+ Reply to Thread
Page 1 of 7 1 2345 ... Last
Results 1 to 25 of 170
  1. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #1

    Default OSCP (starting 13/12/2015)

    I guess I'll start my own thread on the OSCP, because there's not much information about what you're really getting into with the OSCP on their website, YouTube, Google, etc. There's written reviews, but even then it's in vague terms. I think it's useful to know what you actually do in the course and what sort of experience different people have.

    My background:
    • 5 years as a Security Analyst (policy, compliance)
    • <6 months as a Vulnerability Analyst
    • SSCP, CISSP
    Coming into the course my TCP/IP and networking knowledge is good but non-technical, or hands on. Linux command skills are minimal. Bash scripting, Perl, Python, C, etc. is almost zero.


    I'm honestly in over my head and one week in already disappointed with the lack of actual education in the videos and manual. The majority of the exercises for the first half of the book are effectively repeating the example they just demonstrated, i.e. "if we do ABC we'll get XYZ - now you try ABC and see if you get XYZ", so you're on your own educating yourself further about most topics. I'm very lucky I have a friend and colleague who've both passed the OSCP, and a penetration tester as my manager.

    I'm very interested in getting involved in a study group with anyone doing the OSCP starting now for the next 3 months, an IRC channel, Skype, whatever, the knowledge acquisition would be exponential with a team based approach to this material.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #2
    I've spent about 10-12 hours on a simple buffer overflow exercise in the manual and it's completely defeated me. I have absolutely no idea what I'm doing. I've read the section of the book and watched the videos half a dozen times. I've read every single thread about the exercise in the forums. I've spoken to the admins who are deliberately obtuse and told me I "lack a fair amount of background", though none of what I'm lacking is mentioned anywhere as a requirement for the course. I'm not even two weeks in and can't see a way forward.
    Reply With Quote Quote  

  4. Senior Member coty24's Avatar
    Join Date
    May 2010
    Location
    GA
    Posts
    257

    Certifications
    CHFI v8, C|EH v7,MCITP:SA, MCTS 70-680, Security+, Network+,A+, Project+,CIW WFAv5, CIW Javascript Specialist, VCA-DCV
    #3
    Hey man, I hope it gets better for you; I do a lot of lurking in OSCP posts and i'm going to do the course when funds materialize.

    Have you tried grey hat hacking 3rd or 4th edition? -- They have good primers on C, x86 Assembly, Python and bash.

    If that is not in depth enough try the art of exploitation. I thumbed through it and it seems like a good read.

    Resources list:

    http://www.amazon.com/Hacking-Ethica...ey+hat+hacking

    https://www.amazon.com/Hacking-Art-E...f+exploitation

    http://www.amazon.com/Shellcoders-Ha...f+exploitation

    I don't know when I will start but if you need to bounce some ideas around in PM or IRC let me know.
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Mar 2015
    Location
    North VA, USA
    Posts
    17

    Certifications
    CEH, MCDBA, OCP 10g, 11g
    #4

    Default stay positive

    Sheiko37
    There are 100s of things you will learn during the OSCP course. If you are stuck on something, just move on to something else. I find the videos and pdf boring, but the Lab is a lot of fun. If I were you, I would jump into the lab and learn everything you can about all of the servers. start with nmap -p- -sV -A 192.168.x.201-254. Stay positive. Constantly being frustrated will ensure you fail.
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Jun 2012
    Posts
    27

    Certifications
    CISSP, CEH, CCNA Security, CCNA R&S, A+, Network+, Security+, B.S., M.S.
    #5
    I'm doing OSCP for 2 month now and find it to be very hard. Things moving but veeery slow. A lot of research and a lot of times I get stuck without any idea what to do next. Trying not to give up, but at times feel like give up on the whole thing. So far the hardest cert for me.
    I hope it will get better...
    Reply With Quote Quote  

  7. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #6
    Succeed or quit. Those are the only two options.

    Navy Seals are given basics requirements that are almost a joke once they start BUD/s. Eventually, it all comes down to will power for them. Same thing for you. Some people have the heart to do what it takes, no matter what, and some people look for excuses. Which end of the bell curve are you on?

    Guess you'll find out, won't you?

    Kinda awesome if you think about it. You actually get the chance to look into your very being and see what you are made of. Hopefully you don't fail, hopefully you can be proud of who you truly are.

    Try Harder.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #7
    My issue with that attitude and the "try harder" mantra is that it entirely exempts the certification from any sort of criticism. If there's any real shortcoming of the course it's immediately denied and the criticism shifted to the effort of the student.

    It's a balance between a challenge and an education. The OSCP is comparatively light on education and more of a challenge, which is fine, it's just important to be aware of that when considering the certification.

