HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 28 guests online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow OSCP - Offensive Security Certified Professionalarrow OSCP - advice and grasp
EH-Net
May 23, 2013, 02:21:09 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: OSCP - advice and grasp  (Read 3576 times)
0 Members and 1 Guest are viewing this topic.
mackwage
Newbie
*
Offline Offline

Posts: 2


View Profile
« on: November 08, 2010, 02:37:24 PM »
Greetings all! This is mainly directed towards those holding the OSCP status.

I have passed the CEH and took the PWB version 2.0 course last year. I failed the final cert test (so I have a great idea of what is on it so don't worry about spoiling anything for me) but did not schedule a retake as many of life's hurdles got in the way.

I recently purchased the upgrade to the 3.0 version as well as extra lab time and a cert test retake. I have around 30 days left in the labs, completed all of the modules and started penetrating some of the machines in the first student network.

I have two grand questions and I understand the first one is rather subjective because it can have many variables:

1. How far do you personally think one should be able to penetrate the thinc.local network before being comfortable with the cert test? Like I said, I understand it's a very subjective question but your take on information in the labs and exploits performed in the thinc.local network versus the cert test would help great.

2. What outside resources have you used to further develop your learning of the content? Specifically do you have any great links to sites that you found particularly informative or helpful on the different topics? I have done TONS of Google searching and found some useful sites but a LOT of outdated ones as well.

Thanks in advance!
« Last Edit: November 08, 2010, 03:02:12 PM by mackwage » Logged
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« Reply #1 on: November 08, 2010, 03:02:00 PM »
hey mackwage,

welcome to the forums. I'm not too sure if the v2 examination differs between the v3 examination but I'd imagine it would. To answer your first question:

Quote
1. How far do you personally think one should be able to penetrate the thinc.local network before being comfortable with the cert test? Like I said, I understand it's a very subjective question but you take on information in the labs and exploits performed in the thinc.local network versus the cert test would help great.

A similar question was asked on the offsec forums which you should have access to, and a summarized answer to it was that they suggest penetrating a minimum of the all of the machines in the student network disregarding some of the harder machines. The link to this thread can be found here.
My personal opinion on this is I think you should penetrate every machine you can in order to help prep you for the exam. I personally wasn't able to hit every machine on the student network but I did get access to all 4 subnets and hit a few machines on them too. Every successful penetration into any lab machine makes you feel more ready for the exam.

Quote
2. What outside resources have you used to further development your learning of the content? Specifically do you have any great links to sites that you found particularly informative or helpful on the different topics? I have done TONS of Google searching and found some useful sites but a LOT of outdated ones as well.

I had posted my review of Pentesting With BackTrack on my site (but it's currently down right now), you may want to check out this link in a couple of days -> My PWB v3 Experience. I still have access to the resources that helped me out throughout the entire course so hopefully these will help you out:

http://carnal0wnage.blogspot.com/

http://www.exploit-db.com/

http://securityfocus.com

http://ethicalhacker.net

http://www.offensive-security.com/metasploit-unleashed/

http://irongeek.com

http://securitytube.net/

http://www.packetstormsecurity.org/

http://www.securityaegis.com/

http://synjunkie.blogspot.com/

http://www.corelan.be:8800/

Milw0rm was up at the time and it helped out too - but the sites gone now. That's okay though because exploit-db's taken over the project. There's a few active OSCP's on this forum so don't hesitate to ask other questions, were here to help! Good luck on your adventure in the course, I had tons of fun!

-kris
Logged
eCPPT, GCIH, OSCP, OSWP
mackwage
Newbie
*
Offline Offline

Posts: 2


View Profile
« Reply #2 on: November 08, 2010, 03:10:47 PM »
Thanks greatly for you quick answers and links! I have not been to the last six sites you listed.

The main area I am trying to focus on right now is priv escalation. On many of the lab machines I have low priv shells and am having a difficult time escalating to root/system/admin.

I look forward to seeing your site once it is up!

Thanks again!
Logged
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« Reply #3 on: November 08, 2010, 03:13:30 PM »
Your welcome. Privilege escalation is definitely a necessity in the course! I'll bump this thread when it's back up if it gets backed up too far.
Logged
eCPPT, GCIH, OSCP, OSWP
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.05 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.