Looking for others starting soon..

Viewing 19 reply threads
  • Author
    Posts
    • #8630
      st3r30byt3
      Participant

      Hey everyone!

      I am another crazy person about to start the OSCP adventure. πŸ™‚
      Is anyone else starting the labs around January 2014? If so and if you are interested in exchanging ideas (not solutions) and techniques, please get in touch!

      Having read pretty much every post on this forum all I have to say for now is: thanks! There is a lot of good info and resources to help people get started.

      Greets!

    • #53693
      Master Of Puppets
      Participant

      I want to start the OSCP really bad. The problem is that my schedule is really tight and when I start I want to have enough time for it, otherwise what’s the point. January seems too early for me. I’m shooting for somewhere during the summer. I really hope I can start then.

    • #53694
      superkojiman
      Participant

      Once you hop on the IRC channel you should be able to find other students taking the course at approximately the same time as you. Freenode, #offsec

    • #53695
      ccpik1
      Participant

      @Master Of Puppets wrote:

      I want to start the OSCP really bad. The problem is that my schedule is really tight and when I start I want to have enough time for it, otherwise what’s the point. January seems too early for me. I’m shooting for somewhere during the summer. I really hope I can start then.

      This post sums up my position too. Not enough hours in the day currently! The course does look fascinating and very well put together from what I have read about it

    • #53696
      st3r30byt3
      Participant

      @superkojiman: Thanks for the hint! πŸ™‚
      @masterofpuppets & ccpik1: That’s too bad! Hope you’ll have time for it at some point!

      Personally, I have a full-time job in pentesting and am planning on dedicating 3-4h of my free time per week day as well as a lot of hours on weekends. Also, my employer should give me enough flexibility to use a few work hours here and there. Hopefully, that should be enough time to root all the boxes in the lab – I’m taking the 90 days option.

    • #53697
      triznut
      Participant

      They updated to PWK… I knew it had to becoming soon. I think it’s time for me to update, hit the labs, and get that OSCP cert!!

    • #53698
      Baptist0ne
      Participant

      Started my PWK today… Took 30 days labs access for now (I understand it is much less than it would require, so I plan to take more 30 days later).

    • #53699
      Master Of Puppets
      Participant

      Good luck on the course! How much experience do you have?

    • #53700
      Baptist0ne
      Participant

      Thanks!

      I am a CISSP certified master of nothing, with over 18 year of experience in the industry. I am however quite comfortable with linux and scripting or writing simple code in assembly language. I’m feeling moderately optimistic.
      this course should help me fill gaps in networking and be a starter for the further self-education.

    • #53701
      st3r30byt3
      Participant

      @Baptist0ne: I’m starting next Monday 10th. πŸ™‚ Good luck to you! Get in touch if you want to exchange ideas.

    • #53702
      Baptist0ne
      Participant

      St3r30, Yes, would be great to log our success stories here…And good luck to you too!

    • #53703
      Baptist0ne
      Participant

      First humble results: during the first 30 day period I could barely touch and try not more than 30% of the exercises from the student book.
      The course is difficult but not impossible to follow. I just need to learn so many things which are quite new to me… Each new section in the study book makes me frustrated at first, and then it usually leads to a little win through reading, thinking, trying etc.
      Lab time is definitely for a well-prepared mind. My current plan is to exercise in my home lab first, until I master some tools and techniques, and only after that buy 15 more days in the lab.
      This course reveals how little I know yet. But it helps me gain my knowledge and skills QUICKLY.
      Great, great thing.

      ps I haven’t cracked a single lab machine yet… what a pity πŸ™‚

    • #53704
      st3r30byt3
      Participant

      Baptist0ne: Learning is the most important thing.

      It doesn’t matter how quickly you gain your knowledge as long as you make the most out of the lab time and course materials. If you feel that you are not ready to hack the lab boxes yet then you are taking the right approach in training at home first, imho. Feel free to come ping me on IRC if you need help understanding something.

      My experience so far – almost 30 days in – has been quite productive and fun. Given my previous background in web development and network administration and having been a pentester for almost 2 years, I was already familiar with most of the concepts described in the course and yet I can’t describe how much I have learned in so little time.

      In my opinion, the course materials are very good and the labs are just priceless. I feel that this is what has taught me the most. Some real thought and effort have been put into setting up the labs with so many different systems and configurations for us to experiment with. IRC has also proven to be an invaluable resource as many other students are willing to exchange ideas – without spoiling the challenges. The admins have always been helpful too.

      So far, I have rooted about half of the boxes in the lab and have tried to document everything as much as possible as I go along (using keepnote). I’ve also started writing the final report as otherwise it would just be too painful to do it all at once in the end. Another rule I try to follow is to avoid using metasploit as much as possible – not only because of potential limitations during the exam but also because I find that I gain a much better understanding of how an exploit works by doing it the ‘manual’ way.

      In case this is helpful to other people, here is the generic process that has been working for me:

      Info gathering and service enumeration
      Portscan, identify OS, identify versions of every service, run common tools on common services (snmpcheck, enum4linux, nikto, dirbuster, nmap scripts, etc), read about services you don’t know, visit the web page (if any) and enumerate the server/CMS/technologies used, try default passwords, etc.

      Vulnerability analysis
      Based on what was found earlier, check for exploits/vulnerabilities for the service versions you found previously (using google, exploit-db/searchsploit, metasploit), check for web attacks (SQL injection, LFI/RFI, XSS, etc). Define the possible attack vectors and decide on which one is best but keep your options open: don’t get tunnel vision trying one vector for hours and failing only to find that if you had spent 5 min just trying another route you would have already been in.. Knowing what all of your options are at all times is important for that very reason.

      Exploitation
      The fun part! If the previous phases went well, there should be enough to work with here. In case it’s an exploit: download it, understand it, modify it if necessary, compile it if necessary and run. If the exploit doesn’t work, try a different one. If it’s a web attack it should be obvious how to proceed as long as you know how all of them work. At this point – if we got this far – we should have some sort of shell on the target.

      Privilege escalation
      Some remote exploits will give you a root/SYSTEM shell but that’s not always the case. Escalating privileges can be very easy or very tricky. I found that the more I do it, the better I become at it. There are lots of blogs and resources out there with privilege escalation cheatsheets/script => use them! Go back to phase 1 and enumerate everything you can about the target now that you have access to more things. If using local privilege escalation exploits, again understand, modify, upload to the target, compile try them ALL (the ones that affect that system of course) until one of them works. Some need to be tried more than once. Still not root? Check for weak files/permissions/configurations/etc that you can use to your advantage. Still not root? Think outside of the box! Be creative. Generally, I find this the most painful, frustrating but also the most rewarding phase.

      Post exploitation
      Once you have pwned a box, get as much information as you can out of it. Not only because it could help you later but also because it’s fun to understand how things are linked together.

      Post mortem
      What did we learn? Keep notes of found usernames/passwords. Make notes of what local exploits work and keep them handy for the next time you encounter a similar system. Keep notes, add stuff to the report πŸ™

      Obviously, more things can happen during each phase and most systems are different but this is the general gist of what works for me. Also, I didn’t want to spoil it for anyone by including too many tips. πŸ™‚

      Last tips:
      – Go through the lab guide before you start. It will help.
      – Enumerate as much as possible. That is key.

      My plan is to keep using this strategy and hopefully all the boxes will – eventually – fall.

    • #53705
      nar1y
      Participant

      Just started 2 weeks ago, I went through the videos and pdf first before going to the labs. I’m trying not to use Metasploit even though I have experience using it at my home lab. Its just way easier and I wouldn’t learn much. Also, its use in the exam is severely limited.

      Previously, I didn’t have much experience with bash/batch/python scripting or manual exploits but I’m learning a lot every day and luckily I have 8+ hours a day to focus on nothing but OSCP. Web App and Buffer Overflow exploits are definitely high on my list to learn. This is my first security course after the Cisco CCENT Networking cert I obtained first. The OSCP is definitely a big step up for me, but I think I can do it. As far as lab time, 90 days should be adequate for me although I only got 60 to begin with. I wish I had a 2-3 week head start on the pdf and videos before the lab time kicked in because you really waste some of the lab time while you are getting acquainted with the course material.

      Good luck to everyone and I hope to see you guys in IRC.

    • #53706
      cisco_trooper
      Participant

      I start May 3rd. I’m am AMPED about it. I’m already losing sleep and I haven’t even started yet. I’m sure I’ll catch you on IRC.

    • #53707
      jjlipp56
      Participant

      Hello to anyone/everyone,
      I am and have been very interested in this field for quite some time but for one reason or another, I just have not seriously looked into actually getting into action. Though I am virgin to penetration, I have been working as an A+ tech for several years, (Since Win 95a), so I’m not a total idiot. I am fairly comfortable with a command line and don’t sweat it when registry modifications are needed to be executed. My questions, are then, what do I need to do? What prerequisites do I need? Where do I go from here?
      Any help will be appreciated. Thanks

    • #53708
      dynamik
      Participant

      @jjlipp56 wrote:

      Though I am virgin to penetration

      *Slow Clap* 8)

      You should start by reviewing the syllabus: http://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf

      Let us know if you have questions about specific topics, and we can point you in the right direction for those.

      You really have two options:

      1. Thoroughly research each topic in advance and take the plunge when you feel you’re ready
      2. Dive in right away, knowing you’ll be way over your head, and then research each problem area as you encounter them (if you go this route, start with 30 days of lab time, then get another 60-90 when you’re ready to give it a serious shot)

      Don’t take this the wrong way, but having A+-level skills does very little to prepare you for this course (though I agree that doesn’t make you an idiot ;)). There are also significant gaps between the OSCP and other security certifications, ranging from Security+ to much more advanced ones (including those that focus on penetration testing). Having solid Linux, network analysis (Wireshark/TCPDump), scripting (Bash/Python), and other such skills is just the beginning.

