How to prepare for PWB?

Viewing 14 reply threads
  • Author
    Posts
    • #7016
      Chadk
      Participant

      Hey,

      In January I’ll be doing PWB. Until then, I have 2 months(including my Christmas vacation) to basically do studying ahead of doing PWB.

      What books should I be reading over the next months to prepare myself for PWB, and make my life less of a hell once I do it? Anything I should be doing?

      Any advice is most welcome!

      Thanks in advance.

    • #43551
      n3r
      Participant

      The more you ‘ll learn before the more you’ll be prepared  ;D

    • #43552
      Chadk
      Participant

      @n3r wrote:

      The more you ‘ll learn before the more you’ll be prepared  ;D

      That’s not helpful. I can read all the books in the world, but if I don’t read things that’s actually gonna help me over the next 2 months, then it’s not worth it.

      So what books should I read over the next 2 months? Or other activity that will teach me stuff, that would make PWB a bit easier?

    • #43553
      TheXero
      Participant

      Last January I decided I was going to start PWB roughly in April (this year) so I decided to try and get some experience in developing exploits to try and get me up to speed before starting the course.

      When I started the course in April, I realised that I’d already done probably about 80% of the course material on my own for several years and felt that I was at an advantage on the course material, but the lab time is really where the course pays for itself.

      With the exploit development module, try to make sure that you know before hand about the CPU registers on the x86 architecture before you start the course and even try developing some exploits.

      If you need some help with this I am happy to assist or alternatively you can view the video and write-up hosted on my website at http://www.thexero.co.uk/exploit-development/ or on SecurityTube.net here http://www.securitytube.net/video/2377

      Good luck with pwb 😉

      Regards,
      TheXero

    • #43554
      Chadk
      Participant

      I already went through the first couple of exploit development guides at corelan, and have exploited a number of targets(Including freefloat). So I’m pretty up to speed on buffer overflows(No SEH/Stack cookie exploiting so far though) 🙂

    • #43555
      cd1zz
      Participant

      Exploit development is just a tiny part of PWB. OSCE on the other hand is 90% exploit dev.

      There really isn’t too much you can do do prepare yourself for the lab, but I would definitely familiarize yourself with the syllabus http://www.offensive-security.com/documentation/penetration-testing-with-backtrack.pdf

      You’ll get ideas on the content of the course there and possibly begin researching based on that.

    • #43556
      TheXero
      Participant

      A point I forgot to mention, have you ever looked at the De-ICE.net pentest live cd’s before?

      Hopefully they will help you on your way to getting the correct mindset, but also have a look at some methodologies as well such as the OSSTMM or ISSAF.  They are pretty boring to read, but they will make sure you don’t miss anything during a pentest.

      Regards,
      TheXero

    • #43557
      Darktaurus
      Participant

      @cd1zz wrote:

      Exploit development is just a tiny part of PWB. OSCE on the other hand is 90% exploit dev.

      There really isn’t too much you can do do prepare yourself for the lab, but I would definitely familiarize yourself with the syllabus http://www.offensive-security.com/documentation/penetration-testing-with-backtrack.pdf

      You’ll get ideas on the content of the course there and possibly begin researching based on that.

      I would agree 100%.  Just be ready to learn everything they teach you and more.  The only thing you can do to prepare is open up Backtrack and take a look at every tool that is there.  Get familiar with most of the tools and look over the PDF.  Also, figure out the best way for you to take notes.  I never knew how important the note taking process would be in a pentest till I took that course.  Lastly, prepare the family. You might be missing sleep some nights. 🙂 My 2 cents.  Oh yeah, and have fun!

    • #43558
      th3d0ct0r
      Participant

      Hey I am kinda new to Info Sec. I wanted to know if I might be good to start the OSCP course. I have strong knowledge of tcp/ip, my linux skills are still at a beginner level but not to bad. I have been playing around with Backtrack and metasploit intensely for about a year now. What do you guys think should I be ok?

    • #43559
      dynamik
      Participant

      @th3d0ct0r wrote:

      Hey I am kinda new to Info Sec. I wanted to know if I might be good to start the OSCP course. I have strong knowledge of tcp/ip, my linux skills are still at a beginner level but not to bad. I have been playing around with Backtrack and metasploit intensely for about a year now. What do you guys think should I be ok?

      You might want to beef up your Linux skills and learn a bit of Python first. You can always purchase more lab time if you feel like you need it, and you can schedule the test whenever you’re ready. There’s really no harm in starting the course when you feel like you’re close to being where you need to be, even if you may not be prepared for everything.

    • #43560
      th3d0ct0r
      Participant

      Thanks dynamik. I will study up on Python and start beating myself to work on my linux skills.  ;D

    • #43561
      eterjack
      Participant

      Hello,

      It is possible make the lab and exam with virtual machine backtrack ? Or you guys recommend to install backtrack on the same physical PC.

      Which book would you recommend for reading before the OSCP training?

    • #43562
      cd1zz
      Participant

      VM is fine for the BT box. If possible, try to use a host that can give at least 1gb of ram to your BT box.

      As far as books go, I wouldnt worry about it since the material you’ll be covering, will cover specific sections out of like 5 books. Brush up on your scripting/bash skills,

    • #43563
      pharmerjoe
      Participant

      Would it be enough to just learn from whatever course material Offensive Security give you? Or is a lot of outside reading required? (aside from programming skills)

    • #43564
      hayabusa
      Participant

      You can ALMOST survive on what they give you, but you WILL need to do outside research on some things, in order to ‘pop’ some of the targets, both in the lab, and in the exam.  That said, though, they give you enough info to pretty much guide you where to FIND what you need, in the wild.

      But one thing that makes it very realistic training, is that just like in a real-world pentest, you will run into things you don’t know, and have to do some research on your own.  That’s one BIG reason I like the way Offensive Security puts their stuff together.  It prepares you, not only to pass a certification exam, but for what to expect, in the real world.

Viewing 14 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2022 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?