Forum Replies Created
November 28, 2013 at 11:31 pm #53667
October 3, 2013 at 3:47 am #53550
There are several hosts you can exploit with different exploits.
Joe gives out small challenges like try to do certain tasks using automation, then try to find out what hosts are live etc.
Then he has given a web app walkthrough. This is not much of a challenge, but initial exercise to get a bit hands on with web app but i am sure there will be more challenges to come 🙂
September 30, 2013 at 6:13 am #53545
So far I haven’t scanned the entire network space.
Just sweeped thru 2x /24 which had some 35 hosts
I have just finished two challenges. and there are couple more to do on some new subnets.
There could be 300 hosts cause its all virtual environment.
Waiting to get some tasks on WAF/IPS byapss etc.
September 30, 2013 at 1:30 am #53543
I have taken up the lab and so far its been good.
Get bi-weekly challenges followed by the step-by-step path on solving the labs.
You are not just limited to do the tasks but can do almost anything with the lab machines (except breaking them for others)
September 2, 2013 at 5:27 am #53449
A month or two ago, I posted a brief about my method and resources used for my GCIH journey in the below thread.
Hope that is useful for you.
August 22, 2013 at 8:26 pm #53394
Thanks for the heads up guys!!
But this is more off a lab practice than a proper course.
August 20, 2013 at 2:42 am #53403
Thanks for sharing your methodology.
August 19, 2013 at 1:38 am #53376
You gonna write up about your OSCP journey ?
August 16, 2013 at 7:31 am #53325
Another issue I see usually is company running same template for Vulnerability assessment and Penetration testing every month for internal testing.
I mean at least every two months should not change the template depending on what the infrastructure or application have changed?
August 12, 2013 at 3:38 am #53331
The Mile2 course content look promising. I think they might be correct in saying covers OSCP objective in terms of the material and topics covered.
However OSCP Labs offer scenario based real-life environments to
practice. Looking at the Mile2 lab objective I do not feel they offer that level of lab practice as it indicates that a student should spend 20 hours or more performing the labs.
Anyone who has taking OSCP would know what 20 hours is 😉
This is what the labs objective on Mile2 course
This is an intensive hands-on class that includes an updated 300 page lab guide. Students may spend 20 hours or more performing labs that walk them through a real world Pen Testing model. Labs begin with simple activities and move on to more complex procedures. During labs, students move through a detailed Lab Guide containing screen shots, commands to be typed, and steps students should take. Students will make use of scores of traditional and cutting edge Pen Testing tools (GUI and command line, Windows and Linux) as they make their way through mile2®’s time-tested methodology. (See Outline below for tool titles) Customers can be confident that as new methods arise in the security world, our labs are updated to reflect them.
In Summary, The course Mile2 offers would likely cover the theory OSCP offer.
August 12, 2013 at 3:21 am #53322
Thanks for the replies.
I think the biggest issue is ya, having to define the scope.
Sometimes the clients just want a tick in the box and would only ask to test a small portion of the environment.
August 8, 2013 at 3:17 am #53319
This all falls under defense-in-depth.
A security personnel has to get things right all the time. but cyber criminals need only once chance..
August 7, 2013 at 5:15 am #53301
Another awesome one!
Would love to do 560 or 610 😉
August 6, 2013 at 12:17 am #53298
So now i have GSEC and GCIH … working on Python and CCIE certificate now.
July 31, 2013 at 8:03 am #53286
Would be great if you can show like different network subnets and components showing a more real-life scenarios. For example something like OSCP labs. How they have couple of networks separated by firewalls.
By saying oscp i dont mean the hosts details etc. But just more on having some virtual Firewall between the networks. How to automate the start and stop of VMs. May be restore from snapshots.
I had a little difficult time to do automate restore from snapshots.