+ Reply to Thread
Results 1 to 6 of 6
  1. Junior Member Registered Member
    Join Date
    Jan 2017
    Posts
    2
    #1

    Default My OSCP long journey

    Hi folks,

    I have just read the excellent post of JollyFrogs about OSCP, and it was an excellent source to get usefull links and ideas to establish my learning path.

    I decided to share my preparation as it could be of benefits for some of you.

    My background is mostly on the application security side, I have been doing some Linux and network stuff couple of years ago but hadn't touch it since.

    I'm quite a busy guy, between work, sport, social life and girlfriend I don't have that much time, so I choose to sacrifice a bit of social life for the OSCP. My goal is to do at least 2h per day and more than 8 hours on the weekends. And because the time is counted, I want to come on the labs being fully prepared for it and to have a minimum of things to learn.

    So the plan I established is the following:

    - Read couple of reviews online : done.
    - Read Black Hat Python and do every script: ongoing
    [OPTIONAL] If I don't feel very confortable in Python, I may go through Grey Hat Python or the course Learning Python The Hard Way (I feel Python is a key to success the OSCP, otherwise you will spend too much time on repetitive tasks during the labs and the exam. And scripting is one of the lacking skills on my side so working on improving it...)
    - Follow tutorials on Widnows and Linux exploitations and privilege escalations
    - Get virtual machines available at www.vulnhub.com and train on it
    - Check what scripts (enumeration phase once you're inside the machine but not yet root) people have done and see if I can re-use update them to fit my needs (I found already a bunch of them available)

    I don't have any target such as reaching 100%, but I hope to own a maximum of machines to be at ease during the exam.


    Black Hat Python
    I have reach almost half of the book, and what I can say is this book is a must, specially before OSCP. You'll learn how to script your own nc, tcp/udp client, an arp cache poisoning script, etc. Plus the writter replies back very quickly: I spot a bug on the ARP Cache poisoning script detailed in the book, and we are debugging it together. So tons of things learned already for me. The only downside is that the IDE he recommends is not really helping me in showing proper doc, so I may switch from Wing IDE (recommended by authoer) to Visual Studio Code after seeing couple of reviews of differences between Sublime, VSC and Atom (yeah I know about vi/vim/emacs already but I'm not yet ready for that : )

    I have no deadline to register, so I will only register once I feel ready.

    Feel free to suggest things I have missed if you have found it usefull during your study to the OSCP

    More to come shortly.
    Reply With Quote Quote  

  2. SS -->
  3. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #2
    Good luck in your pursuit!
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  4. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #3
    I am currently enrolled in the PWK course and it has been amazing so far to say the least. There are several resources that I used to prep for the course that have helped me a ton, I will list some of them below.

    Cybray.it courses
    Advanced Penetration Testing

    Udemy.com courses - both of these courses are from the same instructor Zaid Sabih. I got them on sale for $10 each.
    Learn ethical hacking from scratch
    Learn web site hacking/penetration testing from scratch

    As far as being fully prepared I regret to inform you that no amount of prep work will fully prepare you for this course. Offsec puts their own special twist on many situations, which forces you to "try harder" (yes I really did just plug their slogan here). Anyways I hope this info helps you, good luck!
    Reply With Quote Quote  

  5. Junior Member Registered Member
    Join Date
    Jan 2017
    Posts
    2
    #4
    Quote Originally Posted by JoJoCal19 View Post
    Good luck in your pursuit!
    Thanks!

    Quote Originally Posted by McxRisley View Post
    I am currently enrolled in the PWK course and it has been amazing so far to say the least. There are several resources that I used to prep for the course that have helped me a ton, I will list some of them below.
    Cybray.it courses
    Advanced Penetration Testing
    Udemy.com courses - both of these courses are from the same instructor Zaid Sabih. I got them on sale for $10 each.
    Learn ethical hacking from scratch
    Learn web site hacking/penetration testing from scratch
    As far as being fully prepared I regret to inform you that no amount of prep work will fully prepare you for this course. Offsec puts their own special twist on many situations, which forces you to "try harder" (yes I really did just plug their slogan here). Anyways I hope this info helps you, good luck!
    Thanks. I saw this course on Cybrary.it, I will follow it

    You're absolutely right about for the lab, what I want is to maximize time on it rather to have to go through everything (which can be done in advance for many things).

    Update on my preparation:
    I haven't done much since end of last week, I was out for the week-end on a planned trip since few weeks.

    I'm building my own trojan following BHP, it's very useful and material on it will definitively help me a lot to automate many things! I'm actually thinking of building my own utility that will perform for me lot of things automatically, but this will come later when I will know exactly what to do.
    I'm reaching the end of the book (40-50 pages remaining) and I expect to finish it this week-end. I feel more comfortable with Python but I will take the course Learning Python The Hard Way since couple of things I don't fully understood, and I want to have a better knowledge of the python library.

    I'm improving my doc on Python at the same time and on scripting topics so I can quickly pick adequate scripts to automate things as I advance in the preparation process.

    So far, still motivated at 200%
    Reply With Quote Quote  

  6. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #5
    Quote Originally Posted by BlueMushroom View Post
    Thanks!



    Thanks. I saw this course on Cybrary.it, I will follow it

    You're absolutely right about for the lab, what I want is to maximize time on it rather to have to go through everything (which can be done in advance for many things).

    Update on my preparation:
    I haven't done much since end of last week, I was out for the week-end on a planned trip since few weeks.

    I'm building my own trojan following BHP, it's very useful and material on it will definitively help me a lot to automate many things! I'm actually thinking of building my own utility that will perform for me lot of things automatically, but this will come later when I will know exactly what to do.
    I'm reaching the end of the book (40-50 pages remaining) and I expect to finish it this week-end. I feel more comfortable with Python but I will take the course Learning Python The Hard Way since couple of things I don't fully understood, and I want to have a better knowledge of the python library.

    I'm improving my doc on Python at the same time and on scripting topics so I can quickly pick adequate scripts to automate things as I advance in the preparation process.

    So far, still motivated at 200%

    When you say that you don't want to have to go through everything are you meaning that you want to skip over some sections or not spend much time on certain sections? Because if so, you will not fair very well in the labs. You do all the prepping you want but the way offsec shows you some things is very unique and you wont find some of the various methods on google. it is HIGHLY recommended that you take your time on the course materials and fully understand each and every topic covered.
    Reply With Quote Quote  

  7. Member
    Join Date
    Jan 2017
    Posts
    96
    #6
    Im also doing pre preparation and am currently going through automate the boring stuff with python, and coming right after, a book I already have, is Black Hat Python and I also have Grey Hat Python.
    REALLY enjoying learning Python and how powerful it is.

    I am also going to take the exam when I am ready.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks