+ Reply to Thread
Page 7 of 7 First ... 34567
Results 151 to 166 of 166
  1. Senior Member si20's Avatar
    Join Date
    May 2014
    Location
    UK
    Posts
    422

    Certifications
    MCDST, MCP, BSc Computer Forensics, MTA: 98-366, OSWP, OSCP, FJSE, ACE, PGCert, Linux+
    #151
    Best of luck with the OSCP. I meant to add an update to my thread... I've had a very bad breakup with my long-term girlfriend since I did my OSCP. I did my OSCP from Oct-Dec 2014 and in October, my relationship needed work, but I had committed 90 days to the OSCP and thought I could sort things out with my girlfriend after I did the exam. Nah....she left me. I'd made alot of mistakes in the relationship and not fixing issues for 3 months made even more issues crop up. I'm trying to get my mind back in order. It has completely killed me inside.

    So a word of warning to other people taking on this behemoth challenge: Ensure you can do this 30/60/90 days without any issues. Take care of other business before you set off on this journey. Alot can change in 30/60/90 days as I found out.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,284

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #152
    Sorry to hear about that.

    I've extended the course twice now.. Its beast of a course and exam.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  4. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,424

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #153
    This thread and my OSCP pursuits are still alive and well!

    I completed file transfers and privilege escalation today. I also ran through this writeup on priv escalation, which is a satisfying read. It does a great job on the fundamentals:

    FuzzySecurity | Windows Privilege Escalation Fundamentals

    As a sidenote - Recently, I took part in the investigation of a highly targeted breach on a client's network. I was in the rare (and awesome) position of having full PCAP network logs to review after the fact - while reviewing the case, I was was a bit shocked to see the very methods OffSec teaches in the OSCP course being used to facilitate cybercrime. I suppose what I'm saying is, I encourage those on the defensive side to consider the course as well. It helped connect the dots on a few things I was seeing in that case specifically.
    Last edited by YFZblu; 02-15-2015 at 03:56 AM.
    Reply With Quote Quote  

  5. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,354

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #154
    Quote Originally Posted by YFZblu View Post
    I was in the rare (and awesome) position of having full PCAP network logs to review after the fact - while reviewing the case, I was was a bit shocked to see the very methods OffSec teaches in the OSCP course being used to facilitate cybercrime. I suppose what I'm saying is, I encourage those on the defensive side to consider the course as well. It helped connect the dots on a few things I was seeing in that case specifically.
    This was a big part of my reasoning for wanting to pursue the OSCP and I also listed it in my training proposal. Just waiting to hear if I get it approved by management.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  6. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,424

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #155
    Tackled client-side attacks - I'd like to take this opportunity to reiterate, that I hate Java. Next up is web-application attacks...
    Reply With Quote Quote  

  7. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,424

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #156
    XSS completed. The XSS portion of the course, IMO, is way too shallow. There needs to be more emphasis here. I would say the same about privilege escalation, but I'm assuming the Metasploit portion of the course will somewhat cover more of that. We'll see...

    I have some SQLi stuff to do for work, so I'm going to skip Local File Inclusion and kill two birds with one stone - I'll finish SQLi today and transition that into the stuff for work...I'll round back to LFI tomorrow most likely
    Reply With Quote Quote  

  8. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,424

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #157
    Local File Inclusion, Remote File Inclusion, and SQL Injection have been completed. The next several sections are related to password cracking, which sort of tripped me up the last time I reached this point. So I'll spend some time tonight reading man pages before tackling the exercises tomorrow. I might also read some related writeups on privilege escalation in preparation for things to come.
    Last edited by YFZblu; 03-09-2015 at 12:46 AM.
    Reply With Quote Quote  

  9. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,284

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #158
    Keep it up! You can do this.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  10. Senior Member ipchain's Avatar
    Join Date
    Nov 2006
    Posts
    290

    Certifications
    <- do not define you.
    #159
    Quote Originally Posted by YFZblu View Post
    This thread and my OSCP pursuits are still alive and well!

    As a sidenote - Recently, I took part in the investigation of a highly targeted breach on a client's network. I was in the rare (and awesome) position of having full PCAP network logs to review after the fact - while reviewing the case, I was was a bit shocked to see the very methods OffSec teaches in the OSCP course being used to facilitate cybercrime. I suppose what I'm saying is, I encourage those on the defensive side to consider the course as well. It helped connect the dots on a few things I was seeing in that case specifically.
    Thanks for sharing this! I actually ran into the same thing about 3 years ago. Having said that, keep up the good work!
    Reply With Quote Quote  

  11. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,424

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #160
    Network password attacks, password hash attacks, and the pass-the-hash exercise have been completed. This time around I compromised a couple lab machines and harvested usernames/password hashes in order to make targeted attempts for the exercise questions. Overall, it felt good to get a feel for the tools.

    At this point I am going to start popping more boxes in the lab in preparation for the exam...Next up is port redirection and tunneling. I'd like to get through that tonight, but time may not permit.
    Reply With Quote Quote  

  12. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,424

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #161
    I haven't continued with the reading material, because I got antsy and wanted to get into the lab. I'll do some reading tonight on tunneling / encapsulation / redirection...

    Last night I was up until 4am getting root on something that had me stumped for a while. Great feeling when it happened though! Note to everyone: msfupdate is your friend, when it appears that you may be missing exploits in the Metasploit database. Or do what I did, and wonder why a specific exploit version is listed on Rapid7's website but not in its software for four hours.....

    Coffee please.
    Reply With Quote Quote  

  13. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,284

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #162
    Nice! Planning on taking the exam anytime soon?
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  14. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,424

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #163
    Definitely - I probably need to spend another solid week in the labs. I also need to get my scripts in order and spend some time automating good recon/enumeration. But I think I'm close.
    Reply With Quote Quote  

  15. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,846

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #164
    Update?
    Reply With Quote Quote  

  16. ' or 1=1 EngRob's Avatar
    Join Date
    Jun 2013
    Location
    Humid Florida
    Posts
    239

    Certifications
    GPEN, GWAPT, GCIH, GCFE, GSEC, CCNA, CCNA:Security, CCSA(exp), Security+, Network+, Linux+, Server+, A+, Project+, CEH, CHFI
    #165
    Another update bump?
    Reply With Quote Quote  

  17. Member
    Join Date
    Jan 2017
    Posts
    96
    #166
    I guess he just..fell off..
    Reply With Quote Quote  

+ Reply to Thread
Page 7 of 7 First ... 34567

Social Networking & Bookmarks