prats84

Forum Replies Created

Viewing 15 posts - 1 through 15 (of 65 total)
  • Author
    Posts
  • #53667
     prats84 
    Participant

    Thanx 🙂

  • #53550
     prats84 
    Participant

    @anarky
    There are several hosts you can exploit with different exploits.

    Joe gives out small challenges like try to do certain tasks using automation, then try to find out what hosts are live etc.

    Then he has given a web app walkthrough. This is not much of a challenge, but initial exercise to get a bit hands on with web app but i am sure there will be more challenges to come 🙂

  • #53545
     prats84 
    Participant

    So far I haven’t scanned the entire network space.

    Just sweeped thru 2x /24 which had some 35 hosts

    I have just finished two challenges. and there are couple more to do on some new subnets.

    There could be 300 hosts cause its all virtual environment.
    Waiting to get some tasks on WAF/IPS byapss etc.

  • #53543
     prats84 
    Participant

    I have taken up the lab and so far its been good.
    Get bi-weekly challenges followed by the step-by-step path on solving the labs.
    You are not just limited to do the tasks but can do almost anything with the lab machines (except breaking them for others)

  • #53449
     prats84 
    Participant

    @vijonline

    A month or two ago, I posted a brief about my method and resources used for my GCIH journey in the below thread.

    Hope that is useful for you.

    https://www.ethicalhacker.net/forums/viewtopic.php?f=5&t=11285&p=61004&hilit=gcih#p61004

  • #53394
     prats84 
    Participant

    Thanks for the heads up guys!!
    But this is more off a lab practice than a proper course.

  • #53403
     prats84 
    Participant

    Thanks for sharing your methodology.

  • #53376
     prats84 
    Participant

    Congrats !!
    You gonna write up about your OSCP journey ?

  • #53325
     prats84 
    Participant

    @uksecurityguy

    Another issue I see usually is company running same template for Vulnerability assessment and Penetration testing every month for internal testing.

    I mean at least every two months should not change the template depending on what the infrastructure or application have changed?

  • #53331
     prats84 
    Participant

    Jose,

    The Mile2 course content look promising. I think they might be correct in saying covers OSCP objective in terms of the material and topics covered.

    However OSCP Labs offer scenario based real-life environments to
    practice. Looking at the Mile2 lab objective I do not feel they offer that level of lab practice as it indicates that a student should spend 20 hours or more performing the labs.

    Anyone who has taking OSCP would know what 20 hours is 😉

    This is what the labs objective on Mile2 course

    This is an intensive hands-on class that includes an updated 300 page lab guide. Students may spend 20 hours or more performing labs that walk them through a real world Pen Testing model. Labs begin with simple activities and move on to more complex procedures. During labs, students move through a detailed Lab Guide containing screen shots, commands to be typed, and steps students should take. Students will make use of scores of traditional and cutting edge Pen Testing tools (GUI and command line, Windows and Linux) as they make their way through mile2®’s time-tested methodology. (See Outline below for tool titles) Customers can be confident that as new methods arise in the security world, our labs are updated to reflect them.

    In Summary, The course Mile2 offers would likely cover the theory OSCP offer.

  • #53322
     prats84 
    Participant

    Thanks for the replies.

    I think the biggest issue is ya, having to define the scope.

    Sometimes the clients just want a tick in the box and would only ask to test a small portion of the environment.

  • #53319
     prats84 
    Participant

    This all falls under defense-in-depth.
    A security personnel has to get things right all the time. but cyber criminals need only once chance..

  • #53301
     prats84 
    Participant

    Another awesome one!
    Would love to do 560 or 610 😉

  • #53298
     prats84 
    Participant

    Thanks guys!
    So now i have GSEC and GCIH … working on Python and CCIE certificate now.

  • #53286
     prats84 
    Participant

    Would be great if you can show like different network subnets and components showing a more real-life scenarios. For example something like OSCP labs. How they have couple of networks separated by firewalls.

    By saying oscp i dont mean the hosts details etc. But just more on having some virtual Firewall between the networks. How to automate the start and stop of VMs. May be restore from snapshots.

    I had a little difficult time to do automate restore from snapshots.

    Thanks.

    Pratik

Viewing 15 posts - 1 through 15 (of 65 total)

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?