+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 27
  1. Junior Member
    Join Date
    Nov 2015
    Posts
    20
    #1

    Default OSCP Journey Starts 08/13

    Journey ahead!

    So I been supporting the troops out in Afghanistan in the Info sec field.
    after work out here i find myself with a lot of free time, so decided to tackle down the OSCP.
    I have read plenty of materials on OSCP and what is expected in order to pass.
    I look forward in sharing my journey as many before me have done.

    also, if anyone has started or will begin their OSCP around my time frame please do reach out..

    TTYL

    Locod64
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #2
    Don't rush through the pdf and videos. Everyone is eager to hit the labs, but the devil is in the details. Sign up for 90 days, not 30 or 60.
    Reply With Quote Quote  

  4. Member
    Join Date
    May 2017
    Posts
    89
    #3
    Quote Originally Posted by adrenaline19 View Post
    Don't rush through the pdf and videos. Everyone is eager to hit the labs, but the devil is in the details. Sign up for 90 days, not 30 or 60.
    can i know the reason for 90 ?
    Reply With Quote Quote  

  5. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #4
    I've been where locod is; it can get stressful quickly. Sometimes, it's best to step back and relax for a day or two, but you can't do that if you feel pressed for time. Locod have nothing else to do, so he/she might as well do OSCP right.

    Besides, it gives you extra time to play in the labs and hone your skills; who wouldn't want that?
    Reply With Quote Quote  

  6. Junior Member
    Join Date
    Nov 2015
    Posts
    20
    #5
    yeah I went with the 90 day lab package. I wanted to make sure I got plenty of exposure and lab time.

    i downloaded the kali image that they provided. My question is, are there any other programs that I should install for this course, or most are already included in Kali?

    Im doing my last minute preps to make sure I get most out of this course.
    Reply With Quote Quote  

  7. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #6
    You only need the image, PDF, and videos. All of those are delivered together in one email. I assume you already tested the VPN tunnel, right?

    You'll be given a test box to do your exercises before you are unleashed on the lab boxes.

    They give you everything. It really is a great course.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Nov 2015
    Posts
    20
    #7
    I tested the VPN connection and also downloaded the VM they sent in the email.

    I was referring to any other software that would help with the course that might not be included in Kali..

    After reading a few reviews, the best plan is to read the PDF, watch the videos and complete the section assignment..
    after jump in the labs..

    Im finishing a BURP SUITE class, picked up a lot of new skills on web pentesting... how much SQL is cover in the Course?
    I would say that would be my weakest area..

    thanks for the feedback.
    Reply With Quote Quote  

  9. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #8
    Not a lot of sql injection is in the OSCP.
    Reply With Quote Quote  

  10. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    41

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #9
    Hey Loco! I'm also starting that weekend! Part of me wishes it were here already, and another part of me wants more time to prepare, LOL! Can't wait to get started and learn a ton.


    Like you I've already downloaded the kali image and connected to VPN (so I could get the link to pay). I'll be working through as many vulnhub machines as possible in the next 3 weeks, and will practice putting the results in the offsec reporting format (for the practice).


    I've joined the IRC and offsec forums, also found a channel on Slack. https://netsecfocus.herokuapp.com/ . I hear there is a Discord group out there but haven't looked too deep.


    Best of Luck!!!
    Reply With Quote Quote  

  11. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #10
    Don't download any vulnerability scanners or anything that isn't included in your student image. If I were you, I'd clone your student VM several times before you start and update them throughout the course. I don't know your hardware, but upgrading to 16gb of ram would be helpful too.

    As far as software, you are all set!
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Nov 2015
    Posts
    20
    #11
    I havent added anything to it yet.. I wish you could some how get the study aid package with the registration...
    Been practicing on vulhub, other than that I can wait to start learning.. Hornswoggler I will def look into does groups. I will be updating this thread and you are welcome to update it as well..
    Reply With Quote Quote  

  13. Junior Member
    Join Date
    Nov 2015
    Posts
    20
    #12
    As of 08/13 I started my OSCP jouney. Like most have said before, I got the email with course material, and lab PVN log in.

    I will follow the (watch video-then read PDF) format.. after each section I will complete the exercises, OneNote has been my prefer note keeping software. I also created a shared folder within kali to my local HOST. from there I added that shared folder to my dropbox. so when I save my Notes it automatically gets added to dropbox. I have also downloaded most of the tools that Jelly-frog mention on his OSCP review. I will recommend to actually try to open each one as some required so updating for them to work.. So far I have completed the first 80 pages of the PDF and videos..

    if anyone has started around my time frame, and would like to create a study group, please dont hesitate to drop me a mesg.
    Will update this thread with more info once I actually touch the labs...

    TTYL
    locod64
    Reply With Quote Quote  

  14. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    41

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #13
    Exciting!! You aren't wasting any time.
    Reply With Quote Quote  

  15. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    41

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #14
    I'm only up to page 70 and it feels like work, lol. I keep waiting for the fun part. The exercises are cool but the reporting is a chore. I enjoy it once I've started. Nothing profound so far that I haven't seen before. Can't wait to get past the material and spend more time in the lab.
    Current course: Started PWK on 8/12/2017
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

  16. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #15
    Ha, it's supposed to be fun & pain! I start on 9/2 and am looking forward to it!
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Jul 2017
    Posts
    15
    #16
    Quote Originally Posted by JoJoCal19 View Post
    Ha, it's supposed to be fun & pain! I start on 9/2 and am looking forward to it!
    Will be starting mine from 11/2017. In the meantime, I'm filling some necessary gaps. It may be an overkill; however, I'll rather over learn than under learn in prep for the OSCP and beyond.
    Reply With Quote Quote  

  18. Junior Member Registered Member
    Join Date
    Aug 2017
    Posts
    11
    #17
    any preference or plan on which box should be pwned?
    Reply With Quote Quote  

  19. Junior Member
    Join Date
    Feb 2017
    Posts
    8

    Certifications
    CCIE Security, PCNSE7, CCSA, CCNP, CEH
    #18
    Hey, i started on the 8/13 also, couldn't send a PM, I'm interested in the study group
    Last edited by lynad; 08-22-2017 at 01:55 AM.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Sep 2016
    Location
    VA
    Posts
    382

    Certifications
    CISSP, PMP, CCNP, FITSP-M
    #19
    Quote Originally Posted by billows View Post
    any preference or plan on which box should be pwned?
    All of them
    2017: CCNP (done), FITSI-M (done) CCIE Written
    2018: CCIE R/S
    2019: VCP (DCV/NV), OSCP
    2020-1: MBA
    Reply With Quote Quote  

  21. Junior Member
    Join Date
    Nov 2015
    Posts
    20
    #20
    Update,

    so far I have rooted Alice lol.. the exercise for SMB kinda gives you the answer (make sure you rooted it manually) learned a bunch from it.. the Buffer over flow took most of my time this week. should be finish with the exercises by Sunday.
    I have created a scripts folder, with reverse shells, ftp options, and the raw exploit code for each vulnerability I find.
    also, I created a list with all user I find in my enumeration, with their respected hash or password. I have the feeling some might work in other boxes.

    so far I can say I have sharpen my overall understanding in pen testing. I know the real challenge will begin for me shortly.
    for now i will enjoy my 1-1 record from rooting Alice hehe...

    lets get a study group going, im down to work with others..
    Reply With Quote Quote  

  22. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #21
    Quote Originally Posted by locod64 View Post
    lets get a study group going, im down to work with others..
    Hey, I start on 9/2. I'll be participating in the Discord channel when I start mine, but if you also want a smaller meetup, we can connect on Discord or Slack.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  23. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    41

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #22
    How does one join the discord channel? Anybody got a link?
    Reply With Quote Quote  

  24. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    41

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN
    #23
    Two weeks in... how is everybody doing??


    I'm not as far as I would have liked... been taking my time with the Windows buffer overflow material and exercises. It takes every bit of concentration I have at times, lol. I don't have much programming or scripting experience so a few parts are over my head but I was able to follow along enough to write the exploit for VulnServer.exe. It was a relief to complete! I took the time to make good notes, both for the lab report and so I could replicate my steps in the exam/lab. I'm thinking BOF will be the toughest part for me since I am a newb in that department.
    Current course: Started PWK on 8/12/2017
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

  25. Junior Member
    Join Date
    Nov 2015
    Posts
    20
    #24
    @Hornswoggler,

    for BOF it was a complete new concept, I new the theory behind it but never actually created and exploited a system with it. because of this, i took extra time in this section to make sure I understood the entire process. I have finish the course work and exercises. this week will focus full time on the labs.
    so far i have gain a good understanding on non staged/staged payloads!.. have rooted alice, and Phoenix. will update more frequently now that im on the labs!! look forward on reading everyone's progress.

    locod64
    Reply With Quote Quote  

  26. Junior Member
    Join Date
    Nov 2015
    Posts
    20
    #25
    This week has been super interesting.

    the current problem im facing is.. Found a RFI on a machine, im able to call a reverse shell from my apache2 server with a javascript through the url.
    the problem is with my apache server rendering the reverse shell instead of the vuln server im after. I figure is because my reverse shell is PHP and the server is reading and executing the code, instead of pushing forward the file. I have played around with changing the .php to .txt and even .gif.. I know its something simple im over looking. this cert has gotten my full attention.. the amount of self-studying is crazy compare to other certs.. will update as soon as i root this machine..

    locod64
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks