.

My OSCP journey...

<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Tue Aug 14, 2012 9:02 pm

My OSCP journey...

Hi,

I started the course on Sunday and now I'm 3 days in :-)

Maybe I can talk a little about how this deal goes for me and hope it's a fun read with my ups and down with this journey!!

Feel fee to post anything you like in here. Good or bad. Things I do wrong or something else you wanna say.

When I read about Offsec I said: THIS IS IT! Don't give me that CEH theoretical bull, I wanna have hands on challenge me that it hurts and I wanna cry stuff !! I ran to get my wallet and ordered my slot right at the spot.

After following their procedure I received a mail that I was booked for Saterday evening at 19.00h GMT-5.. What? Are you kidding me, that's like... waiting a small week !!!!!! NO !!

I was just like a little kid, waiting for that email to arrive on Saturday evening. I think I googled 10 times to know what 19.00h GMT-5 exactly was in my timezone :-) It has been a long time since I felt this way! I guess that's a good sign no?

There I was ready at my PC...19.00h passed.. nothing came in ? WHAT ? 19.01 still nothing! .. 19.02..19.03..19.04....19.05 !! THERE IT IS !!!

The cronjob script that sends out these mails is set to run not at 19.00 but at 19.05 !! I'm telling ya !! NASTY !!!!!!! :-)

I have been putting all the time I can into it so far, but have other stuff to do during the day, so after 3 days I already learned a lot. The text is extremely well written and the videos are very very good and never boring. The good thing about this text is that it leaves you googling for a lot of things, and I guess that's how it should be. Not everything is int he text, but everything is in the text to get you going search for more...

I'm doing the extra miles questions after each chapter who aren't needed but advised, but hey, that's easy said, I'm only 3 days in, I just started with 3.2.

I do feel myself jumping to the exercise immediately after finishing a chapter looking for solutions on their questions and by doing so forgetting to watch the splendid video's... now here's an exciting boy!

What I learned from this course is that you need to document your steps. I understand it's the only way. The nice tool to take notes (notetaker) under linux that I had no idea it existed helps me a lot. Done something in the shell that's cool  ? No problem, press ctrl-insert and that program just takes a screenshot and puts it in your text. Screenshot to big ? No biggie, just right click and resize it on the spot. Easy.. very easy...

Can't wait to try to attack all those boxes smiling at me after I found all their cool names.....but I'm holding off.. first I need to finish the guide and make sure I understand everything !!!

Great job Offsec and Thanks for your product !!
Try harder....hmpf!!
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Aug 14, 2012 10:56 pm

Re: My OSCP journey...

Awesome, I love the enthusiasm!

If you ever get discouraged, just remember that they have three more advanced courses and this is only the tip of the iceberg ;)
The day you stop learning is the day you start becoming obsolete.
<<

Catalyst256

User avatar

Newbie
Newbie

Posts: 23

Joined: Thu Dec 22, 2011 11:05 am

Post Wed Aug 15, 2012 1:25 am

Re: My OSCP journey...

Sternone, I'm 3 weeks into the OSCP course and still having a blast, I spend most of my time in the labs (need to do the exercises) and the learning never stops. Make sure you join the IRC channel (#offsec) I didn't to start with but it really helps having other people to talk to.

Just remember the course isn't supposed to be easy, but it's not impossible, have fun and enjoy what you learn.

When you get stuck on a machine in the lab, try not to stress over it, just take a break and move onto another machine (there are plenty) what you might find is that as you learn new tricks and techniques you will find something that can help you with those "tricky" machines.

I will just share some tips that I've found useful since I've started.

1. You are not trying anything that other people haven't already done, so remember google is your friend.
2. ENJOY IT
3. If in doubt "Try Harder" (course motto).

Adam
@catalyst256

Security+ OSCP VCP CCA
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Wed Aug 15, 2012 3:10 am

Re: My OSCP journey...

Sounds like a lot of fun how have you allocated time do you spend all day in the labs whats your breakdown ?
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

Catalyst256

User avatar

Newbie
Newbie

Posts: 23

Joined: Thu Dec 22, 2011 11:05 am

Post Wed Aug 15, 2012 3:35 am

Re: My OSCP journey...

So obviously it's down to the individual but I spend 3+ hours in the lab at least 5 days a week (have a full time job, so study is all in my own time).

I use the course videos and material for reference or to cover off areas I don't know about. If I get the chance at work I will research tools/techniques etc that I need to "pop" a box in the lab.

The majority of my lab time so far has been enumeration tasks and collecting information. It is really important to enumerate every box as much as possible,

I've found no end of useful bits of information from scans that have helped a lot.

Again it's all down to the individual and how they learn best.

Adam
@catalyst256

Security+ OSCP VCP CCA
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Wed Aug 15, 2012 7:52 am

Re: My OSCP journey...

It would probably also help other readers of this post if you both share your background and experience both in IT and security. That way other people looking to take the class can see what sort of skills they may want to have before taking the plunge.

Great overviews thus far though. Enjoy the rest of course and good luck on the exam!
<<

Catalyst256

User avatar

Newbie
Newbie

Posts: 23

Joined: Thu Dec 22, 2011 11:05 am

Post Wed Aug 15, 2012 8:04 am

Re: My OSCP journey...

