+ Reply to Thread
Page 1 of 6 1 2345 ... Last
Results 1 to 25 of 139
  1. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #1

    Default OSCP Experience Thread - MSP-IT

    As I did with my SCPD certificate, this thread will outline my experience while I go through the certification program.

    In my mind, I've made leaps and bounds in the security industry with very little experience. Having only been in IT less than 2 years, and information security even less than 1, I've completed my CCNA: Security, SSCP, and the CISSP exam to this point. Despite the fact that I have indeed worked pretty hard to complete the prior mentioned certifications, they haven't present THAT much of a challenge. This is why I'm turning to the OSCP. I'm ready to try harder.

    Despite its recognition and its ability to cushion a resume well, I'm primarily taking the OSCP in order to give me the pen-testing deep dive I'm been preparing myself for through theory training. Starting with the OSCP, my rough plan is to work towards more of an exploitation role through the eCRE with eLearnSecurity and finally to the OSCE with Offensive Security. I believe this will give me the best "bang for the buck" when it comes to certifications. This is also the closest path to my current experience in security working in DevOps and automation.

    For me, the challenge starts Aug. 16th and extends until my 90-day lab access ends.

    Stay tuned.
    Reply With Quote Quote  

  2. SS -->
  3. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #2
    I'm definitely going to keep a close eye on this one. Best of luck throughout this, I'm sure you're going to have a great time and learn a lot.
    Reply With Quote Quote  

  4. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #3
    I honestly can't explain how excited I am. I was hoping to start today, but you have to schedule it at least 6 days in advance.
    Reply With Quote Quote  

  5. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #4
    Good luck with your endeavor! Definitely keep this thread updated. I have this on my radar for next year.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Sep 2013
    Posts
    732

    Certifications
    MBA | CISSP | PMP | PMI-ACP | CISM | GMON | GCIH | Sec+ | MCITP: SA | MCSA Win 7 | CCNA
    #5
    Best of luck man, your determination is motivating! I'll be following to see how you handle it, I'm sure you'll learn a ton too.
    Reply With Quote Quote  

  7. Sith Lord SephStorm's Avatar
    Join Date
    Dec 2009
    Location
    Atlanta, GA
    Posts
    1,706

    Certifications
    GPEN, GCIH, SFCP, CPT, CEH, QND
    #6
    I'm interested to hear about your research process for filling in the training gaps.
    Reply With Quote Quote  

  8. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #7
    Quote Originally Posted by SephStorm View Post
    I'm interested to hear about your research process for filling in the training gaps.
    If you haven't read it before, take a look at g0tmi1k's OSCE review here, or OSCP here. At the bottom of the review, he has a reading list in preparation for the course; OSCE in this case.

    Out of the books he recommended, I purchased:
    Hacking: The Art of Exploitation - John Erickson
    The Shellcoders Handbook - Jack Koziol
    Assembly Language Step-by-Step: Programming with Linux - Jeff Duntemann

    And out of my own interest and what I believe I needed the most preparation on:
    The Hacker Playbook: Practical Guide to Penetration Testing - Peter Kim
    The Linux Bible - Christopher Negus

    I was planning on taking the Linux+/LPIC before the OSCP, but decided I'd rather learn as I go. I've gotten a little bit of Linux hands-on through work over the past 3 months. Hopefully it will be enough to start the course. If not, I'd like to think I pick up things quickly.
    Last edited by MSP-IT; 08-11-2014 at 01:58 PM.
    Reply With Quote Quote  

  9. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,828

    Certifications
    BS-CST CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF
    #8
    I often thought about taking a linux cert prior to the OSCP and honestly it seemed like it wouldn't make to huge of a difference. Good luck and look forward to see your review!
    WIP:
    MS in Legal Studies - Drexel University
    Mobile Forensics
    Kotlin
    Python
    Reply With Quote Quote  

  10. Member Killj0y's Avatar
    Join Date
    Mar 2010
    Location
    www.agoonie.com
    Posts
    39
    #9
    Good luck on the offsec courses. I recently got the Hacker Playbook and I am enjoying it. Nice read. Another good one would be the Red Team Field Manual. I just wish it came in a Kindle version.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Apr 2013
    Posts
    1,896
    #10
    Good luck! I've been emailing the people at OS myself about taking the course. I've been trying to get into infosec, have a few certs but not nearly enough hands on, it seems like this one would make a world of difference.
    Reply With Quote Quote  

  12. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #11
    Waiting patiently for my lab activation.
    Last edited by MSP-IT; 08-17-2014 at 06:25 PM.
    Reply With Quote Quote  

  13. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #12
    I think I am going to make the plunge and fork over the money for this soon. I'm going on vacation next week, so I'll probably start it after that. Although grad school starts up next week again too. Decisions...

    Good luck on this. I will be following this thread.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #13
    Nah man...get started while you're on vacation. If you're taking OSCP...its time to start getting used to ignoring the family
    Reply With Quote Quote  

  15. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #14
    On that path right now, good luck!
    Reply With Quote Quote  

  16. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #15
    So it turns out I selected the wrong timezone and it came 2 hours late right when I was getting to bed.

    I am having a bit of trouble this morning though. I'm working through the exercises and supposed to be using my supplied Windows machine on their network, but their revert/reset commands aren't working so I can't hit my machine. I was hoping to get some work done today, but the Admins in the IRC channel said it may take a while. It's a bit disappointing that I can't do much on my first day.
    Last edited by MSP-IT; 08-18-2014 at 12:46 PM.
    Reply With Quote Quote  

  17. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #16
    I'm a little confused - The Windows 7 client you should be using is Offsec's Windows 7 lab machine. Not your own local Windows box. Am I misunderstanding your post? Using the world 'local' makes me think you're attempting to utilize your own Windows machine in their environment.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #17
    Yeah...sounds that way to me too. They should have given you an IP to a dedicated Windows box in their lab
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Apr 2012
    Posts
    230

    Certifications
    A+, Security+, CCENT, C|EH, GCFE, GCFA, GREM
    #18
    I'm in the labs for it right now too, after taking some time out for CEH. Good luck, have fun, and be prepared for the challenge. If you wanna talk about the course, don't be afraid to give a shout in a PM.
    Reply With Quote Quote  

  20. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #19
    Quote Originally Posted by YFZblu View Post
    I'm a little confused - The Windows 7 client you should be using is Offsec's Windows 7 lab machine. Not your own local Windows box. Am I misunderstanding your post? Using the world 'local' makes me think you're attempting to utilize your own Windows machine in their environment.
    Yeah my phrasing on that is off. When I said local, I meant local to their network, not mine. Either way, the issue was ironed out late last night and I got through about an hour of videos.

    The first few sections are pretty interesting, although a little dry. I was a tad surprised at OffSec when I hit a little bump in the introductory lessons though. You can definitely tell they're wanting to prepare you to start thinking for yourself early on.

    I think the biggest issue I'm going to have is memorizing switch values. I'd like to think I'm good at understanding theory, which makes a lot IT work easier, but I doubt my ability when it comes to remembering specific values. I've never been good with wrote memory.
    Last edited by MSP-IT; 08-18-2014 at 12:53 PM.
    Reply With Quote Quote  

  21. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #20
    Quote Originally Posted by MSP-IT View Post
    I think the biggest issue I'm going to have is memorizing switch values. I'd like to think I'm good at understanding theory, which makes a lot IT work easier, but I doubt my ability when it comes to remembering specific values. I've never been good with wrote memory.
    That's my weakness as well, and what I've had difficulty with when looking at and studying technical security topics. That's why I've done so well in the GRC side of things. However OSCP is a practical cert and you can certainly make notes of things like that to have handy when doing the exam. I have always wondered in the real world just how much stuff pentesters know off the top of their head (100s of tools and many switches and functions per tool!) and how much they need to look things up or reference a cheat sheet.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  22. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #21
    Quote Originally Posted by JoJoCal19 View Post
    That's my weakness as well, and what I've had difficulty with when looking at and studying technical security topics. That's why I've done so well in the GRC side of things. However OSCP is a practical cert and you can certainly make notes of things like that to have handy when doing the exam. I have always wondered in the real world just how much stuff pentesters know off the top of their head (100s of tools and many switches and functions per tool!) and how much they need to look things up or reference a cheat sheet.
    I've heard that the RTFM is supposed to help with that. I'm expecting it in the mail later today.
    Reply With Quote Quote  

  23. Member
    Join Date
    Jan 2014
    Location
    Mumbai
    Posts
    40

    Certifications
    CISSP, CEH, CDCP, CISA, CISM
    #22
    All the best. And your postings will motivate and help others like me also.
    Reply With Quote Quote  

  24. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,423

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #23
    Meh I wouldn't worry too much. The stuff you use the most will be committed to memory naturally - For the rest, we have the pages
    Reply With Quote Quote  

  25. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #24
    Some recommended reading... The Hacker Playbook. I just got my copy today, and read the section on using powershell. I would not have even thought of using it during an attack. So yeah... worth reading and may help you during your OSCP studies.

    Ill be signing up for the OSCP next weekend and I think this book will certainly help.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #25
    Saw somebody reading that book on the way back from DEFCON. I was wondering about it, but decided not to ask the guy about it...as I was totally burned out on being sociable with strangers (certainly not my natural state) after a whole week of doing it.

    @Jojo and MSP-IT:
    Like YFZblu said...the memorization of the tools you use consistently will come naturally. But any time you have a question, during the course or test...nearly all of your major tools will have a help switch. Usually -h or --help. If that lacks the details you need...roll through the man page. Or pull up google. The OSCP challenge is just as much about being resourceful and being able to find answer as it is about knowledge you already have.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 6 1 2345 ... Last

Social Networking & Bookmarks