    In terms of my progress, I've skipped the buffer overflow exercise that I was stuck on, after spending nearly a week on it. I managed to work with an admin and another student for a while on it, but ultimately their suggestions were things I'd already tried dozens of times. I did learn a few things, but can't justify the time I'm spending on it so I'm moving on.
    Reply With Quote Quote  

  9. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #8
    Everything I posted before is still quite relevant.

    Either you'll overcome or you'll quit. Pick one.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #9
    Well everything I posted about that binary attitude is still quite relevant.
    Last edited by Sheiko37; 12-29-2015 at 03:55 AM.
    Reply With Quote Quote  

  11. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #10
    Okay, explain a third option.

    You are complaining because a hard course is actually hard.

    People like you are why older generations call younger generations pussies. You thought you could just pay the money and the skills would be handed to you on a silver platter. You aren't willing to work for it. You aren't willing to lose sleep or sacrifice things you enjoy.

    You've made it clear what kind of person you are, just quit now. You can blame it on the program all you want, that's what people do when they can't make it in show business, sports, or the military. On the bright side, you'll have more time for your vidya games and Mr. Robot reruns.

    I won't waste my time reading whatever BS reply you make, because I know it'll just be some stupid justification for your lazy attitude. If you truly wanted you prove me wrong, you'd stop complaining and earn the OSCP like a champ.
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #11
    Quote Originally Posted by adrenaline19 View Post
    You are complaining because a hard course is actually hard.
    That's what you probably wanted to hear, but not what I said at all.

    The rest of your post is really presumptive and not in line with anything I've said or what I've done with the course so far. I've spent 4-6 hours a day for the past week on just one chapter of the material. You're "lazy" and "pussy" comments are childish and uncalled for. If you look to the left you'll see I already have two certifications which I think is a good start for someone with no formal InfoSec education.

    I haven't blamed the course for anything. The purpose of the thread is for anyone considering the OSCP to see a log of another experience with the course, what it covers, what you learn, what you need to know, and what the course material is like. If my experience is finding the course material thin, I consider that useful information for a potential student.
    Reply With Quote Quote  

  13. sporadic member shednik's Avatar
    Join Date
    Feb 2007
    Location
    Pittsburgh, PA
    Posts
    2,005

    Certifications
    CCNP, JNCIP-ENT, JNCIS-SP, JNCIA, JNCDA, CCNA, CCNA:Security, MCP, A+, N+, L+, MST:InfoSec, CNSS 4011-4015
    #12
    adrenaline I think you're overreacting just a tad here people are allowed to ask for clarification and vent about their struggles/frustrations while working towards a goal. I think you have joined the wrong community if you are going to carry that elitist attitude because while I understand the point you are trying to make your delivery of said point is awful at best. Just because you have dealt with some younger people who are like you describe doesn't mean everyone is like that, I don't know how old you are but it's not a good attitude to have.

    Don't you think it'd be more beneficial to give someone a small nudge in the right direction and allow them to find the answer on their own would be a better way to go about it?

    Sheiko I myself haven't taken the course or exam but I know a number of people who have one of them being sexion8 who used to frequent this forum. His post below is focused around the CEH but is completely relevant to the base knowledge of the OSCP and would be a great starting point for you. I also provided some links to the ethical hacker forum as well, this forum is a goldmine for some technical discussions but is unfortunately no where near as active as it was a few years ago. Sexion also has a number of good posts over there as well, but I can't seem to find them since he used a different name over there.

    So you want to take the CEH ... (read on)

    https://www.ethicalhacker.net/forums/viewforum.php?f=58
    https://www.ethicalhacker.net/forums/viewtopic.php?f=58&t=9115
    Last edited by shednik; 12-29-2015 at 02:29 PM.
    Reply With Quote Quote  

  14. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #13
    Sheiko, one thing I have to ask, are you using the official Offensive Security Kali vm that comes with the course? Reason I ask is because apparently the buffer overflow stuff does not work with the 64-bit Kali images, and that's why the OffSec image that comes with the course is 32-bit.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  15. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #14
    Just to add about the 32bit VM. If you're using the 64bit VM, you'll find yourself running into issues when you go to compile exploits to be used on the targets. I would highly recommend the 32bit VM as well.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  16. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #15
    Mabra got a chuckle when I saw you post, I reconized your name from a User created on Brett I found yesterday or so.Were in the same lab space. I'm not too consistent at creating a dedicated account, but I use Joe alot.
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Jun 2012
    Posts
    27

    Certifications
    CISSP, CEH, CCNA Security, CCNA R&S, A+, Network+, Security+, B.S., M.S.
    #16
    adrenaline, you didn't even start yours at all but you sound like your are THE expert on OSCP. Why don't you give your opinion on "pussy" and "lazy" after you "earn the OSCP like a champ"?
    We all have jobs and families and sometimes spending days and days on a something that could've been resolved within a few minutes with a little hint from admins makes people a bit upset.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #17
    Quote Originally Posted by JoJoCal19 View Post
    Sheiko, one thing I have to ask, are you using the official Offensive Security Kali vm that comes with the course? Reason I ask is because apparently the buffer overflow stuff does not work with the 64-bit Kali images, and that's why the OffSec image that comes with the course is 32-bit.



    I checked with uname -a and figured i686 is 32-bit, however it looks like I've chosen Debian 64-bit when manually setting up the VM. I've used a VMware program not listed in their welcome manual too, so now I have to copy everything from one image to the new one, what a mess, my fault though.


    To anyone starting the course who's new to virtual machines, don't use VirtualBox.
    Reply With Quote Quote  

  19. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #18
    Mistakes happen to everyone. Always good to do a double (an maybe triple) check just to be sure. Let us know if switching images fixes the issues you've been having with the buffer overflow stuff.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #19
    I've moved on from the buffer overflow, I was just spending too much time on it. I got two of the three buffer overflow scripts working so that's enough for several days on one chapter.

    ...now to be negative again. There's an exercise where they give you the code for a medium sized script, the problem is that whatever font or text they have in the manual has a different character set that breaks the exploit, what should be a "-" is actually a "–" (notice how they're slightly different). There's a thread on the official forum where people have spent days trying to get it working only to be finally told it's this one unrecognised character...

    I get when they have you re-write scripts or alter exploits, there's an educational component to that, but this feels like it's just there to **** with you and waste lab time. They give you a special Kali Linux image specific to the course, why aren't the larger scripts included in the image?
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Jul 2015
    Posts
    9

    Certifications
    CCNA R&S, CCNA Security, SEC+
    #20
    I setup the image that came with the course on VMware Fusion and it installed as what I believe is the 64 bit version (i686). I didn't manually setup the image, I just opened the "executable" and it set itself up. How would I switch to the 32 bit version if I'm using the one that came with the course?
    Reply With Quote Quote  

  22. Junior Member
    Join Date
    Jul 2015
    Posts
    9

    Certifications
    CCNA R&S, CCNA Security, SEC+
    #21
    Quote Originally Posted by JoJoCal19 View Post
    Sheiko, one thing I have to ask, are you using the official Offensive Security Kali vm that comes with the course? Reason I ask is because apparently the buffer overflow stuff does not work with the 64-bit Kali images, and that's why the OffSec image that comes with the course is 32-bit.
    I setup the image that came with the course on VMware Fusion and it installed as what I believe is the 64 bit version (i686). I didn't manually setup the image, I just opened the "executable" and it set itself up. How would I switch to the 32 bit version if I'm using the one that came with the course?
    Reply With Quote Quote  

  23. Member
    Join Date
    Sep 2015
    Posts
    83

    Certifications
    Old School MCSE, NET+, CEH, CISSP, GICSP, OSCP and SCADA Specific goodness
    #22
    You should be able to download the presetup Vmware image from your class info

    http://downloads.kali.org/kali-486-vm.rar

    Thats the cleaned up url from mine emails. or go direct and pick the last one https://www.offensive-security.com/k...mage-download/
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Jul 2015
    Posts
    9

    Certifications
    CCNA R&S, CCNA Security, SEC+
    #23
    Quote Originally Posted by Jebjeb View Post
    You should be able to download the presetup Vmware image from your class info

    http://downloads.kali.org/kali-486-vm.rar

    Thats the cleaned up url from mine emails. or go direct and pick the last one https://www.offensive-security.com/k...mage-download/
    The class image version installs as 64 bit, so I'm confused.
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #24
    I'll put it out there again, if anyone wants to start a study group on IRC let me know.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Oct 2014
    Location
    Australia
    Posts
    177

    Certifications
    SSCP, CISSP, OSCP
    #25
    Day 23 and finally something positive to report. I had three chapters of the manual and videos to complete so I decided to go back and try some enumeration on the lab devices and ended up floundering hopelessly, a lot of ports and services I'd never even heard of, searching for vulnerabilities yielded either zero results or gigantic lists of which most was probably not relevant.

    I went to a friend who's already completed the OSCP years ago and he stepped me through a simple exploit and it was immensely helpful. I'll likely be using him as a mentor for the next two months, I doubt I can do this on my own. In the "pwned" machine though I managed to copy across fgdump (after about two hours of troubleshooting FTP, not considering interactive commands and the binary option), and then managed to enumerate some password hashes, and from that successfully use John the Ripper, and given the account names I suspect they'll be of use on other machines. The first instance of momentum since starting the course.

    It's disheartening when I read people getting root access on multiple machines within the first week of the course, where I have just one (with help) nearly a month in, and I've not been light on study either, hours every night. I guess the certification attracts the kind of student who already has knowledge in this domain. I'm either well behind the average student, or maybe the certification has a very high failure rate.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 7 1 2345 ... Last

Social Networking & Bookmarks