+ Reply to Thread
Results 1 to 19 of 19
  1. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #1

    Default My OSCP Epic Journey

    So… I’ve decided to go after the OSCP certification and I decided to start a thread to journal my progress, efforts, frustrations, failures and ultimate success. I started this for the CISSP but never completed it (I wish I had stuck with it now in hindsight).

    This was not a decision I made lightly and it only came after a few months of consideration and pondering during my wife’s imposed "summer vacation of NO STUDYING". Because I am goal driven, I tend to need a “big goal” to work towards in order to move forward. Without an overall goal or purpose, I tend to start lots of projects and then move on to something else without ever completing anything.

    My overall plan is this:
    1 – general focused study on “the basics” for 2017 Q4
    2 – focused study on eCCPT during 2018 Q1
    3 – focused study on OSCP during 2018 Q2

    I’ve combed the forums and read the majority of OSCP threads for help in developing a plan. I’ve also read many blogs and articles from people who passed the exam (as well as those who have unsuccessfully attempted it and stopped). Below are the steps and progress I have made since October 1 (almost one month in). I’m not publishing the resources I have not started yet because that list is quite long…

    Courses
    Cybrary.it Course: Penetration Testing and Ethical Hacking by Leo Dregier
    Source: https://www.cybrary.it/course/ethical-hacking/
    Status: COMPLETED

    Cybrary.it Course: Advanced Penetration Testing by Georgia Weidman
    Source: https://www.cybrary.it/course/advanc...ation-testing/
    Status: COMPLETED

    Zercool Wireless Penetration Series
    Source: https://www.youtube.com/channel/UCX-...s6FLNNFP176nCg
    Status: COMPLETED

    LearnPython.org
    Source: https://www.learnpython.org/
    Status: COMPLETED

    CodeAcademy Course: Learn Python
    Source: https://www.codecademy.com/learn/learn-python
    Status: COMPLETED

    PentesterAcademy: Network Pentesting
    Source: Network Pentesting
    Status: IN-PROGRESS, currently on video 13/83

    Udemy Course: The Complete Ethical Hacking Course: Beginner to Advanced
    Source: https://www.udemy.com/penetration-testing/
    Status: IN-PROGRESS, currently on video 14/113

    Books
    Nmap: Network Exploration and Security Auditing by Paulino Calderon
    Status: COMPLETED (read)

    Nmap Network Scanning by Gordon “Fyodor” Lyon
    Status: IN-PROGRESS, currently on page 59

    Penetration Testing: A Hands-on Introduction to Hacking by Georgia Weidman
    Status: IN-PROGRESS, currently on page 180

    Lab/Vulnerable VMs
    Kali
    Metasploitable2 – learning platform for the tools.
    Windows XP, Windows 7, Ubuntu – loaded with various vulnerable software from exploit-db as I’ve followed along in courses and books.
    VyOS virtual router – test nmap scans behind router configurations
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  2. SS -->
  3. Member
    Join Date
    Feb 2017
    Posts
    87
    #2
    Good Luck! I am part way through my 90 days of OSCP, it's really fun but very challenging.

    My Advice:

    - I don't honestly think you can "read" the Nmap book by Fyodor. You can scan it, reference it, flick through it to get an idea of functionality, but honestly, there's only so much syntax and output you can look at before you just lose track. I'd shelve it until you actively start to use nmap.

    - Prioritise the Georgie Weidman book, it's virtually identical to the OSCP PDF and Syllabus. I read about 60+% of it before OSCP and had a great base knowledge when i started the OSCP itself.

    - I watched some of the Cybrary Videos. Personally I enjoyed the Leo Dregier ones more than the Georgia Weidman ones.

    - Do you know any python or shell at all? If so get a good base knowledge but don't go mental with it... a lot of whta you need to know is basic and is more about taking something and tweaking it a bit.


    Don't be afraid to dive into the OSCP as it's an amazing course and I think if you delay it for the sake of doing others as preperation you'll end up wondering why you waited so long. Only delay it for other courses... IF you want to do those other courses first.

    ...

    Vulnhub is definitely a brilliant resource. I wish I'd done more that before starting OSCP.

    Good Luck!
    My Aims
    2017: CEH, CHFI, MCSA
    2018: GPEN, CISSP
    2019: New Job!!!


    Reply With Quote Quote  

  4. Surf Guitar Guy tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    480

    Certifications
    SSCP, Security+ +4
    #3
    Impressive list of accomplishments, and all in this month, too! Some of those items are on my list.

    That sounds like a good plan, and it's a good idea to build a strong foundation. Good luck!
    Reply With Quote Quote  

  5. Junior Member dr_fsmo's Avatar
    Join Date
    Oct 2017
    Location
    Michigan
    Posts
    13

    Certifications
    A+, Security +, MCSA/MCSE, MCTS, CNA
    #4
    Did you come up with a list of preconfigured vms? I see many people reccommend ones like the Kioptrix series.
    Reply With Quote Quote  

  6. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #5
    CyberCop - thank you for the great information and tips. I can read python and write well enough to reuse or make edits to someone's code, but I'll never sit down and write my own complicated program from scratch. I want to make sure I understand the fundamentals, that's why I was looking at breaking up my studies this way.

    dr-fsmo - I started a list of vulhub VMs as I read the different threads and blogs. I started with this list and added to it: abatchy's blog | OSCP-like Vulnhub VMs

    However, I'm not at the point of starting those - I'm focusing on metasploitable2 just to learn the basics.
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  7. Senior Member BuzzSaw's Avatar
    Join Date
    Jul 2016
    Posts
    239

    Certifications
    CEH | SSCP | VCP6 | VCP-NV | VCP-Cloud | VCP6-NV | VCP5-DCV | VCP4 | MCTS | MCP
    #6
    Welcome to the party!

    A couple quick tips:

    - It sounds like you have a good networking grasp, but if you don't, take a day or two to freshen up. I've seen a few people around here struggle with the basic idea of ports and such, or the idea of a dual homed system
    - Georgia's stuff is good, and the book is even better than Cybrary. Make sure to read that one
    - Add the Hacker Playbook (2) to the list .. It gives some good examples of various codes and stuff
    Reply With Quote Quote  

  8. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #7
    Thanks! Hacker Playbook 2 is on my shelf... I will read after finishing Georgia's book.
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  9. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #8
    Just a quick update. I worked through several Pentester Academy lessons, spending time documenting my notes for the exploits. I'm trying to understand the why as well as the how. I took and completed a Burpsuite class from Udemy. I also completed 26 lessons from the Udemy Pentest course (almost finished as some labs are not applicable). I also finished reading the Fyodor NMAP Scanning book late Saturday night. I agreed with CyberCop's thought that it would be a difficult read (after all, how do you read switch information and actually retain anything...) but I was surprised at how well some of the concepts came together for me. There were certainly sections where my mind melted and others I had to skip because it was reference material or simply didn't apply to my purpose, but when I finished I fell like I have a firm grasp on the how and why - I just need lots of practical experience instead of simply "let me follow along in my imperfect lab and try that too". If nothing else, I now know where things are and I know to look for connections I didn't know existed before.

    I may change my study plan. I was looking at eCCPT for the purpose of helping me learn before attempting the OSCP. I've been looking at virtualhackinglabs.com and for the price, that seems like a viable option. It's only been out for awhile, so I know I'd be part of the "live beta launch crowd" but it might be worth it - you can't argue with the price...

    I'll work on the Georgie Weidman book this week, Pentester Academy lessons (practicing along with my lab machines), and (maybe) test drive the virtualhackinglabs.com labs... I have The Hacker Playbook2 to switch between as I read and practice.

    Courses
    PentesterAcademy: Network Pentesting
    Source: Network Pentesting
    Status: IN-PROGRESS, currently on video 17/83

    Udemy Course: The Complete Ethical Hacking Course: Beginner to Advanced
    Source: https://www.udemy.com/penetration-testing/
    Status: IN-PROGRESS, currently on video 40/113

    Udemy Course: Burpsuite
    Source: https://www.udemy.com/burpsuite
    Status: COMPLETED

    Books
    Nmap Network Scanning by Gordon “Fyodor” Lyon
    Status: COMPLETED (skimmed a few chapters like compiling nmap, deep magic on how nmap scripting works, and the reference guide)

    Penetration Testing: A Hands-on Introduction to Hacking by Georgia Weidman
    Status: IN-PROGRESS, currently on page 180
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  10. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    193

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #9
    Vulnhub is still a decent place to learn but there is a much better place now called hackthebox. I HIGHLY reccomend it, I'm not a huge fan of the community there since most are OSCP hopefuls and treat the site like its the OSCP exam, meaning a lot of people aren't very helpful or willing to help others learn. If you can make it through all of the easy and intermediate boxes on there, you can pass the OSCP.
    Reply With Quote Quote  

  11. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #10
    Thank you! Great tip!
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  12. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #11
    I started the virtualhackinglabs (VHL) this week. It comes with a 200+page pdf and access to 30+servers. I made my way through about 42%of the lab book (they have a percent counter for your progress) and have slowed down now that I’m in the exploit part of the course. I haven’t started on any of the lab computers except to enumerate Lucky (I was testing the speed of nmap in the labs). So far this tracks pretty closely with Georgia Weidman’s book.

    I also took the challenge and gained access to hackthebox. I haven’t done much there except poke around. I focused on the paid time I have with VHL.

    I’ve read more from the Georgia’s book and completed some more of the Pentester Academy course.
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Dec 2007
    Location
    Grand Rapids, Michigan
    Posts
    1,857

    Certifications
    Network+ : A+ : Security+ : eJPT : Life+
    #12
    Thanks for posting about VHL! I'm really interested in it and I hope that it'll help with whatever pentesting course I'm doing.
    Booya!!
    ------------------------------------------------------------------------------------------
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
    Reply With Quote Quote  

  14. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #13
    I'm 67% through the coursework in VHL. I've told myself that I was going to finish the course ware before starting on the labs. However, I've enumerated three servers as I've followed along with the labs. I'm pretty sure I know how to handle James, and I was testing my grasp of the web material and I ended up with a low-privilege shell on Lucky. I ended up going to pickup pizza for the family and during the drive, when my mind was somewhere else, it suddenly dawned on me what I needed to do to root Lucky.

    So far, I've been impressed with VHL. It has given me a methodology to fit what I've been learning into. The course ware is built so they teach you a principal and then its up to you to research how to apply it. They have hints for the easier servers to help you along but I'm not planning on using those unless I'm really stuck. They could really benefit from having an IRC or forums or something.

    I've put most of my free time this week into this course, and have gotten further than I thought I would. I will not make much progress this weekend.
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  15. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #14
    Between work and family obligations the last week, it's been hard to find time to dedicate to this. The time I have had, I've spent head down in the labs. I've rooted two servers and have learned a ton along the way. Lessons like, don't over complicate things and keep it simple (stupid). When I rooted my first box I jumped up and did something I've never done before - spontaneously broke out in the "I got root" dance... Funny how I never knew I had that capability inside me until I caught myself singing "I got root" while gyrating my hips and moving my hands in little circles in front of me...

    I need more Mt. Dew.

    VHL Rooted: steven, mantis
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  16. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #15
    I popped another box before heading to bed tonight. I'm documenting the boxes as I go, which is good because I had to go back to steven today to verify I could replicate the multi-part exploit. I also finished reading the lab book.

    This is very much a research your own way through course. They added another server to the lab, so it's up to 33 boxes now.

    VHL Rooted: steven, mantis, john
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  17. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #16
    I have a limited shell on lucky but after several attempts yesterday at cracking it, I'm not feeling like a trip to Vegas.


    I upgraded the Kali distro yesterday as well. I didn't have this high on my list of to-do's, but after some unrelated research, it seemed like the easiest way to see if some latent issues would be resolved. Way easier than Windows...


    I also found out what the /bin/bash^M: bad interpreter error message means (thanks Windows...). Sed came to my rescue and cleaned up Windows character return: sed -i -e 's/\r$//' enum-linux.sh


    Enumeration, Enumeration, Enumeration... that seems to be my biggest repeating lesson...
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  18. Member Hornswoggler's Avatar
    Join Date
    Jun 2017
    Posts
    52

    Certifications
    A+, MCSE NT 4.0, CCNA, MCSE Win2k, CISSP, GCIH, CCSK, GPEN, OSCP
    #17
    Keep hacking away!! The books and videos are great... you picked some good ones, but at the end of the day you have to hack. Popping shells and getting root is the OSCP yardstick so keep working those virtual labs and vulnhubs!! I didn't do enough vulnhubs before my PWK course but I learned a ton from the ones I did.
    2018: Linux+, eWPT/GWAPT
    Reply With Quote Quote  

  19. I'm Batman clarkincnet's Avatar
    Join Date
    Jun 2014
    Location
    Raleigh, NC
    Posts
    251

    Certifications
    CISSP, CISM, CRISC, ITIL-F 2011
    #18
    Another day - still no lucky... I read up on enumeration techniques (https://blog.g0tmi1k.com/2011/08/bas...ge-escalation/) and several other sources recommended throughout the OSCP posts. I have lots of data about the machine and applications but nothing jumping out on what to do next. There's no forums or IRC for VHL so I'm going to just move on (for now).

    One good thing is I (think) I finally have a method to keep my notes. I'm using OneNote and I've gone slowly from complete chaos to starting to get things organized.

    I've learned more in the last two weeks in the labs than I have previously. Tomorrow is a new day!
    2015 Goals: CISSP [X], 2016 Goals: CISM [X], 2017 Goals: CRISC [X]
    2018 Goals: eCPPT [ ]
    Five Year Goals: CSXP, OSCP, GPEN, eWPT
    "Distrust and caution are the parents of security" - Benjamin Franklin
    Reply With Quote Quote  

  20. Surf Guitar Guy tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    480

    Certifications
    SSCP, Security+ +4
    #19
    That enumeration blog is a fantastic resource! Thanks for posting it.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks