|
YuckTheFankees
|
 |
« on: August 06, 2012, 05:38:52 AM » |
|
After hearing and reading so many positive reviews over the past year, I decided to take the plunge. I received my materials late Saturday (08/04) evening, which was technically 08/05 00:00 GMT. So far I have about 8 hours invested into the course and I have enjoyed everything so far. At first, I started reading the modules in order (lab pdf) but then I decided to briefly fly through the entire lab pdf, just to see exactly what I will be learning. Sooo..I've been reading/slighty skimming through the lab for about 4-6 hours and I'm only on module 8, so that should give people an indication to how much material is packed into the lab pdf.
Just like so many people have mentioned, I can get through the first five modules pretty easy (learning backtrack, learning some BASH/python, port scanning, enumeration, etc..)but from module six and on, I know I will have to do A LOT of outside research...which I'm completely fine with. I'm not going to lie, going through the buffer overflow section for the first time was like reading Japanese.
The further I get into the Lab pdf, the more I feel a little overwhelmed. I kind of wish OffSec would give you the choice of going through the PDF and Video's for a week or two, then starting the lab time. The material is totally worth it but I can't help but think I'm losing money by reading, researching, and watching video's..rather than messing with the lab.
My personal goal is to get everything done within 60 lab days and take the test some time after that.
Well I better get back to the pdf. Any comments are welcomed.
|
|
|
|
|
Logged
|
OSCP in progress
|
|
|
|
Andrew Waite
|
|
« Reply #1 on: August 06, 2012, 06:54:18 AM » |
|
Good luck with the course. From my own experience, try not to get too worried about the buffer overflow section. If it only seems like Japanese you're probably doing alright  . After a couple of run throughs and the hands-on examples everything starts making sense. When I did the final challenge (and (hopefully) without giving too much away from my own challanges) I finished one section, sat back in the chair with a grin on my face, and the question of 'did I really just do that' going through my mind. The material is tough, but you should get there in the end. Although I do agree with you re: offsetting courseware/lab time, I took an extension to get more time in the labs (partly for extra practice, and partly just because the labs are FUN). |
|
|
|
|
Logged
|
|
|
|
|
DragonGorge
|
|
« Reply #2 on: August 06, 2012, 09:31:45 AM » |
|
I kind of wish OffSec would give you the choice of going through the PDF and Video's for a week or two, then starting the lab time. The material is totally worth it but I can't help but think I'm losing money by reading, researching, and watching video's..rather than messing with the lab. I completely agree. I think the key here is your loss = their gain as a lot of people seem to end up buying extensions. One thing I'd caution you on is to use BOTH the pdf & video - I got hung up in a big way on the buffer overflow section because the pdf skipped over a key component. The video on the other hand covered it correctly. |
|
|
|
|
Logged
|
|
|
|
|
Jamie.R
|
|
« Reply #3 on: August 06, 2012, 10:14:03 AM » |
|
Cool good luck I hope to be doing this course soon too just trying free up extra money...
|
|
|
|
|
Logged
|
OSWP | Hackingdojo Nidan | eCPPT
|
|
|
|
YuckTheFankees
|
|
« Reply #4 on: August 06, 2012, 04:03:05 PM » |
|
What other resources did you use to learn buffer overflows?
I have about 5 links but any other suggestions would be nice.
|
|
|
|
|
Logged
|
OSCP in progress
|
|
|
|
|
|
shadowzero
|
|
« Reply #6 on: August 06, 2012, 05:13:08 PM » |
|
|
|
|
|
|
Logged
|
|
|
|
|
YuckTheFankees
|
|
« Reply #7 on: August 06, 2012, 05:34:43 PM » |
|
thanks for the link
|
|
|
|
|
Logged
|
OSCP in progress
|
|
|
|
|
|
Agoonie
|
|
« Reply #9 on: August 06, 2012, 08:45:59 PM » |
|
+1 Definitely agree. Do not stress the course however. It is easy to feel too much pressure and stress. It will be a fun, painful ride either way. Have fun. |
|
|
|
|
Logged
|
|
|
|
|
cd1zz
|
|
« Reply #10 on: August 06, 2012, 09:39:14 PM » |
|
Agree with Agoonie. Just take it one lesson at a time and try not to stress about the stuff that sounds difficult. You can always circle back and deal with that after you've got some momentum.
|
|
|
|
|
Logged
|
|
|
|
|
Jamie.R
|
|
« Reply #11 on: August 07, 2012, 03:25:44 AM » |
|
Cool some really good advice from the more expierence guys who done the course good luck ....
|
|
|
|
|
Logged
|
OSWP | Hackingdojo Nidan | eCPPT
|
|
|
|
dbest
|
|
« Reply #12 on: August 10, 2012, 03:04:11 AM » |
|
My advice for learning the buffer overflow is to load the vulnerable software on your own lab machine and practice it there. That's what I did to successfully complete the exercise. |
|
|
|
|
Logged
|
CISM, CEH, CISA, ISO 27001 LA
|
|
|
|
Jamie.R
|
|
« Reply #13 on: August 10, 2012, 05:03:01 AM » |
|
Cool bit fo advice any other advice from people who have passed ?
|
|
|
|
|
Logged
|
OSWP | Hackingdojo Nidan | eCPPT
|
|
|
|
satish.lx
|
|
« Reply #14 on: August 10, 2012, 09:39:25 AM » |
|
I don't know why every bufferover flow document talking about 32bit OS exploit (EIP, ESP etc..)
I didn't find any single document about 64bit OS exploit (RIP, RSP etc..) Because it has totally different register set..
|
|
|
|
|
Logged
|
|
|
|
|
