+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 53
  1. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    427

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #1

    Default OSCP - My Journey - si20 (Starts 22nd Sept)

    I've pondered over the OSCP since the course was run with Backtrack. I've decided that now is the time. Since i've got my BSc degree, i've done the OSWP course and a networking course to make sure my networking was enough to get by. I've read some pretty scary reviews about the OSCP - everyone agrees that the content is great, but the difficulty is supposed to be high....very high.

    Well, I've gone for it anyway. I've worked out that I can put 3-4 hours in MAXIMUM per weekday and around 7-8 hours on a weekend. It's going to be a tough one, but it's now or never. Expect an update on 22nd Sept - and every other day as I give you updates on how i'm doing. As of 1st Sept, I have little pen-testing experience aside from doing the OSWP and a security module at University which consisted of manual exploitation/metasploit. Let's see how I go!

    Please stay tuned and support me on this journey
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,284

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #2
    Good luck!
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  4. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #3
    These OSCP threads sure are motivating. Looking forward to it, best of luck!
    Reply With Quote Quote  

  5. ' or 1=1 EngRob's Avatar
    Join Date
    Jun 2013
    Location
    Humid Florida
    Posts
    239

    Certifications
    GPEN, GWAPT, GCIH, GCFE, GSEC, CCNA, CCNA:Security, CCSA(exp), Security+, Network+, Linux+, Server+, A+, Project+, CEH, CHFI
    #4
    Good luck!.

    Hey Master - Are you still planning to start in Q4?
    Reply With Quote Quote  

  6. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #5
    That was the plan but, sadly, I don't see it happening. I really wish I could though. There are projects at work, scheduled for the next four months, all of which I am going to be heavily involved with. I'm very determined to still find time to study and I'm sure I will but it won't be enough for the real deal - starting the course.

    Are you planning to start soon too?
    Reply With Quote Quote  

  7. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    427

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #6
    Thanks for all the positive messages. Just an update to say that my place of work has changed my shifts from day shift 9am-5:30pm to 7am-7pm, with 4 days on, 4 days off. This 'might' work out better depending on how tired I get during work. I'm going to try and build a plan of exactly when I can/can't work on the OSCP because my situation has literally changed overnight.
    Reply With Quote Quote  

  8. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    427

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #7
    Well it looks as if I was wrong by 1 day....the course starts midnight TONIGHT! I should probably be very excited but instead, i'm a bit anxious. I've taken on a CTF with friends from work (security guys) and we were told it'd be a fairly easy CTF... Instead, it has been VERY hard, so it has knocked my confidence.

    Either way, i'll continually write updates throughout the 90 days and give you guys an idea of how easy/difficult this thing is. I'm going to put in everything i've got to pass this - if I fail at the end, at least I know I did my best.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #8
    The only way you "fail" is if you give up. If its difficult, you may need to extend and you may need to take the test multiple times, but there is no reason you shouldn't be able to attain the goal. Just keep pushing until you get there. That's what the course is all about.

    FYI...It took me 90-days plus a 15-day extension to get there. Everyone's mileage varies on this.
    Reply With Quote Quote  

  10. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    427

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #9
    Day 1:

    As does everyone who signs up for the OSCP, I managed to somehow get the starting time wrong. The OffSec website said 00:00 but actually arrived at 01:00 - thanks British Summer Time!

    I received a rather lengthy email which consisted of videos to follow, the main pdf which serves as your source of information and your username and password for the VPN you'll use to connect to the lab. I managed to read 47 pages which were fairly straight forward - but I have learned 2/3 new things already. I'm going to get through as much as I can today and see how I find it.
    Reply With Quote Quote  

  11. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    427

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #10
    I apologise to all of those wanting to see my daily progress. I dropped off the radar because:

    I work 12 hour shifts and once I get home, I don't work on the OSCP - I only work on the OSCP on my days off. This has severely limited the time I can work on the course. The OSCP is HARD - very hard. The PDF/exercises teach you the basics of the tools. Pen-testing in the lab is tough - just like in the real world. I started off very well. I managed to pop a few machines, get 100 pages into the PDF and that's when I hit the wall.

    The OSCP pdf doesn't tell you how to exploit machines as much as it tells you how to use some of the tools. This presents a big problem. You have to learn much of this yourself. Working a full time job and trying to learn how to hack machines is not easy at all. I saw all the threads with people dropping off the OSCP and people missing days and I used to think "I'd never miss a day" or "they're crazy!" but now I fully understand.

    Admins aren't always helpful and i've heard the "try harder" motto many times. Other members have suggested that this is a cop out - and it is, to some degree. Having paid hard earned cash for the course, it's often demoralizing to hear people say "try harder" without divuldging even a tiny hint as to what you're doing wrong.

    This course is for the hardcore - someone who has ALOT of time free. If you're not a pen-tester, or new to security, you'll want 90 days. I may be wrong, but I highly doubt it's possible to finish this course in 30 days. I've got 40 days left (used 50 days so far) and i've hacked 9 machines out of 54 and reached page 260 of the PDF. You might think that's not great, but I spend between 5-10 hours a day on the course when i'm not in work.

    Will update again nearer the end of the course.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #11
    Quote Originally Posted by si20 View Post

    This course is for the hardcore - someone who has ALOT of time free. If you're not a pen-tester, or new to security, you'll want 90 days. I may be wrong, but I highly doubt it's possible to finish this course in 30 days. I've got 40 days left (used 50 days so far) and i've hacked 9 machines out of 54 and reached page 260 of the PDF. You might think that's not great, but I spend between 5-10 hours a day on the course when i'm not in work.
    That's actually really good progress. And don't feel the need to apologize to anyone. People get so wrapped up with the deadline on this thing and forget to just have fun and enjoy the challenge. And I completely agree with your recommendation about lab time. I always tell people that unless they are not working...do the 90 days...and even with that, be prepared to extend.
    Reply With Quote Quote  

  13. IT Bum BGraves's Avatar
    Join Date
    Oct 2013
    Location
    ATL, GA
    Posts
    334

    Certifications
    A+, Net+, Sec+, ITILv3, CCENT, CCNA, MCSE, MCITP:EA, MCSE:Server Infrastructure, CISSP, VCA-DCV, VCP-DCV, CEHv8, CHFI,
    #12
    Sounds like you are learning a lot of neat things, I wish the same could be said about my MSISA! Maybe someday I'll look at the OSCP, seems like it provides a good challenge!

    Reply With Quote Quote  

  14. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,359

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #13
    Thanks for the update si20. And your response about not being enough of the material to actually teach you what you need, as well as the canned response of "try harder" ties into the thread I started, and really is disappointing. I do want to go for the OSCP , but I almost feel I'd rather go for eLearnSecurity's eCPPT first as you get a lot more for your money. Then I'd probably be able to just get the PWK 30 day and knock out the OSCP.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #14
    Quote Originally Posted by JoJoCal19 View Post
    I almost feel I'd rather go for eLearnSecurity's eCPPT first as you get a lot more for your money.
    I strongly disagree with you here. There is a reason that OffSec takes the teaching approach that they do. And it has nothing to do with it being inadequate. To be successful in this industry, and specifically in pentesting...you absolutely must be resourceful. You have to be able to figure things out for yourself.


    Quote Originally Posted by JoJoCal19 View Post
    Then I'd probably be able to just get the PWK 30 day and knock out the OSCP.
    Seriously doubt it...no offense. Do yourself a favor and go for 90 days (regardless of your prior training or experience). It takes 15-20 days to get through the training material.
    Reply With Quote Quote  

  16. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,359

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #15
    Quote Originally Posted by NovaHax View Post
    I strongly disagree with you here. There is a reason that OffSec takes the teaching approach that they do. And it has nothing to do with it being inadequate. To be successful in this industry, and specifically in pentesting...you absolutely must be resourceful. You have to be able to figure things out for yourself.
    When comparing what you get for the money, PTPv2 gives you a ton more, and for less money actually. I find that not only does the PTPv2 course cover everything that the PWK does, it includes a ton more. Regardless of OffSec's teaching approach, I find it a cop out. I understand being resourceful, as I am a very resourceful person, but there is a a difference in not even giving you all of the information and training to be able to minimally complete the course and minimally pop boxes, and not teaching you every which way to alter the approach or method or tool usage to be able to pop the same box in different ways. I understand maybe teaching a person what they need to know to at least get a pass, but push the person to research more to use different attack avenues, to be able to more thoroughly exploit the boxes, to achieve 100% completion. I find it insulting however where I've read on multiple occasions let's say a student is stuck, they reach out for a little hint or idea of maybe where to look next and be told "try harder". Again, I feel that's a cop out.



    Quote Originally Posted by NovaHax View Post
    Seriously doubt it...no offense. Do yourself a favor and go for 90 days (regardless of your prior training or experience). It takes 15-20 days to get through the training material.
    With everything the PTPv2 course teaches, it goes above and beyond the PWK course, and I feel confident that if I did the PTPv2 course and went straight into the PWK course, I could use the initital exam attempt right away and depending on how far I get, utilize the PWK materials to bridge the gap and complete the exam attempt.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Nov 2014
    Posts
    12

    Certifications
    CEH, CCNA, OSCP
    #16
    Quote Originally Posted by si20 View Post
    I apologise to all of those wanting to see my daily progress. I dropped off the radar because:

    I work 12 hour shifts and once I get home, I don't work on the OSCP - I only work on the OSCP on my days off. This has severely limited the time I can work on the course. The OSCP is HARD - very hard. The PDF/exercises teach you the basics of the tools. Pen-testing in the lab is tough - just like in the real world. I started off very well. I managed to pop a few machines, get 100 pages into the PDF and that's when I hit the wall.

    The OSCP pdf doesn't tell you how to exploit machines as much as it tells you how to use some of the tools. This presents a big problem. You have to learn much of this yourself. Working a full time job and trying to learn how to hack machines is not easy at all. I saw all the threads with people dropping off the OSCP and people missing days and I used to think "I'd never miss a day" or "they're crazy!" but now I fully understand.

    Admins aren't always helpful and i've heard the "try harder" motto many times. Other members have suggested that this is a cop out - and it is, to some degree. Having paid hard earned cash for the course, it's often demoralizing to hear people say "try harder" without divuldging even a tiny hint as to what you're doing wrong.

    This course is for the hardcore - someone who has ALOT of time free. If you're not a pen-tester, or new to security, you'll want 90 days. I may be wrong, but I highly doubt it's possible to finish this course in 30 days. I've got 40 days left (used 50 days so far) and i've hacked 9 machines out of 54 and reached page 260 of the PDF. You might think that's not great, but I spend between 5-10 hours a day on the course when i'm not in work.

    Will update again nearer the end of the course.

    All the best Si20.

    I have also enrolled for 90 days lab. Looking at all the reviews, it seems its going to be a hardcore ride. Will have to work hard. Waiting for FUN to begin
    Reply With Quote Quote  

  18. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #17
    I am also doing the OSCP course at the moment. I'm taking it very slow since I just acquired my CCNA and CCNA Security, but now I can put all my attention to this. Anyways, I was told to go through the material first and then start trying to pentest the lab machines. I'm about 100 pages in as well. I'll probably end up using 120-150 days to be honest.
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #18
    Quote Originally Posted by JoJoCal19 View Post
    When comparing what you get for the money, PTPv2 gives you a ton more, and for less money actually.
    I hope my words did not offend you, and once again, I meant no offense. But you are basing all of your assumptions off of reading a syllabus or off of second hand accounts from people who have taken one or the other. Although I have not taken PTPv2, I am one of the few people on here who has taken and completed courses from both OffSec and eLearnSecurity (OSCP and eWPT, respectively). And I assure you that you are comparing apples to oranges. They are both good courses, but OffSec better prepares you for doing actual PenTests and the reason is because the way that the labs are structured.

    eLearnSecurity gives you a small sandbox app with a single URL and says..."here's an SQL injection...exploit it."

    OffSec gives you a whole network environment and says..."there are some serious problems here...find them and exploit."

    The fact is...if and when you ever do a real PenTest...nobody is going to point out what you need to exploit. Nobody is going to hold your hand and show you where to look. You have to figure it out yourself. OffSec gives you all of the knowledge you need and teaches how to use the tools in Kali. And they even gives you examples where they show you step by step (for metasploit, for manual exploitation, for exploit dev, etc...) how to accomplish the tasks. But then there is the lab, where you learn by trial and error, how to actually use those skills.

    There is a reason why OSCP carries the reputation it does in this industry...and I assure you, its not because its a sub-par course.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #19
    Also, the admins on the OffSec IRC channel are helpful if you approach them the right way. They tell you "try harder" if you just complain to them that you can't pop a box. But if you tell them what you've been trying and demonstrate to them that you have put in significant effort and exhausted all of your ideas/resources, they will generally drop a hint to push you in the right direction.
    Reply With Quote Quote  

  21. Senior Member
    Join Date
    Dec 2010
    Posts
    371

    Certifications
    VCA5-DCV, CEH, ECSA, CHFI, ITILv3, CND
    #20
    Thanks NovaHax for the pointers, I shall keep them in mind for future reference when I sign up OSCP courses.

    Also, I wonder how's OP's progress so far, I hope things are going well.
    Reply With Quote Quote  

  22. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,359

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #21
    Quote Originally Posted by NovaHax View Post
    I hope my words did not offend you, and once again, I meant no offense. But you are basing all of your assumptions off of reading a syllabus or off of second hand accounts from people who have taken one or the other. Although I have not taken PTPv2, I am one of the few people on here who has taken and completed courses from both OffSec and eLearnSecurity (OSCP and eWPT, respectively). And I assure you that you are comparing apples to oranges. They are both good courses, but OffSec better prepares you for doing actual PenTests and the reason is because the way that the labs are structured.

    eLearnSecurity gives you a small sandbox app with a single URL and says..."here's an SQL injection...exploit it."

    OffSec gives you a whole network environment and says..."there are some serious problems here...find them and exploit."

    The fact is...if and when you ever do a real PenTest...nobody is going to point out what you need to exploit. Nobody is going to hold your hand and show you where to look. You have to figure it out yourself. OffSec gives you all of the knowledge you need and teaches how to use the tools in Kali. And they even gives you examples where they show you step by step (for metasploit, for manual exploitation, for exploit dev, etc...) how to accomplish the tasks. But then there is the lab, where you learn by trial and error, how to actually use those skills.

    There is a reason why OSCP carries the reputation it does in this industry...and I assure you, its not because its a sub-par course.
    No offense taken, I hold your input on all things security in high regard. You're right in that I only have my own research based on syllabus, website descriptions and user reviews on the PWK and PTP courses, so it does seem that the PTP course offers more. But I do agree from what I've read and the lab setup that the OffSec lab is true to life and would replicate an actual PT scenario more realistically.

    Quote Originally Posted by NovaHax View Post
    Also, the admins on the OffSec IRC channel are helpful if you approach them the right way. They tell you "try harder" if you just complain to them that you can't pop a box. But if you tell them what you've been trying and demonstrate to them that you have put in significant effort and exhausted all of your ideas/resources, they will generally drop a hint to push you in the right direction.
    That makes sense and I myself wouldn't reach out for help without being able to list all of the things that I've tried, and the resources I've used for ideas. I can totally see them giving that response if I just stated that I was stuck and seemed like I was looking for an easy way out.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  23. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    427

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #22
    Update:

    I'm on my second shift at work tonight (7pm until 7am). I'm not going to be able to work on the OSCP until Monday afternoon at the very earliest. Which basically means one thing. I'm going to HAVE to extend. I really, really didn't want to get into the whole extension thing for various reasons but at this point, i've put in so many hours you wouldn't believe and it seems like a complete waste for me not to extend.

    Each machine in the lab is rated in terms of difficulty and i've managed to pop some of the notoriously difficult ones e.g Bob, sean and pedro, so I think if I can get an extension, I should be able to bash out the rest of the machines.

    Now my next concern is: Do I get a 60 day or 90 day extension? I cannot afford to re-extend after this. This HAS to be it. I'm thinking 60 days might be possible, but i'll have to go flat-out. 90 days would be a bit more relaxed but i'm obviously paying more for the privilege.

    If anyone has done this cert and can advise on extensions, let me know, or if you haven't taken this course but want to give me your 2 cents, then feel free.
    Reply With Quote Quote  

  24. Senior Member
    Join Date
    Dec 2010
    Posts
    371

    Certifications
    VCA5-DCV, CEH, ECSA, CHFI, ITILv3, CND
    #23
    Quote Originally Posted by si20 View Post
    Update:

    I'm on my second shift at work tonight (7pm until 7am). I'm not going to be able to work on the OSCP until Monday afternoon at the very earliest. Which basically means one thing. I'm going to HAVE to extend. I really, really didn't want to get into the whole extension thing for various reasons but at this point, i've put in so many hours you wouldn't believe and it seems like a complete waste for me not to extend.

    Each machine in the lab is rated in terms of difficulty and i've managed to pop some of the notoriously difficult ones e.g Bob, sean and pedro, so I think if I can get an extension, I should be able to bash out the rest of the machines.

    Now my next concern is: Do I get a 60 day or 90 day extension? I cannot afford to re-extend after this. This HAS to be it. I'm thinking 60 days might be possible, but i'll have to go flat-out. 90 days would be a bit more relaxed but i'm obviously paying more for the privilege.

    If anyone has done this cert and can advise on extensions, let me know, or if you haven't taken this course but want to give me your 2 cents, then feel free.
    Did it cross your mind to take some vacation leave for study?
    Reply With Quote Quote  

  25. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    427

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #24
    Quote Originally Posted by chopsticks View Post
    Did it cross your mind to take some vacation leave for study?
    I'm not 100% sure how it'd work. Say for example my 90 days is up and I take the exam and fail it (which I expect to at this stage). Would I be able to study for a few weeks, then buy a 30 day extension (which includes an exam)?

    I'm not sure how OffSec deal with letting you study and letting you buy extensions. I'd seriously consider it if I knew how it all worked.
    Reply With Quote Quote  

  26. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    1,211

    Certifications
    CISSP, CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #25
    I think that the extension is only the lab, the exam is a different price.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks