+ Reply to Thread
Results 1 to 23 of 23
  1. Junior Member
    Join Date
    Mar 2016
    Posts
    20

    Certifications
    GCIA, eJPT, eMAPT, ePWD Degrees: B.S. Computer Engineering UCSD
    #1

    Default OSCP Journal - Monkykap

    All,

    Signed up for my OSCP journey which will begin start of October 2016. Figured I would start a journal here to track my preparation and progress. I also think this record-keeping will give me some additional motivation and inspiration. Signed up for 30 days to start with so I make use of each day. Plan on taking two-three weeks afterwards to work on privilege escalation as advised by previous posters; then sign up for 15-30 more days to complete as much of lab as I can and complete the exam.

    Quick Background:
    -1 1/2 years IT/Info-Sec Experience -mostly surface level due to nature of job, but good enough for newbie

    Current Certs:
    -eJPT
    -GCIA

    Prior Projects/Knowledge:
    Sampling of projects topics i already know at least at a base level prior to prep/course:
    XSS (medium-profileworm..etc.), CSRF, SQLI (very basic or using automated tools sqlmap/ninja etc.), open-redirection, clickjacking (very basic), buffer-overflow (basic-single byte, format strings), heap-spray (basic) burp proxy, wireshark, tcpdump, http protocol, tcp/ip stack


    Preparation Checklist+Progress:
    1. Web Pen Testing (Pen Tester Academy)-[90%]
    2. KeepNote (Using it document important commands/tools/information)-[Consciously doing]
    3. Bash Scripting Basics (Lynda)-[Complete]
    4. AWK (Lynda)-[Half]
    5. Regular Expressions (Lynda)-[Not Started]
    6. Python Basics (Lynda)-[Not Started]
    7. Python Data Analysis (Lynda)-[Not Started]
    8. Python for Pen Testers (Pen Tester Academy)-[50%]
    9. Windows Command Line Kung Fu (blog)-[Not Started]
    10. Powershell for Pentesters {optional} (Pen Tester Academy)-[Started]
    11. X86 Assembly and Shellcode (Pen Tester Academy)-[Partial]
    12. Metasploit Framework (Pen Tester Academy and/or Metasploit Unleashed) [Partial]
    13. Log File Analysis {optional} (Pen Tester Academy) [70%]
    14. Privilege Escalation (Elearn Security PTPv4 free module) [Not Started]
    15. Real World Pentesting {optional} (Pen Test Academy) [Not Started]
    Goal is to finish most of above (80%) before start date
    .
    Reply With Quote Quote  

  2. SS -->
  3. Junior Member
    Join Date
    Sep 2016
    Location
    South Africa
    Posts
    10

    Certifications
    A+ N+ .XRY .XACT
    #2
    Good luck dude,

    I was planning on OSCP but am not that confident. I like your checklist, should get you good and ready by Oct.

    All the best!
    Reply With Quote Quote  

  4. Junior Member DataFox's Avatar
    Join Date
    Mar 2016
    Location
    Ireland
    Posts
    10

    Certifications
    CISSP, MCP, MCT, MCSA, MCSE, CCNA (R|S), VCP 5.5 DCV, 6.0 DCV, C|EH
    #3
    Good luck,
    Focusing on CISSP at the moe, and then i'm moving to OSCP. I'll be sure to check in and see your progress.
    Reply With Quote Quote  

  5. Junior Member
    Join Date
    Mar 2016
    Posts
    20

    Certifications
    GCIA, eJPT, eMAPT, ePWD Degrees: B.S. Computer Engineering UCSD
    #4

    Default Update1

    Update:

    Preparation Checklist+Progress:
    1. Web Pen Testing (Pen Tester Academy)-[Complete]
    2. KeepNote (Using it document important commands/tools/information)-[Documenting most everything]
    3. Bash Scripting Basics (Lynda)-[Complete]
    4. AWK (Lynda)-[50%]
    5. Regular Expressions (Lynda)-[60%]
    6. Python Basics (Lynda)-[Removed]
    7. Python Data Analysis (Lynda)-[Removed]
    8. Python for Pen Testers (Pen Tester Academy)-[75%]
    9. Windows Command Line Kung Fu (blog)-[50%]
    10. Powershell for Pentesters {optional} (Pen Tester Academy)-[Started]
    11. X86 Assembly and Shellcode (Pen Tester Academy)-[35%]
    12. Metasploit Framework (Pen Tester Academy and/or Metasploit Unleashed) [Partial]
    13. Log File Analysis {optional} (Pen Tester Academy) [80%]
    14. Privilege Escalation (Elearn Security PTPv4 free module) [Complete]
    15. Real World Pentesting {optional} (Pen Test Academy) [50%]
    16. Javascript for Pentesters (Pen Tester Academy) [added-Complete]
    17. Simple Buffer Overflow (Pen Tester Academy) [added-Not Started]
    Goal is to finish most of above (80%) before start date . Although anything i don't finish can always be completed in conjunction with the course exercises. Just 1 week until course start date!
    Reply With Quote Quote  

  6. Member
    Join Date
    Jul 2016
    Posts
    31

    Certifications
    A+, Net+, Sec+, Linux+, CCNA, CSA+, CEH, OSCP
    #5
    How are you liking Pentester Academy?
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Sep 2015
    Posts
    14
    #6
    This is a good list. Following now.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Mar 2016
    Posts
    20

    Certifications
    GCIA, eJPT, eMAPT, ePWD Degrees: B.S. Computer Engineering UCSD
    #7

    Default RE:Pentester Academy

    Quote Originally Posted by rex0r View Post
    How are you liking Pentester Academy?

    The Short
    PenTester Academy is great; honestly the best value in InfoSec. Vivek is a great instructor. If you look for their specials you can enroll at low monthly cost (the one i used was a year old and still worked). If you're just interested in some prep courses for OSCP the megaprimers and other videos (all free) on securitytube should be sufficient. However i think PenTester Academy has a lot of really useful material such as WebPentesting, Forensics, Python/Javascript, Mobile PenTesting, and Wifi+Network Pen Testing and is definitely worth the ask (keep you busy for long time). You can become proficient in may different technical areas of security very quickly and courses are very cost effective compared to other courses.


    The Long
    Pros:
    -All videos, no long slide decks, demo driven
    -Great Instructors who are engaging (not quite as good as SANS but this is different type of course that is more hands on and less anecdotal; but also very different from elearn which is bland[slides + recorded voice overs])
    -Very hands on and engaging, you can follow along every exercise on your own during the course as all the code/steps/setup is provided or shown usually step by step (kind of like Lynda/Plural Sight)
    -Very efficient in terms of your time, has the right balance of ease of setup vs it not being done completely for you (you will increase your skills setting up your environment but you won't have to spend that much time on it like setting up a lab from open source projects)
    -Has moderately challenging exercises/assignments to encourage building on base knowledge of the course
    -Pace is good; while you can take the course as beginner it does assume you have prior basic security, programming, network, os knowledge to keep up with the instructor (pacing is set correctly for the average student but allows for some flexibility for non-average students)
    -Value is tremendous compared to rest of industry

    Cons:
    -Certificate options do not have industry value
    -Difficulty is probably medium, close to elearn but easier than a college course. It's a little bit like elearn where everything is shown to you, but unlike elearn there are places to add challenge and there will be some smaller hurdles.
    -Depth of material is probably about medium, takes you from beginner to proficient but not to medium-expert level. For example for web pen testing it probably covers about 60-70% of the material in WAPT and GWAPT (i haven't taken either course but from previews and syllabus and learning materials i've glossed over from colleagues i have good idea what is covered). However, you will get more hands on practice in the 60% it covers (keep in mind this particular course on PTA is not complete and topics will be added to close the gap).



    Qualifier:
    Keep in mind pretty much no course is designed for you to become an expert; that's something you can only do with time and experience. Also my comments are from a greedy consumer perspective (I'm right now like a greedy regular expression trying to consume as much security knowledge as possible!). I do really appreciate the time and effort instructors put into their projects and they are worth the ask. But i have to be critical and hold them to consumer standards such as any other product or service. Unfortunately, the elearning market has lots of great content at little or no charge. That being said, I can confidently recommend Pentester Academy; you won't be disappointed.


    Side note:
    I've been on the fence about signing up for MASPTv2 after the recent launch. I wasn't impressed with the eJPT course i took or the previews of other courses I've taken from elearn security (instruction is just slide decks with some demos sprinkled in/ but they setup lab environments for practice with is good). But, because Mobile Testing is a huge part of Pen Testing engagements and application security assessments these days I think it's worth it for me. There isn't as much material available on Mobile as there is for web application testing. I think it's worth the $500 in this particular instance for the convenience (maximize my time, everything will work and will have 18+ labs/apps to practice on). You can spend a lot of time setting up mobile environment(s) from my previous experience programming in android with all the different versions (sdk, os, tools), devices, etc. Also you get a beta ticket for their new unlocked project whatever it is: probably some labs or subscription service or learning platform. Pentester Academy has some material in mobile testing space, but MASPTv2 covers serveral more topics on both IOS and android and the extra practice in the labs and cert exam should be beneficial.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Nov 2014
    Location
    Virtual Reality
    Posts
    162
    #8
    I was on the fence about Pentester Academy, but you've convinced me to try it out. Also, just found out via Twitter that they are doing an anniversary promotion where you don't have to pay the initial $99 to join. Thanks for the detailed review and good luck with your studies.
    Reply With Quote Quote  

  10. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,615
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #9
    It looks like their premium access is normally $99 for the first month and $39/mo thereafter, but is reduced to $39 for the first month for the special. It also looks like if you were to stop your subscription you would pay the full $99 (for the first month) to restart it and $39/mo thereafter.

    Pentester Academy - Third Anniversary Discount!
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Mar 2016
    Posts
    20

    Certifications
    GCIA, eJPT, eMAPT, ePWD Degrees: B.S. Computer Engineering UCSD
    #10
    Quote Originally Posted by CertifiedMonkey View Post
    I was on the fence about Pentester Academy, but you've convinced me to try it out. Also, just found out via Twitter that they are doing an anniversary promotion where you don't have to pay the initial $99 to join. Thanks for the detailed review and good luck with your studies.
    I think you will certainly enjoy it. One tip is to search securitytube as some of the videos were used in securitytube(before pentester academy was created) and are free, but as a member it will use up one of your monthly 100 views. For example the Metasploit course and gdb course can be found on securitytube/youtube (as megaprimers) since they are free to the public. Also the javascript challenge and other challenge type videos are available for free (solution videos are not public, only for members). In addition, other courses have some preview videos sprinkled in that can be viewed for free using a pen-tester academy trial[free] account, but this probably adds up in total to maybe 20-25 over the lifetime of your subscription so it's not as big of a deal).
    Reply With Quote Quote  

  12. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,351

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #11
    I just signed up for the Pentester Academy using the anniversary deal.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  13. Member
    Join Date
    Apr 2016
    Location
    USA
    Posts
    63

    Certifications
    A+, Network+, Security+
    #12
    I signed up using the Pen tester Academy Anniversary deal as well. Immediately used my 100 downloads on the Assembly and Python course for offline access.

    I am also now signed up the eJPT!

    Exciting times.
    Reply With Quote Quote  

  14. Junior Member Registered Member
    Join Date
    Oct 2016
    Posts
    1
    #13
    I just started OSCP with 90 days of lab time. If anyone else is taking the course and want to team up, I'm sure it makes working some of these problems a whole lot easier.
    Reply With Quote Quote  

  15. Junior Member
    Join Date
    Dec 2014
    Posts
    11

    Certifications
    CEH, OSCP
    #14
    I am starting from next week!
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Oct 2016
    Location
    North Carolina
    Posts
    17

    Certifications
    CISSP, GPEN, CEHv7, Sec+, ITILv3
    #15
    Quote Originally Posted by monkykap View Post
    I think you will certainly enjoy it. One tip is to search securitytube as some of the videos were used in securitytube(before pentester academy was created) and are free, but as a member it will use up one of your monthly 100 views. For example the Metasploit course and gdb course can be found on securitytube/youtube (as megaprimers) since they are free to the public. Also the javascript challenge and other challenge type videos are available for free (solution videos are not public, only for members). In addition, other courses have some preview videos sprinkled in that can be viewed for free using a pen-tester academy trial[free] account, but this probably adds up in total to maybe 20-25 over the lifetime of your subscription so it's not as big of a deal).
    Great Post monkykap, I'm signing up for PTA right now! Quick question: what courseware did you use to learn xss/csrf/buffer overflow & burp suite training? Was it with eJPT or PTA? Could you recommend someone just using the free download materials of the PTSv3 for these technologies without lab time in addition to PTA, or just go straight for PTA if you're looking to go after the OSCP? Thanks
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Mar 2016
    Posts
    20

    Certifications
    GCIA, eJPT, eMAPT, ePWD Degrees: B.S. Computer Engineering UCSD
    #16
    Quote Originally Posted by jjones2016 View Post
    Great Post monkykap, I'm signing up for PTA right now! Quick question: what courseware did you use to learn xss/csrf/buffer overflow & burp suite training? Was it with eJPT or PTA? Could you recommend someone just using the free download materials of the PTSv3 for these technologies without lab time in addition to PTA, or just go straight for PTA if you're looking to go after the OSCP? Thanks
    I had prior experience with those topics from a college course i took. However, PTA is great source for all of of those materials. PTSv3 will give base level intro on these topics as well (define tools, and common web vulnerabilities) but after that you would have to look at each one on your own using various sources such as webgoat and such to get some practice. I think you could get away with free materials of PTSv3 and Security tube free offerings in preparation for OSCP. If you have the budget i would recommend PTA ($120-$200) which should be enough to cover and make you proficient in the relevant topics for OSCP.

    The real magic behind OSCP is the lab environment and the challenge it presents (the exercises are a good way to make sure you are equipped and have the right methodology). If you do PTA you will know all the material that's covered in the exercises. It really depends on your learning preferences, PTA makes it very efficient and is also the most hands on with the least time invested setting up environment. But there definitely is so much material out there to easily piece together the same topics:

    -Python courses (tons of them), then look at sample scripts for automation and black/grayhat stuff
    -Do all the megaprimers on securitytube (buffer overflow, assembly etc.)
    -Coursera has some security courses
    -Webgoat (many many vulnerable web app out to try)
    -Learn some basic metasploit stuff (plenty of courses on that)
    -Take a half day bash scripting course
    -Learn wireshark tcpdump
    -tons of blogs for web vulnerabilities and such
    -Lynda/Pluralsight if you have access
    -Cybrary It has bunch of free content
    -I would probably look into windows privilege/permission models
    -Vulnhub

    You can look at OSCP syllabus for reference. You can also sign up for 30 days of OSCP, and learn the material as you go and start the labs. Fill any gaps and then extend when you're ready as some people have done. It all kind of depends on your current experience and your learning style.

    Reply With Quote Quote  

  18. Member
    Join Date
    Jul 2016
    Posts
    43
    #17
    Hi Monkykap,

    if you subscribe to Pentester Academy, do you also have access to the training courses in securitytube-training.com?

    I am a bit confused as the courses in securitytube-training.com (Online Courses « SecurityTube Training) seems to be almost the same as the ones in Pentester Academy, the trainer is (mostly) still Vivek, the subscription costs are the same, the training costs are the same ...

    Thanks in advance!
    Cheers,
    Reply With Quote Quote  

  19. Junior Member
    Join Date
    Mar 2016
    Posts
    20

    Certifications
    GCIA, eJPT, eMAPT, ePWD Degrees: B.S. Computer Engineering UCSD
    #18
    Yes and no. Same courses but the subscription model is only through PTA. It might link from ST. They are both Vivek initiatives. The PTA subscription differs from the course in that there is no certification attempt or same level of course support, it has all the course content video slides solution videos for exercises and exercise files. I highly recommend the subscription model; it is much better value.
    Reply With Quote Quote  

  20. Member
    Join Date
    Jul 2016
    Posts
    43
    #19
    thank you for the clarification! I will subscribe to PTA then!
    Reply With Quote Quote  

  21. Junior Member Registered Member
    Join Date
    Aug 2015
    Posts
    1
    #20
    Perfect timing to start this thread. I'm am about to start working on OSCP too. Will follow along and pass along any relevant info.
    Reply With Quote Quote  

  22. Member
    Join Date
    Oct 2016
    Posts
    42
    #21
    I have about 30 days of lab access left on the OSCP. There has been useful hints and tips on this form so far, and on the OSCP forums themselves
    Reply With Quote Quote  

  23. R's child has far to go thatguy67's Avatar
    Join Date
    Jan 2014
    Location
    Ann Arbor, MI
    Posts
    332

    Certifications
    CCNA:R&S, Linux+/LPIC-1/CLA, MCSA:Server 2012, SCS:DLP 12, Security+, VCP5-DCV
    #22
    Any update?
    2017 Goals: []PCNSE7 []CCNP:Security []CCNP:R&S []LCDE []WCNA
    Reply With Quote Quote  

  24. Junior Member
    Join Date
    Sep 2017
    Location
    Toronto, ON
    Posts
    18
    #23
    Keeping this one bookmarked, thanks for listing all those resources.

    Good luck.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks