+ Reply to Thread
Page 3 of 6 First 123 456 Last
Results 51 to 75 of 139
  1. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #51
    Maybe we could create an irc channel? I have a private irc server if anyone is interested PM me.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    May 2012
    Posts
    17
    #52
    I'm starting OSCP on 20th. Would love to join in
    Reply With Quote Quote  

  4. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    409

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #53
    Quote Originally Posted by MrAgent View Post
    Maybe we could create an irc channel? I have a private irc server if anyone is interested PM me.
    I'm interested. If we could all get on your IRC channel that would be great. I'd likely be on alot at weekends and some weekdays past 7pm (GMT).
    Reply With Quote Quote  

  5. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #54
    Quote Originally Posted by MrAgent View Post
    Maybe we could create an irc channel? I have a private irc server if anyone is interested PM me.
    Would you mind posting the information here? It seems as though there are enough of us for it to be useful.
    Reply With Quote Quote  

  6. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #55
    The IRC server is irc.osswg.com #oscp
    Its up and running now.
    Last edited by MrAgent; 09-13-2014 at 04:19 PM.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  7. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #56
    Quote Originally Posted by MrAgent View Post
    The IRC server is irc.osswg.com #oscp
    Its up and running now.
    Joined. Let the games begin.

    Progress
    PDF Guide: 100% Complete
    Videos: 50% Complete
    Lab Exercises: 40% Complete
    Lab Machine Penetration: 0/50 Attempted
    Reply With Quote Quote  

  8. Junior Member SCSI_BEAR's Avatar
    Join Date
    Sep 2014
    Location
    Glasgow
    Posts
    7

    Certifications
    CCNA, MCDST,ISTQB,C|EH,SMFE
    #57
    Should be ok for PM now Preflux
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    May 2012
    Posts
    17
    #58

    Default started oscp today

    Started OSCP today and it seems quite awesome so far. Material seems to be of skimming nature but that's where TRY HARDER comes into play. Still, this is my initial view and as I follow along your reviews and my experience with material, it might get better
    Reply With Quote Quote  

  10. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #59
    PDF Guide: 100% Complete
    Videos: 100% Complete
    Lab Exercises: 50% Complete
    Lab Machine Penetration: 0/50 Attempted


    At this point in time, I'm spending a lot more time getting to know the lab environment. I really want to get a feel for each one of the machines (fingerprinting) before I start to hack my way into them. I really want to feel decently prepared before I start chopping my tree.

    Give me six hours to chop down a tree and I will spend the first four sharpening the axe.
    - Abraham Lincoln

    Reply With Quote Quote  

  11. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #60
    Hey, guys, is the use of nmap limited in the course and on the exam? Metasploit obviously is but I was wondering whether you have to write your own scanners or it is cool to use nmap.

    Hope you are all going strong.
    Reply With Quote Quote  

  12. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #61
    nmap is pretty essential. I don't see why they would limit it. I used it heavily to get information.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  13. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #62
    Like MrAgent said, NMAP is a must.

    That being said, be sure to sudo scan and scan using the -sU (UDP) option. I'm returning more valuable results with scans that have root permissions.
    Reply With Quote Quote  

  14. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #63
    Progress
    PDF Guide:
    100% Complete
    Videos:
    100% Complete
    Lab Exercises:
    50% Complete
    Lab Machine Penetration:
    root @ 10/~50

    With 39 days left, I'd be lying if I said I wasn't concerned that I'm going to struggle to complete the rest of the machines.
    Last edited by MSP-IT; 09-30-2014 at 12:20 PM.
    Reply With Quote Quote  

  15. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #64
    I hear you. I still have quite a bit of time left, but having a family and graduate school going on along with a full time job is making it hard. I think I have only popped 7 boxes, 6 of which have been with metasploit.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  16. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #65
    Quote Originally Posted by MrAgent View Post
    I hear you. I still have quite a bit of time left, but having a family and graduate school going on along with a full time job is making it hard. I think I have only popped 7 boxes, 6 of which have been with metasploit.
    Isn't it recommended to not use Metasploit due to it not being allowed on the practical exam? Maybe I'm wrong about that.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  17. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #66
    Quote Originally Posted by JoJoCal19 View Post
    Isn't it recommended to not use Metasploit due to it not being allowed on the practical exam? Maybe I'm wrong about that.
    There are rules regarding the use of Metasploit on the exam. While it's not completely restricted, automatic exploitation is banned from all but one machine on the exam. I'm planning on going back to the machines that I've exploited easily via Metasploit and figure out if the attack can be done manually.
    Reply With Quote Quote  

  18. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #67
    Ah gotcha. I was thinking about that for whenever I get around to the OSCP, just doing them manually up front if at all possible.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #68
    You need to know Metasploit and you need to be able to exploit manually. But knowing your way around Metasploit is just as important. Its just less emphasized because its generally easier than manual exploitation.
    Reply With Quote Quote  

  20. Junior Member SCSI_BEAR's Avatar
    Join Date
    Sep 2014
    Location
    Glasgow
    Posts
    7

    Certifications
    CCNA, MCDST,ISTQB,C|EH,SMFE
    #69
    Progress
    PDF Guide: 90% Complete
    Videos: 90% Complete
    Lab Exercises: 85% Complete
    Lab Machine Penetration: 12/50 Attempted
    Lab Machine Penetration: 11/50 PWNED

    Hi folks, I just thought I would update my progress so far. Progress has been slow, usually due to frustration and annoyance at not being able to pwn boxes, but perseverance pays off and I have now been able to PWN 11 boxes and got access to the IT-Dept as well.

    Reading a few of the other posts I can see the discussion about MetaSploit coming up. Sploit is ok as long as it is not used to exploit, you can use it to create payloads and set up listeners etc.........

    Some of the boxes do not need MetaSploit or any exploit to PWN, admittedly these are probably considered to be low hanging fruit, but I do get a sense of satisfaction PWNing a box without having to use any tools

    @MSP-IT To ROOT 10 boxes with only covering off 50% of the course is an excellent effort I reckon, 39 days is a long time.

    Anyway, I am off now to start looking at what the IT-Dept has to offer, if anybody has been able to PWN any of those boxes then I would not say no to a bit of a hint here or there
    Reply With Quote Quote  

  21. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #70
    SCSI_BEAR: Feel free to join us in IRC. We've been helping each other out there.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  22. Junior Member
    Join Date
    Apr 2014
    Posts
    12

    Certifications
    Active: OSCP, CISSP,GCIA,GCIH,CISA,CWNA, Prince2 Expired:CCNP, CCNA, VCP, FCNSP, MCSE, A+
    #71
    Hi Guys, I am starting to hit walls in the lab now and I see what people meant when they said this course will keep the frustration levels very high.

    I cant send Private messages, anyone able to advice how do i get this enabled on my account. I sent the forum admin emails this week but havent heard anything back yet.
    Reply With Quote Quote  

  23. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #72
    Just a quick update.

    I haven't made any further progress on the lab or materials. I'm hitting some huge bumps in my personal life that are keeping me from studying. Depending on how the next few weeks go, I'll be looking at a 30-60 day extension.
    Reply With Quote Quote  

  24. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #73
    Good luck. Hopefully you can get back on track. I have to say, the OSCP threads here that keep dying out are depressing. I can definitely see the need to really think about and evaluate if life/work will be conducive to giving it a go when that time comes.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  25. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #74
    When it comes down to it, I believe the material just doesn't cover what you need to know regarding the lab, hence the "try harder". While the PDF and videos provide you with tools to succeed, the thought process and determination are self-supplied. This isn't necessarily a bad thing, but it it does require that you do more research on your own time. I mentioned it in another post, but if I were to do this again, I'd probably want to go through some other course like the eCPPT prior to taking the OSCP. I think my lack of true experience in the field is starting to show.

    The biggest bump I've hit in the labs is just after fingerprinting. I have a large spreadsheet with everything I could possibly know about the machines on the lab, but I really have few directions to head. With the exam limiting your use of metasploit and outright banning vulnerability scanners, one needs to understand how to identify and exploit vulnerabilities manually. Scanning through the book, you'll see little (no) information regarding exploitation without the use of metasploit. Sure, it covers identifying SQL injection vulnerabilities and exploit development, but at what point does that become obsolete when you have no/little ability to mock the target machine locally? Reading through the book for a second time, I'm trying to understand the thought process and mindset I'm supposed to have when attacking the labs.

    I picked up Fyodor's NMAP book, Metasploit Unleashed, and I'm going through Hacking Exposed 7 again, hoping to pick up the pieces that I've missed about actually exploiting or getting into the machines. From what I've seen, the writers express a deep understanding of most protocols that assume that once a specific port and/or service is identified, the machine is more or less pwned. This invisible barrier of the actual exploitation process is something that's falling through the cracks and is really keeping me from progressing and understanding my next move.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Apr 2013
    Posts
    1,890
    #75
    Thanks for the updates. I've been thinking of doing the OSCP but it seems like for now it's above my level. I've done a lot of sysadmin work and am entering the security field now but have zero experience as pen tester. Sounds like it would be smarter for me to learn some of the background more first before even signing up.
    Reply With Quote Quote  

+ Reply to Thread
Page 3 of 6 First 123 456 Last

Social Networking & Bookmarks