anywhere else and for me it's the best way to learn.

I've spoken to people that have rooted most of the boxes in the labs, it doesn't bother me, I'm happy with my progress and what I've learnt and if I don't get them all then I don't get them all, it's not a race against others on the course it's a personal challenge.

If I'm honest, I expect to fail the exam the first time around, and I won't mind if I do (don't get me wrong I hope I pass), but this course isn't easy, nothing I read ahead of starting made it sound easy, but by god it's fun.

Anyway that's my speech over.. my only advice sternone would be regardless of how annoying/frustrating or annoying you find the course, enjoy the experience, learn what you can and when in doubt... Try Harder (sorry couldn't resist).

No worries BillV.. 

I've got 16 year experience working in IT mostly operations/sys admin roles. Just started to get more focused on infosec since the beginning of the year. Done my Security+ exam and got a couple of other certs (not security related).

Done bits and bobs over the years that touch security (firewall configs, wireless networks etc) but never really focused on it.

Doing the OSCP to give me some more "hands on" experience and give me a good base to build on.

So obviously it's down to the individual but I spend 3+ hours in the lab at least 5 days a week (have a full time job, so study is all in my own time).

I use the course videos and material for reference or to cover off areas I don't know about. If I get the chance at work I will research tools/techniques etc that I need to "pop" a box in the lab.

The majority of my lab time so far has been enumeration tasks and collecting information. It is really important to enumerate every box as much as possible,

I've found no end of useful bits of information from scans that have helped a lot.

Again it's all down to the individual and how they learn best.

Adam

Sternone, I'm 3 weeks into the OSCP course and still having a blast, I spend most of my time in the labs (need to do the exercises) and the learning never stops. Make sure you join the IRC channel (#offsec) I didn't to start with but it really helps having other people to talk to.

Just remember the course isn't supposed to be easy, but it's not impossible, have fun and enjoy what you learn.

When you get stuck on a machine in the lab, try not to stress over it, just take a break and move onto another machine (there are plenty) what you might find is that as you learn new tricks and techniques you will find something that can help you with those "tricky" machines.

I will just share some tips that I've found useful since I've started.

1. You are not trying anything that other people haven't already done, so remember google is your friend.
2. ENJOY IT
3. If in doubt "Try Harder" (course motto).

Adam

I've only been focusing on learning more about security since the beginning of the year and I have a bit of a different view on books.

I own a few different security books, grey hat hacking, hacking exposed and they are pretty much similar in content (which you would expect), but it depends on your skill level and the way you learn.

In all honestly I only use books as a reference point rather than reading through the whole thing, and forgetting most of it. The book depends on what you want/need to learn, for the myself I wrote a training plan over a year covering different tools and methods and then find the books (and don't forget Google) to learn those particular areas. I throw in a healthy dose of lab work (built various VM's) to push home what I've read and learnt.

Pen Testing usually follows a set pattern in terms of what you need to do:

scan, enumerated, exploit etc etc

From that you can work out the areas you need to learn about and then find books/pdf's/google material to progress. Otherwise you might end up reading books about subjects you don't need or only just cover a subject that is really important.

But then that's the just the way I learn best, like I said everyone is different and there are a lot of good books available.

I've just created a new wish list of Security books. Check it out here.

http://www.amazon.co.uk/registry/wishlist/1INPZOXT8TJY3

Adam