.

Finally took the plunge, started 08/05/12

<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sun Aug 19, 2012 1:58 pm

Re: Finally took the plunge, started 08/05/12

There is no standard on how long the report must be. It should contain all necessary information though. ;)
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Sun Aug 19, 2012 3:34 pm

Re: Finally took the plunge, started 08/05/12

When writing anything try to focus on quality over quantity.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sun Aug 19, 2012 3:48 pm

Re: Finally took the plunge, started 08/05/12

cd1zz wrote:My report was combined as well. It was only 78 pages.... not hundreds... :)


Wow, that's hilarious. My exam section was ~90 pages, and combined, the entire report was just shy of 500.

YuckTheFankees wrote:Thanks for the info guys. My bad, I read one review where the guy said his report was 350ish pages, that's crazy to me...


You need to remember that you're not actually writing text for all those pages. Most of my pages only had a screenshot and a sentence or two explaining what was going on.

As I was going along, I'd just alt+printscreen whatever window I was in, add a note in Word, paste the screenshot below, add a page break for a nice transition, and repeat.

With dozens of lab systems, it's easy to obtain a high page count with minimal effort. Think where you'll end up with only five screenshots per day at 30, 60, and 90 days. My approach was to include a step-by-step walk-through for each system, so anyone could repeat the compromise. cd1zz was apparently much more concise ;D What's important is that you adequately communicate your findings.
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Aug 19, 2012 5:20 pm

Re: Finally took the plunge, started 08/05/12

Mine wasn't 350, either, but it WAS in the 130-150 range, if I recall correctly.  Wasn't as detailed on the lab section for MOST targets / exercises, but I did have a LOT for the data gathering section...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Sun Aug 19, 2012 7:50 pm

Re: Finally took the plunge, started 08/05/12

HOLY COW!  Yeah I didn't show every single step, except for the section that had the Exam Challenge.

The rest of the lab report was basically the vuln, and proof of exploitation.
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Aug 20, 2012 3:30 am

Re: Finally took the plunge, started 08/05/12

wow sounds like the reprots are pretty hardcore I was not expecting it to be that long but now thinking about it I could see why it would be.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

Darktaurus

User avatar

Full Member
Full Member

Posts: 181

Joined: Thu Sep 03, 2009 8:48 am

Post Mon Aug 20, 2012 11:14 am

Re: Finally took the plunge, started 08/05/12

My report was 205 and the exam was about 30ish.  It was a long process since I wanted to the report to be perfect but the screenshots were a pain.  It would always throw off everything else in the report as far as formatting.

TIP: Work on your report while you are doing the course.  At least the last two weeks of the course.  It helped me out a lot. 
OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Aug 20, 2012 11:37 am

Re: Finally took the plunge, started 08/05/12

ok sorry is this is really dump question but you say work on your report how can this be done ?

From my understnading you get lab time what is another network to your exam ? Do you not get an exam network where you need to write a reprot for that ?
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Aug 20, 2012 11:50 am

Re: Finally took the plunge, started 08/05/12

It's recommended to write the report while you progress through the course rather than at the very end of your course time. This way you have things right in memory and won't need to spend your last time with just report writing, which might take quite a while if you are just starting with it. If you document your findings too sloppy in your temporary format, it might also be difficult to document it properly in your final report (especially if your lab time is over and you can't go back to verify).
Last edited by UNIX on Mon Aug 20, 2012 11:53 am, edited 1 time in total.
<<

Darktaurus

User avatar

Full Member
Full Member

Posts: 181

Joined: Thu Sep 03, 2009 8:48 am

Post Mon Aug 20, 2012 11:56 am

Re: Finally took the plunge, started 08/05/12

From what I remember, they give you a template to the report for the Lab PenTest.  I am talking about the LAB portion.  You should take notes while you are working on the lab.  Add your notes/results to the report ( for screenshots).  You can work on some of the notes after the course is over but it seemed better to me to do it while you still have access to the lab.  The exam is whole other animal.  But you will see once you take it. :) 
OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com
<<

S3curityM0nkey

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon May 16, 2011 6:47 pm

Post Tue Aug 21, 2012 12:18 am

Re: Finally took the plunge, started 08/05/12

Jamie.R wrote:ok sorry is this is really dump question but you say work on your report how can this be done ?



I see what you are saying. I think what the other guys are saying is that you include your normal Lab work in with the pen test report at the end? So work on the format of the lab work report as you go so you don't have a heap of formatting to do right at the end.... is that correct???
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Tue Aug 21, 2012 1:58 am

Re: Finally took the plunge, started 08/05/12

jamier,

What they are trying to say is, it's a good idea to review the report template provided by Off-Sec before starting your attacks..so you can start writing your report as you go. Example: once you attack and gain root on your first host, you can put screen shots and all other useful information in the report at that time, so you do not have to at a later time. From the people who have taken the course, they mostly agree to create your report while you go through the lab instead of waiting to do it all at the end of your lab time.
OSCP in progress
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Tue Aug 21, 2012 3:08 am

Re: Finally took the plunge, started 08/05/12

Yah I am with you now I gussed that is what was being implied but just want to make sure.

Does the lab change that much the exam one ?
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Tue Aug 21, 2012 4:42 am

Re: Finally took the plunge, started 08/05/12

I don't believe the individuals who have taken the exam are able to answer that question. From what I have been told, if you can root the majority of the systems in the lab..you should do fine.
OSCP in progress
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Aug 21, 2012 7:48 am

Re: Finally took the plunge, started 08/05/12

@Jamie.R - as a former Offsec student, you should understand that we can only give you so much info on that.  I'd agree with the post, above - if someone is doing well in the lab, and understands not only the specific exercises and steps to pwn those targets, but the fundamentals of what they're seeing and doing, they SHOULD do well on the exam.  If a person finds themself really struggling in the lab, then perhaps they should spend more time studying, before attempting the exam. 

That's all I'll really give you, on that one, except to say, 'try harder' <evil grin>  Put it this way, I'm currently studying for a second attempt on my OSCE exam.  I thought I was ready, the first time, and, looking back, I was 'ALMOST' there.  But I realized, after attempt #1, what I needed work on.  So it's not always an exact science, of knowing the labs to ace the exam.  Labs are preparatory, but not necessarily all-inclusive.  Offsec is preparing you for the real world of pentesting.  Hope you are enjoying the challenge!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
PreviousNext

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software