prats84

Forum Replies Created

Viewing 14 reply threads
  • Author
    Posts
    • #53667
      prats84
      Participant

      Thanx 🙂

    • #53550
      prats84
      Participant

      @Anarky
      There are several hosts you can exploit with different exploits.

      Joe gives out small challenges like try to do certain tasks using automation, then try to find out what hosts are live etc.

      Then he has given a web app walkthrough. This is not much of a challenge, but initial exercise to get a bit hands on with web app but i am sure there will be more challenges to come 🙂

    • #53545
      prats84
      Participant

      So far I haven’t scanned the entire network space.

      Just sweeped thru 2x /24 which had some 35 hosts

      I have just finished two challenges. and there are couple more to do on some new subnets.

      There could be 300 hosts cause its all virtual environment.
      Waiting to get some tasks on WAF/IPS byapss etc.

    • #53543
      prats84
      Participant

      I have taken up the lab and so far its been good.
      Get bi-weekly challenges followed by the step-by-step path on solving the labs.
      You are not just limited to do the tasks but can do almost anything with the lab machines (except breaking them for others)

    • #53449
      prats84
      Participant

      @vijonline

      A month or two ago, I posted a brief about my method and resources used for my GCIH journey in the below thread.

      Hope that is useful for you.

      https://www.ethicalhacker.net/forums/viewtopic.php?f=5&t=11285&p=61004&hilit=gcih#p61004

    • #53394
      prats84
      Participant

      Thanks for the heads up guys!!
      But this is more off a lab practice than a proper course.

    • #53403
      prats84
      Participant

      Thanks for sharing your methodology.

    • #53376
      prats84
      Participant

      Congrats !!
      You gonna write up about your OSCP journey ?

    • #53325
      prats84
      Participant

      @UKSecurityGuy

      Another issue I see usually is company running same template for Vulnerability assessment and Penetration testing every month for internal testing.

      I mean at least every two months should not change the template depending on what the infrastructure or application have changed?

    • #53331
      prats84
      Participant

      Jose,

      The Mile2 course content look promising. I think they might be correct in saying covers OSCP objective in terms of the material and topics covered.

      However OSCP Labs offer scenario based real-life environments to
      practice. Looking at the Mile2 lab objective I do not feel they offer that level of lab practice as it indicates that a student should spend 20 hours or more performing the labs.

      Anyone who has taking OSCP would know what 20 hours is 😉

      This is what the labs objective on Mile2 course

      This is an intensive hands-on class that includes an updated 300 page lab guide. Students may spend 20 hours or more performing labs that walk them through a real world Pen Testing model. Labs begin with simple activities and move on to more complex procedures. During labs, students move through a detailed Lab Guide containing screen shots, commands to be typed, and steps students should take. Students will make use of scores of traditional and cutting edge Pen Testing tools (GUI and command line, Windows and Linux) as they make their way through mile2®’s time-tested methodology. (See Outline below for tool titles) Customers can be confident that as new methods arise in the security world, our labs are updated to reflect them.

      In Summary, The course Mile2 offers would likely cover the theory OSCP offer.

    • #53322
      prats84
      Participant

      Thanks for the replies.

      I think the biggest issue is ya, having to define the scope.

      Sometimes the clients just want a tick in the box and would only ask to test a small portion of the environment.

    • #53319
      prats84
      Participant

      This all falls under defense-in-depth.
      A security personnel has to get things right all the time. but cyber criminals need only once chance..

    • #53301
      prats84
      Participant

      Another awesome one!
      Would love to do 560 or 610 😉

    • #53298
      prats84
      Participant

      Thanks guys!
      So now i have GSEC and GCIH … working on Python and CCIE certificate now.

    • #53286
      prats84
      Participant

      Would be great if you can show like different network subnets and components showing a more real-life scenarios. For example something like OSCP labs. How they have couple of networks separated by firewalls.

      By saying oscp i dont mean the hosts details etc. But just more on having some virtual Firewall between the networks. How to automate the start and stop of VMs. May be restore from snapshots.

      I had a little difficult time to do automate restore from snapshots.

      Thanks.

      Pratik

Viewing 14 reply threads

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?