Options
OSCP Experience Thread - MSP-IT
Comments
-
Options
JoJoCal19
Mod Posts: 2,835 Mod
If you subscribed to eLearnSecurity's mailing list, there's also another promotion available. It's an all access pass, you can get the Elite Edition of all their courses (exam and lab time included) for $3999 . Here's the official link: https://www.elearnsecurity.com/offers/all_access.php
Saw that and I wish I could just drop $4k down because that really is a stupid good deal for everything you get with the lifetime access to all of the courses and material, and the non-expiry cert attempts.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Options
KR34
Member Posts: 7 ■□□□□□□□□□
Lab ends in 3 days.
I went to update my VMWare Workstation on Monday, but the installation failed wiping ALL of my machines and saved images from my VM (dedicated) drive. Needless to say I was/am pissed. Because the update ****ed ALL of my backups, I have to work to rewrite all of my custom scripts, rebuild loot/post-exploitation folders, and everything else that was saved on my machines. At this point I'm burned out with both studying and personal life. I don't think I can progress any further in the labs until I get my head on straight.
Seeing as though I still have access to the videos and PDF, I'll attempt to get through them a few more times before I extend my labs in mid December.
Hi MSP , sorry for what happened . my advise is never update your VM just use the one provided from offsec and update nmap only . Never touch metasploit because " x86/shikata_ga_nai " is not the default encoder any more . Install dropbox and save all you work there " /root/dropbox/oscp/ " put your notes , scripts , ...etc", later you will it find helpful when you write your " Lab & Exam report " ... i was using both dropbox & google drive , by the way when is your first exam attempt . -
OptionsMSP-IT
Member Posts: 752 ■■■□□□□□□□
I'm getting closer to wanting to pull the trigger on OSCP, but with the new $150 off promo at eLS I'm thinking of doing the PTP first.
Yeah, I just realized that the holiday discount is only $150 off, not $599 for a course (couldn't read the webpage correctly due to my mobile device). So seeing as the course is still $749, I'll be taking a pass on WAPT.
I wish I had the 4k to drop for the 9 course bundle.Install dropbox and save all you work there " /root/dropbox/oscp/ " put your notes , scripts , ...etc", later you will it find helpful when you write your " Lab & Exam report " ... i was using both dropbox & google drive , by the way when is your first exam attempt .
Thanks for the advice! -
OptionsMSP-IT
Member Posts: 752 ■■■□□□□□□□
Hey MSP, what exactly in the WAPT syllabus do you think will help you with the OSCP? I would think the PTP would be the better course to give you what you need to make it through the OSCP.
Quite a bit of the OSCP lab machines are penetrable via web application attacks, although I doubt I can specify which, I think an more advanced understanding of web app penetration testing methods would greatly increase your success in the OSCP labs. -
Optionscgrimaldo
Member Posts: 439 ■■■■□□□□□□
Yeah, I just realized that the holiday discount is only $150 off, not $599 for a course (couldn't read the webpage correctly due to my mobile device). So seeing as the course is still $749, I'll be taking a pass on WAPT.
I wish I had the 4k to drop for the 9 course bundle.
Thanks for the advice!
So while you may be taking a pass on the WAPT, are you still going to pursue the PTP? -
OptionsZoovash
Member Posts: 84 ■■□□□□□□□□
Since you've already gone through PWK pdf and videos, I don't think PTP will do much for you. As I see it, WAPT will definitely help those without real experience in pentesting. Their Xmass discount apply to installment plans as well, you might want to go for that
-
OptionsJB3
Member Posts: 21 ■□□□□□□□□□
Thanks for the promo code! I am going to be starting the PTP/eCPPT in the morning (or late tonight). I am on winter break from school, so I plan to knock this out before classes start back up in January as prep to take the OSCP this summer.
-
OptionsMSP-IT
Member Posts: 752 ■■■□□□□□□□
Since you've already gone through PWK pdf and videos, I don't think PTP will do much for you. As I see it, WAPT will definitely help those without real experience in pentesting. Their Xmass discount apply to installment plans as well, you might want to go for that
I may be wrong, but I don't think that's the case. -
Optionsqasimchadhar
Member Posts: 17 ■□□□□□□□□□
For web app stuff I'd suggest https://class.coursera.org/softwaresec-001/wiki/Week_3 as a free rousource. It's part of their Software Security course.
- Security for the Web: Introduction (3:33)
- Web Basics (10:31)
- SQL Injection (10:35)
- SQL Injection Countermeasures (9:17)
- Web-based State Using Hidden Fields and Cookies (13:51)
- Session Hijacking (6:56)
- Cross-site Request Forgery (CSRF) (6:36)
- Web 2.0 (5:16)
- Cross-site Scripting (13:39)
-
OptionsxXxKrisxXx
Member Posts: 80 ■■■■□□□□□□
Hey MSP-IT,
Have you already enrolled in the WAPT course? Having taken PWB,PTP, and the WAPT course, I'm going to make the recommendation that you ride out PWK and finish it before starting down another course path. eLearnSecurity's courses are great and they've come along way over the years, it's just the way knowledge is presented between the eLS and OffSec is a bit different. When you're enrolled going through the WAPT course, you'll find it intensively slide heavy. This isn't the biggest deal but coming into it having just taken an OffSec course, your going to get an 'interesting vibe' to say the least.
The WAPT has various scenarios set up for you to get the hands-on experience but the best preparation for the OSCP exam is working your way through all of the Networks Offsec has setup. Some of the Web App coverage in PWK may not cut it for what you may have to pull off to own a couple lab machines. It's their style to make you go out there and research a bit.
If you enrolled in WAPT already, no worries in going through the content - it certainly doesn't hurt. Be sure to purchase 10 or 15 more lab days in the Labs before you take on the challenge. You'll notice that the lab scenarios in the WAPT course will focus on honing in certain skills (so you'll have a couple XSS Scenarios, SQLi Scenarios, Username Enumeration, etc). There's a couple scenarios that require you going through a longer process to attend a goal. You are going to want to jump back into the mindset that PWK puts you in. I don't mean the, 'Im ripping my hair out mindset', I mean you the mindset where you have to think and try multiple ways to accomplish an end goal. It's all a process! You're also in for a good time when you go for the eWPT exam. -
OptionsMSP-IT
Member Posts: 752 ■■■□□□□□□□
xXxKrisxXx wrote: »Hey MSP-IT,
Have you already enrolled in the WAPT course? Having taken PWB,PTP, and the WAPT course, I'm going to make the recommendation that you ride out PWK and finish it before starting down another course path. eLearnSecurity's courses are great and they've come along way over the years, it's just the way knowledge is presented between the eLS and OffSec is a bit different. When you're enrolled going through the WAPT course, you'll find it intensively slide heavy. This isn't the biggest deal but coming into it having just taken an OffSec course, your going to get an 'interesting vibe' to say the least.
The WAPT has various scenarios set up for you to get the hands-on experience but the best preparation for the OSCP exam is working your way through all of the Networks Offsec has setup. Some of the Web App coverage in PWK may not cut it for what you may have to pull off to own a couple lab machines. It's their style to make you go out there and research a bit.
If you enrolled in WAPT already, no worries in going through the content - it certainly doesn't hurt. Be sure to purchase 10 or 15 more lab days in the Labs before you take on the challenge. You'll notice that the lab scenarios in the WAPT course will focus on honing in certain skills (so you'll have a couple XSS Scenarios, SQLi Scenarios, Username Enumeration, etc). There's a couple scenarios that require you going through a longer process to attend a goal. You are going to want to jump back into the mindset that PWK puts you in. I don't mean the, 'Im ripping my hair out mindset', I mean you the mindset where you have to think and try multiple ways to accomplish an end goal. It's all a process! You're also in for a good time when you go for the eWPT exam.