      Honestly, I think you should just go for it and see what you think. If it piques your interest, study up and hit the labs hard again at a later date. You need a really broad set of skills to do well as a penetration tester, and you may decide that learning and maintaining all those skills is more work than it’s worth. I’ve invested decent chunks of money within other areas of IT as well as potential careers outside of IT, and I’ve found that while I ultimately “wasted” money on those endeavors, I also appreciated the peace-of-mind I obtained from knowing I genuinely explored that option and it ultimately wasn’t what I wanted to do.

      That was last piece was fairly off-topic, but I wanted to share since you seemed to have been on the fence for awhile. Penetration testing isn’t for everyone, and there’s nothing wrong with that. Regardless of what you ultimately decide to do, you’ll still learn a lot and get your money’s worth. Even if you decide to do defensive security work or continue working in a more general IT role, understanding offensive tools and techniques will help you defend against them better as well as assist you with making security-conscious decisions when configuring various technologies.

    • #53709
      st3r30byt3
      Participant

      @jjlipp56: Like dynamik said, check out the syllabus pdf. Depending on the reasons you are planning to do this certification, I would recommend being at least a bit familiar with each of the topics before starting the labs. That way you will spend most of the lab time hacking boxes instead of spending that time studying the course materials. If you want to pass the OSCP challenge one of the best preparations is hacking all the lab boxes and therefore starting with 30 days may not enough (and it will be more expensive extending rather than starting with more lab time). Having said that, everyone is different. πŸ™‚

      Since my last post (30 days into the labs) a lot has happened so for completeness sake I’ll post my experience here.

      I had taken the 90 days option and close to day 60 I had owned all the labs boxes which left me a lot of time to finish writing the lab report, do the course exercises and prepare for the exam. Some of the boxes were very challenging and in general those were the ones that taught me the most valuable lessons.

      Last Saturday I took the OSCP exam and although the results haven’t come in yet, I am confident I have passed! πŸ™‚ About 6h in I already had the necessary points to pass, 12h in I hacked another box and the last 12h were a waste of time as I didn’t get the last (least valuable) box. The exam is challenging and once again you need to prove that you master your skills as well as the ability to think outside of the box. “Try Harder” is what describes this exam best as some boxes may well test the limits of your abilities.

      Without saying anything about the exam here are the last tips about this certification.

      – During the labs, create cheatsheets with all the commands you use – especially those you don’t use that often. Since I started pentesting I’ve been adding stuff to my cheatsheet and that is a huge time saver. It is definitely the most important weapon in my arsenal.
      – Hack all the lab boxes if you can. It’s the best way to prepare for the final challenge.
      – Write the report as you hack the lab boxes (ideally add to it after you pwn each box). You will thank yourself in the end. Apart from this, use a note taking application to keep track of what you did for each box.
      – During the labs, keep a collection of local exploits and enumeration scripts you’ve used as they can be helpful for other boxes. This will also save you time.
      – Take breaks during the exam as your brain will inevitably start melting at some point and you don’t want to be making stupid mistakes.
      – Like many others have advised before me, automate as much as you can. This not only saves precious time but also ensure you don’t miss out on the enumeration phase. I wrote a tool with a colleague of mine which automated most of the enumeration tasks and it proved very helpful during the challenge. I’ll take the opportunity to mention that we’ll be releasing it soon and all feedback will be very helpful. Sneak preview here: http://www.secforce.com/blog/2014/03/sparta-a-network-infrastructure-penetration-testing-tool/

      That’s all folks!
      Good luck to anyone doing this certification and don’t forget to try harder. πŸ˜‰

    • #53710
      st3r30byt3
      Participant

      Hey everyone! Just to complete my previous post I’d like to announce that we have released the tool I mentioned. It will probably be helpful to you if you’re doing the OSCP:

      http://sparta.secforce.com

      Happy hacking! πŸ™‚

    • #53711
      hayabusa
      Participant

      @dynamik wrote:

      @jjlipp56 wrote:

      Though I am virgin to penetration

      *Slow Clap* 8)

      Beat me to the claps, but man, that line was perfect!

      jjlipp56, I wish you well, and I agree wholeheartedly with what dynamik said, in the rest of his reply. Even if you choose, later, not to become a pentester, you’ll have learned a lot from even attempting the OSCP course. It’ll give you a good, rounded feel for various pieces of the IT security ‘puzzle’, and often times, folks leave courses like this one, and choose other, related paths (or none at all, but…) πŸ˜‰

      Best of luck, if you choose to go for it, and if not, let us know what else you have in mind.

Viewing 19 reply threads
  • You must be logged in to reply to this topic.

Copyright Β©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?