.

Looking for others starting soon..

<<

jjlipp56

User avatar

Newbie
Newbie

Posts: 1

Joined: Wed Apr 23, 2014 6:21 pm

Post Sat May 03, 2014 2:01 pm

Re: Looking for others starting soon..

Hello to anyone/everyone,
I am and have been very interested in this field for quite some time but for one reason or another, I just have not seriously looked into actually getting into action. Though I am virgin to penetration, I have been working as an A+ tech for several years, (Since Win 95a), so I'm not a total idiot. I am fairly comfortable with a command line and don't sweat it when registry modifications are needed to be executed. My questions, are then, what do I need to do? What prerequisites do I need? Where do I go from here?
Any help will be appreciated. Thanks
<<

dynamik

Recruiters
Recruiters

Posts: 1134

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun May 04, 2014 2:42 pm

Re: Looking for others starting soon..

jjlipp56 wrote:Though I am virgin to penetration

*Slow Clap* 8)

You should start by reviewing the syllabus: http://www.offensive-security.com/docum ... h-kali.pdf

Let us know if you have questions about specific topics, and we can point you in the right direction for those.

You really have two options:
  1. Thoroughly research each topic in advance and take the plunge when you feel you're ready
  2. Dive in right away, knowing you'll be way over your head, and then research each problem area as you encounter them (if you go this route, start with 30 days of lab time, then get another 60-90 when you're ready to give it a serious shot)

Don't take this the wrong way, but having A+-level skills does very little to prepare you for this course (though I agree that doesn't make you an idiot ;)). There are also significant gaps between the OSCP and other security certifications, ranging from Security+ to much more advanced ones (including those that focus on penetration testing). Having solid Linux, network analysis (Wireshark/TCPDump), scripting (Bash/Python), and other such skills is just the beginning.

Honestly, I think you should just go for it and see what you think. If it piques your interest, study up and hit the labs hard again at a later date. You need a really broad set of skills to do well as a penetration tester, and you may decide that learning and maintaining all those skills is more work than it's worth. I've invested decent chunks of money within other areas of IT as well as potential careers outside of IT, and I've found that while I ultimately "wasted" money on those endeavors, I also appreciated the peace-of-mind I obtained from knowing I genuinely explored that option and it ultimately wasn't what I wanted to do.

That was last piece was fairly off-topic, but I wanted to share since you seemed to have been on the fence for awhile. Penetration testing isn't for everyone, and there's nothing wrong with that. Regardless of what you ultimately decide to do, you'll still learn a lot and get your money's worth. Even if you decide to do defensive security work or continue working in a more general IT role, understanding offensive tools and techniques will help you defend against them better as well as assist you with making security-conscious decisions when configuring various technologies.
The day you stop learning is the day you start becoming obsolete.
<<

st3r30byt3

User avatar

Newbie
Newbie

Posts: 8

Joined: Sat Feb 23, 2013 1:28 pm

Post Mon May 19, 2014 4:56 am

Re: Looking for others starting soon..

@jjlipp56: Like dynamik said, check out the syllabus pdf. Depending on the reasons you are planning to do this certification, I would recommend being at least a bit familiar with each of the topics before starting the labs. That way you will spend most of the lab time hacking boxes instead of spending that time studying the course materials. If you want to pass the OSCP challenge one of the best preparations is hacking all the lab boxes and therefore starting with 30 days may not enough (and it will be more expensive extending rather than starting with more lab time). Having said that, everyone is different. :)

Since my last post (30 days into the labs) a lot has happened so for completeness sake I'll post my experience here.

I had taken the 90 days option and close to day 60 I had owned all the labs boxes which left me a lot of time to finish writing the lab report, do the course exercises and prepare for the exam. Some of the boxes were very challenging and in general those were the ones that taught me the most valuable lessons.

Last Saturday I took the OSCP exam and although the results haven't come in yet, I am confident I have passed! :) About 6h in I already had the necessary points to pass, 12h in I hacked another box and the last 12h were a waste of time as I didn't get the last (least valuable) box. The exam is challenging and once again you need to prove that you master your skills as well as the ability to think outside of the box. "Try Harder" is what describes this exam best as some boxes may well test the limits of your abilities.

Without saying anything about the exam here are the last tips about this certification.

- During the labs, create cheatsheets with all the commands you use - especially those you don't use that often. Since I started pentesting I've been adding stuff to my cheatsheet and that is a huge time saver. It is definitely the most important weapon in my arsenal.
- Hack all the lab boxes if you can. It's the best way to prepare for the final challenge.
- Write the report as you hack the lab boxes (ideally add to it after you pwn each box). You will thank yourself in the end. Apart from this, use a note taking application to keep track of what you did for each box.
- During the labs, keep a collection of local exploits and enumeration scripts you've used as they can be helpful for other boxes. This will also save you time.
- Take breaks during the exam as your brain will inevitably start melting at some point and you don't want to be making stupid mistakes.
- Like many others have advised before me, automate as much as you can. This not only saves precious time but also ensure you don't miss out on the enumeration phase. I wrote a tool with a colleague of mine which automated most of the enumeration tasks and it proved very helpful during the challenge. I'll take the opportunity to mention that we'll be releasing it soon and all feedback will be very helpful. Sneak preview here: http://www.secforce.com/blog/2014/03/sp ... ting-tool/

That's all folks!
Good luck to anyone doing this certification and don't forget to try harder. ;)
<<

st3r30byt3

User avatar

Newbie
Newbie

Posts: 8

Joined: Sat Feb 23, 2013 1:28 pm

Post Sun Jan 11, 2015 4:37 pm

Re: Looking for others starting soon..

Hey everyone! Just to complete my previous post I'd like to announce that we have released the tool I mentioned. It will probably be helpful to you if you're doing the OSCP:

http://sparta.secforce.com

Happy hacking! :)
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1695

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Jan 13, 2015 10:20 am

Re: Looking for others starting soon..

dynamik wrote:
jjlipp56 wrote:Though I am virgin to penetration

*Slow Clap* 8)


Beat me to the claps, but man, that line was perfect!

jjlipp56, I wish you well, and I agree wholeheartedly with what dynamik said, in the rest of his reply. Even if you choose, later, not to become a pentester, you'll have learned a lot from even attempting the OSCP course. It'll give you a good, rounded feel for various pieces of the IT security 'puzzle', and often times, folks leave courses like this one, and choose other, related paths (or none at all, but...) ;)

Best of luck, if you choose to go for it, and if not, let us know what else you have in mind.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
Previous

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software