No worries BillV..  :)

I've got 16 year experience working in IT mostly operations/sys admin roles. Just started to get more focused on infosec since the beginning of the year. Done my Security+ exam and got a couple of other certs (not security related).

Done bits and bobs over the years that touch security (firewall configs, wireless networks etc) but never really focused on it.

Doing the OSCP to give me some more "hands on" experience and give me a good base to build on.
@catalyst256

Security+ OSCP VCP CCA
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Wed Aug 15, 2012 10:13 am

Re: My OSCP journey...

My background: I started in 1982 programming on a ViC20 :-)

I was always fascinated with hacking and cracking. Then end of the 80's I boxed a lot, especially with the color blue.

;-)

I'm always well shaved too.

For some old timers that might ring a 'bell'.
Last edited by sternone on Wed Aug 15, 2012 10:16 am, edited 1 time in total.
Try harder....hmpf!!
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Thu Aug 16, 2012 3:22 am

Re: My OSCP journey...

My background,

Well started using computer when they first come out my first computer was a Time that came with Doom and Theme Park. Since I got that I was kinder hocked on computers. I was more into software really lvoed learning shortcup and showing off when asked to do somthing at school.

At school started messing with new things leanring new stuff found some cool bugs in the system and thought hacking was really cool wanted to get into it so much but it was prettty hard back them with not course like there are today.

I left school and was not sure what I wanted to do as a job so tried my hand at a few things before deciding to go uni all this time I was hoooked on security reading about it in the news watching movies trying break things so on

I finally went uni and spent most of my time moaning that security was really skipped over.

Left uni and jsut wanted to get more involved in security so started doing course going to events meeting people and kinder took off from that.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

sternone

Full Member
Full Member

Posts: 129

Joined: Tue Aug 07, 2012 1:31 am

Post Fri Aug 17, 2012 6:07 pm

Re: My OSCP journey...

DAY 6
-------

Alright Folks, I'm now in my 6th day. I have been using almost every time I have left to work on the document, watch the videos, and do the exercises.

I just finished module 6, but just 1 time, like, let's see what this real deal with 'buffer overflow exploitation is''

ARE YOU KIDDING ME ? THAT'S FREAKING AWESOME !!

This course is the course I always wanted. I missed probably 2 or 3 steps in the chapter where I couldn't really follow what he was doing but I'm planning to spend a lot of time and a lot of rehearsing the Buffer Overflow Fun.

I will tonight also look on amazon what good beginners books I could buy for some more Assembly information. Any advise ?

Module 5, the Man in the Middle attacks was very sweet too, but no labs, I understand, I will have to set it up myself, but I didn't do it for the moment. I have a feeling I could easily spend 2 or 3 days of fun on that chapter alone in a mini lab. I hope that's not a mistake, but I grasp all the information and follow it completely, including what exactly happens on the OSI level with ARP requests on network devices, so I'm ok with that.

I pretty much already scanned the whole network for a lot of stuff and documented it good, some of those scans took like hours, but with good results, I must stop using the xxx.xxx.xxx.0/24 when doing my scans because I end up scanning computers that I'm not allowed too, so I'm now scannign the xxx.xxx.xxx.192/26 subnet, I can't have one for .200 to .254 so only scanning an extra 3 or so :-) You do get an immediate email saying 'what's up!!' but that's a good thing, they seem to know what you're doing.

Unicorn doesn't allow you to give 200-254 as an option for hosts, you need Unicorn to give 192/26 or 0/24, that's why I ran into trouble...

This weekend will be all Buffer Overflow weekend, and it's OK if I only stay with 1 module.. I wanna grasp the basics very good :-) !!!!
Try harder....hmpf!!
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Aug 17, 2012 10:17 pm

Re: My OSCP journey...

Sounds like you're really enjoying yourself.  Keep it up!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sat Aug 18, 2012 1:04 am

Re: My OSCP journey...

sternone wrote:I will tonight also look on amazon what good beginners books I could buy for some more Assembly information. Any advise ?


I'd recommend the Intel Software Developer Manuals.
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Sat Aug 18, 2012 4:07 am

Re: My OSCP journey...

there are also lots free video on security tube that cover Intel assembly and stuff like that.
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sat Aug 18, 2012 7:07 am

Re: My OSCP journey...

Nice updates guys!  Keep it up!  Makes me want to take the course but time is limited at the moment. 
Certs: GCWN
(@)Dewser
<<

sh4d0wmanPP

Newbie
Newbie

Posts: 42

Joined: Sat Aug 11, 2012 6:42 am

Post Sat Aug 18, 2012 7:31 am

Re: My OSCP journey...

Hmm, I really wanna do this course but lack the time right now. I can recommend Smashthestack.org IO challenges for anybody that wants to improve their exploitation skills before opting for OSCP. I found it beneficial as it improved my gdb knowledge and general Linux exploitation skills.

Currently contemplating if I should do eCPPT in the mean time (since they have flexible labtime) but a bit scared I know most of it already.

If you need custom shellcode and have no access to metasploit, this is a good resource: http://www.shell-storm.org/
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP
Next

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software