I haven't, no. See one of my earlier posts. I was hoping that the WAPT would more or less hone the skills required to beat the OSCP exam. Seeing as the course is not quite as cheap as I thought, I'm going to instead spend the time in the OSCP labs.qasimchadhar wrote: »For web app stuff I'd suggest https://class.coursera.org/softwaresec-001/wiki/Week_3 as a free rousource. It's part of their Software Security course.- Security for the Web: Introduction (3:33)
- Web Basics (10:31)
- SQL Injection (10:35)
- SQL Injection Countermeasures (9:17)
- Web-based State Using Hidden Fields and Cookies (13:51)
- Session Hijacking (6:56)
- Cross-site Request Forgery (CSRF) (6:36)
- Web 2.0 (5:16)
- Cross-site Scripting (13:39)
This is a great resource. Thank you. -
OptionsMSP-IT
Member Posts: 752 ■■■□□□□□□□
So at this point I've dropped the OSCP. I received a surprisingly promotion this week that changes the direction of my career quite a bit. I'm still planning on staying in the information security realm, but I'll be pursuing it from a data science and analytics approach. I'll be posting an update about my position here in a few weeks once things are finalized.
-
Options
MrAgent
Member Posts: 1,310 ■■■■■■■■□□
MSP-IT, why not just finish it since you paid for it? At least take the exam and use it as experience. -
OptionsJoJoCal19
Mod Posts: 2,835 Mod
Congrats on the new promotion! Disappointed to hear you're dropping the OSCP.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
OptionsMSP-IT
Member Posts: 752 ■■■□□□□□□□
MSP-IT, why not just finish it since you paid for it? At least take the exam and use it as experience.
With my current lack of enthusiasm, time, and a transition into my new job and Masters (starting Jan 19th), I can't justify it [labs]. With only 60-70% of the labs completed, I would still need to dedicate 120+ hours worth of time to be able to complete the majority of the machines, I believe. With my new job already started, I'll also be restricted to only being able to lab during the weekend, which gives me just 3 -6 days left of lab time. I doubt I'll be able to make much progress.
That being said, while I have already paid for the exam, I might as well take it. I'll see if I can schedule it in the next few weeks. I don't know how big of a cut I'll be taking in score for returning a report that's only halfway completed. While I will document the machines I have gotten into, I won't be able to complete the rest of the book assignments. I'll update the thread once the exam is scheduled. -
Options[Deleted User]
Senior Member Posts: 0 ■■■■□□□□□□
I would take it without a doubt. Surely, you can spare the 24 hours to take it. You've spent this much time in the lab, you certainly don't want that work to be for nothing even if it results in you not passing. You seem like the type of person that is very hard on yourself and you're certainly ambitious to boot. I think you are doubting your knowledge and maybe, just maybe you will come away with the pass.
Either way, good luck man! -
OptionsMSP-IT
Member Posts: 752 ■■■□□□□□□□
I would take it without a doubt. Surely, you can spare the 24 hours to take it. You've spent this much time in the lab, you certainly don't want that work to be for nothing even if it results in you not passing. You seem like the type of person that is very hard on yourself and you're certainly ambitious to boot. I think you are doubting your knowledge and maybe, just maybe you will come away with the pass. Either way, good luck man!
I appreciate the encouragement and kind words.
I posted a job update here: http://www.techexams.net/forums/jobs-degrees/106671-msp-job-update.html -
OptionsNovaHax
Member Posts: 502 ■■■■□□□□□□
I don't know how big of a cut I'll be taking in score for returning a report that's only halfway completed. While I will document the machines I have gotten into, I won't be able to complete the rest of the book assignments. I'll update the thread once the exam is scheduled.
From my understanding, you won't be taking any cut in your score. Assuming you pop enough boxes to pass the exam...you still win. The lab report is only evaluated in the event that you fall into the marginal grey area. You get "partial credit" for boxes that you gain access to with only user level access. But OffSec doesn't tell you what partial credit amounts to. That being said...for every box you pop with root/SYSTEM access...you get a very clearly defined amount of points. If those points add up to more than the passing threshold...you pass.
That is to say...they aren't going to hold an incomplete lab report against you...but it may make them less lenient if you didn't clearly pass.
**This is my understanding from conversations with others (not directly with OffSec)...so don't quote me on it**
