+ Reply to Thread
Page 1 of 7 1 2345 ... Last
Results 1 to 25 of 166
  1. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #1

    Default Need a project - Found a project! YFZblu's OSCP Thread

    Hey all,

    I haven't completed an official certification since Last September (I think it was September) when I went through the SANS GCIH track. Anyway, I've been looking at a lot more red team related training/education lately - not because I want to become a 1337 haxor, but because I want context to what I see every day in the SOC and to continue making hard pushes to expand my skillset; what better way to accomplish this than to feel the pressure of an actual red team engagement, and the growing pains that come with learning new topics at a deep level?

    I've been doing a lot of Python scripting lately, studying a lot of compsci topics (memory, process, C programming) and think now is the time. I start Offensive Security's 'Penetration Testing With Kali' course this Sunday, 4/20, and I'm pumped.

    I'm creating this thread now in an effort to document the end-to-end process of OffSec's registration, payment, lab testing, studying, and the exam itself. I will be posting to this thread daily with any and all progress I make towards accomplishing this task - which includes posting links to the best 3rd party resources I utilize while rolling through the course topics. I purchased the 30-day course, and have absolutely no plans to extend the time frame. I understand 30 days is easier said than done, but I'm focused and have no other projects at the moment.

    Waiting the next five days will be rough, I'm super anxious to get my hands on the material.
    Last edited by YFZblu; 04-15-2014 at 06:25 AM.
    Reply With Quote Quote  

  2. SS -->
  3. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #2
    That's awesome news! I'm sure you're gonna enjoy the challenge and learn a great deal. Also, many thanks for your plan to keep us updated throughout this.
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jan 2011
    Location
    Romania
    Posts
    207

    Certifications
    eCPPT, RHCSA, RHCE, RED HAT EX405, EX407
    #3
    I will be watching very closely your progress. I think it will be a good read. Good luck
    Reply With Quote Quote  

  5. Member
    Join Date
    Jun 2013
    Location
    Bucharest, Romania
    Posts
    80

    Certifications
    eCPPT, CCNP, CCNA Sec, CCNA, Security+, Linux+
    #4
    Good luck! And don't forget to sleep!
    Reply With Quote Quote  

  6. Senior Member
    Join Date
    Oct 2012
    Location
    Lexington, KY
    Posts
    534

    Certifications
    CISSP, GMON
    #5
    30 days while working is tough, but good luck for sure. Check out the IRC channel as much as you can as well, I didn't at first and missed a great resource for a couple months.


    !pain
    !sufferance
    Reply With Quote Quote  

  7. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,359

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #6
    Looking forward to your posts in this thread. I am thinking of starting the OSCP at the beginning of next year.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    May 2007
    Posts
    430

    Certifications
    CISSP, GCIA
    #7
    Subscribed! Good luck!
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #8
    Quote Originally Posted by wes allen View Post
    30 days while working is tough, but good luck for sure. Check out the IRC channel as much as you can as well, I didn't at first and missed a great resource for a couple months.


    !pain
    !sufferance

    This is actually a GREAT point. You can enter the name of any host in the IRC channel in this format...

    Examples:
    !ALICE
    !BOB
    !PEDRO
    !GHOST
    !PAIN

    Each of these will return hints on how the box can be popped. Some are very helpful. Others are so cryptic that even after you pop the box...you'll wonder what it meant.
    Reply With Quote Quote  

  10. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #9
    Quote Originally Posted by NovaHax View Post
    This is actually a GREAT point. You can enter the name of any host in the IRC channel in this format...

    Examples:
    !ALICE
    !BOB
    !PEDRO
    !GHOST
    !PAIN

    Each of these will return hints on how the box can be popped. Some are very helpful. Others are so cryptic that even after you pop the box...you'll wonder what it meant.
    That's awesome - I appreciate the tips guys
    Reply With Quote Quote  

  11. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #10
    Pre-Registration

    If you'd like to register for Penetration Testing With Kali (PWK), you will have to provide OffSec with your name and email address; a non-free email address. After doing that I received an email with the following:

    -Support hours
    -Course information
    -PWK Syllabus
    -Cost
    -Course prerequisites
    -Certification information
    -Information on how to officially register for the course - This includes a registration link with a TTL of 72 hours. If 72 hours goes by and you still haven't registered, you will have to submit your information again and wait for another email.

    Registration (pre payment)


    After officially registering for the course, I received yet another email which contained:

    -Confirmation of your course and start date
    -OffSec ID number
    -Instructions to test connectivity to the lab environment before proceeding with payment
    -Link to download Kali Linux
    -Link to purchase the course
    -This email also has a TTL of 72 hours; failure to complete everything in that time frame bumps the student to a later start date

    Payment


    Payment was as easy as clicking the link in the second email I received, and entering my credit card information. I then received two confirmation emails - One indicating that the payment was successful, and another with an attached invoice
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #11
    And so it begins...
    Reply With Quote Quote  

  13. Senior Member
    Join Date
    Oct 2012
    Location
    Lexington, KY
    Posts
    534

    Certifications
    CISSP, GMON
    #12
    Quote Originally Posted by YFZblu View Post

    Payment


    Payment was as easy as clicking the link in the second email I received, and entering my credit card information. I then received two confirmation emails - One indicating that the payment was successful, and another with an attached invoice
    One thing to be aware of though, is that their payment processor is outside the USA, which caused my bank (BOA at the time)to add an extra fee, and my company couldn't pay for the class for me with corporate cards, due to the policy of no outside US charges allowed. My current bank doesn't charge a fee, but I have gotten fraud warning calls when paying for classes. So just a heads up on that for everyone.

    And, if you don't have a non free email, you can still register, you just need to send them a copy of ID. The billing department has been good to deal with - quick to respond and always helpful.
    Reply With Quote Quote  

  14. Member
    Join Date
    Jun 2013
    Location
    Bucharest, Romania
    Posts
    80

    Certifications
    eCPPT, CCNP, CCNA Sec, CCNA, Security+, Linux+
    #13
    Is there a VAT fee added for EU countries ?
    SecurityTube didn't charge any VAT but I know eLearnSec collects VAT.
    Reply With Quote Quote  

  15. Senior Member bobloblaw's Avatar
    Join Date
    Dec 2012
    Location
    Memphis, TN
    Posts
    226

    Certifications
    CISSP, CEH, S+/A+/P+/N+
    #14
    Good luck. Looking forward to your write-ups.
    Reply With Quote Quote  

  16. Security Advocate MSP-IT's Avatar
    Join Date
    Dec 2012
    Location
    Denver, CO
    Posts
    727

    Certifications
    list index out of range
    #15
    I'll be watching this thread diligently.
    Reply With Quote Quote  

  17. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #16
    Lab connectivity test

    For this we are asked to boot into our Kali Linux boxes, and utilize the OpenVPN utility to connect to the lab network. This involves simply ping'ing a host on our subnet, and keeping the VPN connection up for a while to ensure stability.
    Last edited by YFZblu; 04-17-2014 at 03:42 AM.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #17
    Quote Originally Posted by YFZblu View Post
    Lab connectivity test

    For this we are asked to boot into our Kali Linux boxes, and utilize the OpenVPN utility to connect to the lab network. This involves simply ping'ing a host on our subnet, and keeping the VPN connection up for a while to ensure stability.
    I don't think you're supposed to...but I was already guns blazing with Nmap during the 24-hour lab connectivity test window.
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Apr 2012
    Posts
    231

    Certifications
    A+, Security+, CCENT, C|EH, GCFE, GCFA, GREM
    #18
    I just started in the labs today. Good luck to you!
    Reply With Quote Quote  

  20. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #19
    Quote Originally Posted by NovaHax View Post
    I don't think you're supposed to...but I was already guns blazing with Nmap during the 24-hour lab connectivity test window.
    That's awesome - About 8 hours until the materials hit my inbox. Looking forward to it.
    Reply With Quote Quote  

  21. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #20
    Downloaded my course materials tonight! A 361 page PDF, and ~8 hours of instructional video. I also logged into the IRC channel, and poked around the forums reading the FAQ's. Going to start reading the PDF tonight.

    Random note - Each page of the PDF is watermarked with my OffSec ID number and full name; obviously to identify those those who distribute the material. Never seen that before.
    Reply With Quote Quote  

  22. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #21
    Yup...they've been doing that for a minute. Mine was watermarked back when I took PWB in 2012.
    Reply With Quote Quote  

  23. Senior Member
    Join Date
    Mar 2014
    Posts
    623

    Certifications
    Alphabet-soup
    #22
    I'd suggest watching the videos before reading the guide, module by module. The videos cover what's in the guide, then the guide goes in to a few more details. I was rapidly deployed in 2010 and unable to make use of the labs or attempt the exam so I decided to pay to upgrade my materials to PWK and am going through it all now, in a few weeks I'll add the lab time and attempt the test hopefully around July 4th holiday time. Good luck to you as well.

    Remember a lot of it requires outside study. I'd read up Windows Escalation for a start try FuzzySecurity | Windows Privilege Escalation Fundamentals
    Reply With Quote Quote  

  24. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #23
    Excellent fuzzysecurity link, I appreciate that
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Oct 2013
    Location
    Washington DC
    Posts
    498

    Certifications
    OSCP, eMAPT, eWPT, CISSP, GPEN, GWAPT, GCIH, GCIA, GSEC, CEH, CNDA, ECSA, CHFI, Sec+, Net+
    #24
    I personally disagree with BlackBeret's approach. It worked better for me to read through the PDFs at the same time as watching the videos (since they pretty much follow the same track). But to each his own. Everyone learns in different ways.

    Good resource though. Its easy to get over-confident though when you start exploiting boxes, and forget about the importance of privilege escalation. Trust me...you will need to know how to move from basic access to root or SYSTEM .

    The g0tm1lk Linux privilege escalation guide is also a MUST.
    Reply With Quote Quote  

  26. Senior Member YFZblu's Avatar
    Join Date
    Nov 2011
    Posts
    1,425

    Certifications
    A+, N+, S+, CCNA, CCNA:Sec, GSEC, GCIH, GCFE
    #25
    The first two days have been pretty easy going, it has basically been an intro to the course itself, the basics of navigating Kali linux, and an intro to bash scripting.

    Right away, it's clear that one must be 'at home' using Linux CLI - not at an admin level, but understanding the meat and potatoes of the OS is essential; opening files, navigating the file system, environment variables, starting/stopping services, configuration changes, etc.

    I was happy to see bash scripting early on, it's something I'll have to learn on the fly. As I said in my OP, I have learned a few languages recently and I'm glad I did - the Student is expected to have the ability to whip a script together in multiple high level languages.

    I'm definitely pacing myself at the moment. I have Thursday - Saturday off each week, and a slow work day on Sundays. That's when I plan on going deep and hitting the books/lab for 8+ hours per day. At work tomorrow I'll also get myself familiar with the basics of bash scripting; syntax, data types, iteration, etc.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 7 1 2345 ... Last

Social Networking & Bookmarks