+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 67

Thread: Oscp

  1. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    536

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #1

    Default Oscp

    Looks like I will be starting OSCP 1/17. This should be a lot of fun. I can't wait to get started on it.
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,319
    #2
    Awesome. I've done 30 days already, but I got swamped and haven't been able to touch it for awhile. I'm shooting for GPEN on 3/1, and then using that next month for another 30 days and the exam.
    Reply With Quote Quote  

  4. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    536

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #3
    Quote Originally Posted by dynamik View Post
    Awesome. I've done 30 days already, but I got swamped and haven't been able to touch it for awhile. I'm shooting for GPEN on 3/1, and then using that next month for another 30 days and the exam.
    I've got some time on my hands, so I think I can study pretty hard for it. I only got 30 days of lab access, so I'm going to definitely try to get it finished pretty quickly.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Nov 2008
    Location
    Florida
    Posts
    259

    Certifications
    some
    #4
    Quote Originally Posted by dynamik View Post
    Awesome. I've done 30 days already, but I got swamped and haven't been able to touch it for awhile. I'm shooting for GPEN on 3/1, and then using that next month for another 30 days and the exam.
    How much scripting knowledge do you think is required? I really want to do this one very soon.
    Reply With Quote Quote  

  6. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,256
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #5
    You have 30 days to cover 16 modules, so that's just under two days per module. Not all modules are useful for the actual OSCP exam, so you'll need to figure out which to put last. The videos and the PDF generally cover the same material, but there's information in the videos that not in the PDFs and visa versa, so use them both.

    Read the posts in each module's discussion form before starting each module. The pains and woes of former OSCP-goers will save you many wasted hours of making assumptions and mistakes.

    And you should document the exercises you do in the modules. It'll count as extra points towards your final exam score should you need them to pass.

    And although the material is BT3, BT4 is fine to use for the course.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  7. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    536

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #6
    Quote Originally Posted by JDMurray View Post
    You have 30 days to cover 16 modules, so that's just under two days per module. Not all modules are useful for the actual OSCP exam, so you'll need to figure out which to put last. The videos and the PDF generally cover the same material, but there's information in the videos that not in the PDFs and visa versa, so use them both.

    Read the posts in each module's discussion form before starting each module. The pains and woes of former OSCP-goers will save you many wasted hours of making assumptions and mistakes.

    And you should document the exercises you do in the modules. It'll count as extra points towards your final exam score should you need them to pass.

    And although the material is BT3, BT4 is fine to use for the course.
    Thanks for the info! I will definitely follow the advice.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Nov 2008
    Location
    Florida
    Posts
    259

    Certifications
    some
    #7
    Thanks JD. I am assuming that you took the course already?
    Reply With Quote Quote  

  9. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,256
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #8
    Quote Originally Posted by carboncopy View Post
    Thanks JD. I am assuming that you took the course already?
    Yes. I did not finish all the labs, and I won't be taking the cert exam unless I get more lab time to complete the material and do a lot of extra studying. Unfortunately, I don't see that happening anytime in my near future.

    I should mention that the Offensive Security Penetration Testing with BackTrack (PWB) class is about application and operating system pen testing and not network pen testing. You will therefore be working with buffer overflows, shellcode exploits, fuzzing, debuggers, and generally learning how to own "root." There is very little in the way of network pen testing, and much of what there is isn't useful for, or can't be used on, the OSCP cert exam itself.

    Just something to be aware of if your interests are more in network pen testing rater than app and OS pen testing.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  10. Senile old fart laidbackfreak's Avatar
    Join Date
    Oct 2007
    Location
    wandering t'internet
    Posts
    994

    Certifications
    CISSP, CCVP, CCNAV, CCNAS, CCNA
    #9
    Quote Originally Posted by JDMurray View Post
    There is very little in the way of network pen testing, and much of what there is isn't useful for, or can't be used on, the OSCP cert exam itself.

    Just something to be aware of if your interests are more in network pen testing rater than app and OS pen testing.
    Cheers for heads up on this. I'm looking around to see what's next for me after the CISSP.

    So far I'm looking at CEH and ISSAP as these are two areas of interest to me, but I like to keep an eye on what else is out there.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Nov 2008
    Location
    Florida
    Posts
    259

    Certifications
    some
    #10
    Quote Originally Posted by JDMurray View Post
    Yes. I did not finish all the labs, and I won't be taking the cert exam unless I get more lab time to complete the material and do a lot of extra studying. Unfortunately, I don't see that happening anytime in my near future.

    I should mention that the Offensive Security Penetration Testing with BackTrack (PWB) class is about application and operating system pen testing and not network pen testing. You will therefore be working with buffer overflows, shellcode exploits, fuzzing, debuggers, and generally learning how to own "root." There is very little in the way of network pen testing, and much of what there is isn't useful for, or can't be used on, the OSCP cert exam itself.

    Just something to be aware of if your interests are more in network pen testing rater than app and OS pen testing.
    Yes, I was aware of that. Thank you for the HU
    Reply With Quote Quote  

  12. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    536

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #11
    I've been using Backtrack 4 for the course and it is definitely a little different than the videos. The biggest reason is just updated tools and utils. You'll notice right off that the bat that the commands they use to start a couple services will definitely not work with BT4. It's not hard to overcome by any means and if you have Linux familiarity you should be able to figure it out quickly.
    Reply With Quote Quote  

  13. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,256
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #12
    Yeah, starting and stopping the Apache Web server is different. That was probably the most difficult one to figure out.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  14. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    536

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #13
    Quote Originally Posted by JDMurray View Post
    Yeah, starting and stopping the Apache Web server is different. That was probably the most difficult one to figure out.
    Yeah that actually took me a second to figure out too. Once I looked through the directory I felt a little stupid haha. This is a really fun class though. It's not really as hard as I thought it was going to be (my first impression just glancing through the coursework). I guess we shall see.
    Reply With Quote Quote  

  15. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,256
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #14
    If you are a person whose hobby or job is to "own root" on Windows and Linux boxes with many different types of services and configurations, you should find the OSCP material very familiar and possibly even easy.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  16. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    536

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #15
    That's definitely true JD. I really think its a good course though. I'm pretty sure if you've had little or no experience, and havent had a lot of linux experience this would be pretty complicated. I've had a lot of fun messing with it so far. I think if you expand on the concepts even more with a little self study, you will be very good at this. I know I've had to look a little farther in BASH and netcat so far.
    Reply With Quote Quote  

  17. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    536

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #16
    I'm about halfway done with the lab manual (I've been slacking a little). I've been messing with their lab environment quite a bit. Mostly right now it's been recon stuff. It's pretty fun to see what all you can get from SNMP. I'm dual studying this with GCIA, so I haven't made a ton of progress. I hope to get through the OSCP in this 30 days.
    Reply With Quote Quote  

  18. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,256
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #17
    Don't forget about reading the offsec forum for each module and getting to know people on the #offsec IRC channel. Those can be very good learning experiences and great time savers when you have a problem.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  19. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    536

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #18
    Quote Originally Posted by JDMurray View Post
    Don't forget about reading the offsec forum for each module and getting to know people on the #offsec IRC channel. Those can be very good learning experiences and great time savers when you have a problem.
    Yeah I've browsed through it a little bit. It is nice to see some solutions to common problems in there. I really need to get moving on to the exploit section, I think thats where I need to gather more ecperience.
    Reply With Quote Quote  

  20. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    536

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #19
    The more I take this class, the less I like it. I love the idea of this class, and it has taught some things. I also know people have raved over this class and exam, but there are just too many problems.

    If they release a new version of BackTrack, they should probably look at the training and make the proper adjustments. If you do take it, save yourself a lot of hassle and stick with BT3, simply because BT4 lacks some of the tools and files you will need to even complete the exercises. It's a pretty big pain in the @$$ sometimes.

    I think also in order to take this puppy you need to have a decent grip on security concepts, linux, common tools, and common vulnerabilities. If you are looking for a course to hold your hand and help you learn pentesting, this isn't it. I know most courses do expect you to study beyond what is taught, but I find PWB to be a little lofty in it's goals of self study/research. The biggest element of this being Perl or Python scripting. You honestly NEED to know how to script, or at least be able to steal and edit scripts. It's not really practical for you to manually enter a few thousand usernames to enumerate SMTP user information.

    It's a fun class if you have the background. I don't want to scare anyone off of taking it, but I wanted whoever takes it in the future to be fully aware of what they are getting into. I'll keep you all posted
    Reply With Quote Quote  

  21. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    863

    Certifications
    CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #20
    That's the reason why they said that you need CEH knowledge and some linux and TCP/IP.

    Also we have to add that if you want the CEH you need two years of exp, so in others words, for the Offensive Security training you need: 2 years exp + some linux + TCP/IP and acording to other people like you we need some Perl or phyton programming.
    Blog: http://blog.thehost1.com/
    Online backup: http://www.thehost1.com/
    2013 Goals: CEH: Passed CISSP: Working OSCP:Pending
    Reply With Quote Quote  

  22. Certification Invigilator Forum Admin JDMurray's Avatar
    Join Date
    Jul 2003
    Location
    Surf City USA
    Posts
    10,256
    Blog Entries
    50

    Certifications
    GSEC, EnCE, CISSP, SSCP, CEH (ANSI), CASP, CCNA, CCENT, CWSP, CWNA, CWTS, Security+, Server+, Network+, A+, DHTI+, PDI+, MSIT InfoSec
    #21
    For anyone who is not an OS or app pen tester by profession, I would recommend the following course of action to be performed for a month or two before you actually start the PWB (OSCP) course:
    • If you are unfamiliar with Ubuntu (Debian) Linux or KDE, should learn how to configure networking, install and upgrade software packages using both the GUI shell and the command line.
    • If you do not know Linux at all, you invest in an Intro to Linux book or class to learn all you can about using and managing a Linux box. The objectives of the CompTIA Linux+ certification is an excellent reference of Linux commands and features you should know.
    • Browse through the tools on BackTrack available in the /pentest subdirectory and the KDE menu. Become familiar with the use of the more common pen testing tools.
    • Know how to write simple bash shell scripts or other types of UNIX or Linux shell scripting.
    • Knowing either Perl or Python is a great help in the OSCP class; they are used by several of the assignments. Spend some time learning to write very basic programs in either or both of these languages.
    • Understand the fundamental organization and operational principles of computer architecture (e.g., stack, heap, CPU registers). Understand the lifecycle of a running program and how it “lives” in the computer.
    • Learn the basics of Intel x86 assembly language and how it is used to create an operating program.
    • Learn how to use Ollydbg or IDA Pro to load and step through the execution of a program. YouTube has a lot of videos on these disassemblers. Books on reverse engineering do as well.
    • Read through the posts in the forums at forums.offensive-security.com. You will gain access to more forums after you have signed up for the course, and read through the posting on those as well.
    • If you are not on IRC then now’s the time to learn how by visiting the Offensive Security channel at irc://freenode/offsec. For an IRC client, I use the ChatZilla add-on for FireFox.

    If you manage to accomplish most of these tasks before starting the actual PWB class, you will be well ahead of most of your fellow classmates. Much of your introductory work will already be completed and you won't waste valuable lab time trying to figure out how to do things like use Linux commands, write shell scripts, or install software. Instead, you will be ready and confidant to connect to the virtual lab and start working on the PWB modules.
    Moderator of the InfoSec, CWNP, IT Jobs, Virtualization, Java, and Microsoft Developers forums at www.techexams.net
    --
    Blog: www.techexams.net/blogs/jdmurray
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    Reply With Quote Quote  

  23. Cyber Ninja L0gicB0mb508's Avatar
    Join Date
    Apr 2005
    Location
    Teh Tubes
    Posts
    536

    Certifications
    GCIA, GCIH, MCP, Net+, Sec+, CCNA, Proj+, A+, CIW, AESA, CCNA:Sec
    #22
    Quote Originally Posted by impelse View Post
    That's the reason why they said that you need CEH knowledge and some linux and TCP/IP.

    Also we have to add that if you want the CEH you need two years of exp, so in others words, for the Offensive Security training you need: 2 years exp + some linux + TCP/IP and acording to other people like you we need some Perl or phyton programming.

    You need to be pretty versed in linux and scripting though. A little bit of Linux experience probably isnt going to get it. I dont have CEH, nor do I work as a pentester, and I'm doing fine with the class over all. I will say I am having some issues with writing exploit code. I have 0 experience with assembly language/ writing shellcode and find it very hard to wrap my head around.

    JD you are exactly right. Those requirements are a must. If you have never looked at that stuff, you are almost going to have to pre research.

    As far as my update goes, I've pretty much enumerated all the data I'm going to get on the lab network. It's actually a great stress release to go after the servers. I'm pretty much into the nitty gritty of the exploitation/priv escalation. This is the part where I felt I was the weakest. I have 17 days of labs left, so I should be in good shape to finish the lab manual.
    Reply With Quote Quote  

  24. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    863

    Certifications
    CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #23
    Thanks JDMurray, this is the information that I was needed to read before taking the training (it's in my list after two exams that I need to pass). Before your post I was thinking to study:

    Linux (this is a must)
    Metasploit (I already read this book)
    Netcat
    Wrieshark
    Google Hacking

    Now I have to add your post. In my case I do not like just to cramm, I need to understand and know my studies.
    Blog: http://blog.thehost1.com/
    Online backup: http://www.thehost1.com/
    2013 Goals: CEH: Passed CISSP: Working OSCP:Pending
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Jun 2009
    Location
    Canada
    Posts
    682

    Certifications
    Most Recent: CISSP & CCDA
    #24
    Quote Originally Posted by impelse View Post
    Thanks JDMurray, this is the information that I was needed to read before taking the training (it's in my list after two exams that I need to pass). Before your post I was thinking to study:

    Linux (this is a must)
    Metasploit (I already read this book)
    Netcat
    Wrieshark
    Google Hacking

    Now I have to add your post. In my case I do not like just to cramm, I need to understand and know my studies.
    And experience of course. The single biggest factor in getting a security job is experience. Certs mean even less in this branch. These certs were just invented by companies to cash in on the craze. Admins have been doing this type of security work there whole careers and that's generally what an IT manager is looking for when hiring.
    Reply With Quote Quote  

  26. Senior Member impelse's Avatar
    Join Date
    Dec 2006
    Location
    Houston, TX
    Posts
    863

    Certifications
    CEHv7, CCNA, Security+ 70-290, 70-291 CCNA:S
    #25
    Quote Originally Posted by GAngel View Post
    And experience of course. The single biggest factor in getting a security job is experience. Certs mean even less in this branch. These certs were just invented by companies to cash in on the craze. Admins have been doing this type of security work there whole careers and that's generally what an IT manager is looking for when hiring.
    This is true
    Blog: http://blog.thehost1.com/
    Online backup: http://www.thehost1.com/
    2013 Goals: CEH: Passed CISSP: Working OSCP:Pending
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks