OSCP student roll call.
mabraFoo
Member Posts: 23 ■□□□□□□□□□
Comments
-
mabraFoo Member Posts: 23 ■□□□□□□□□□To clarify, I don't want to give away any spoilers, but instead connect to discuss techniques to increase the odds of passing the exam. Scripting and automating as much as possible increases the odds of passing the exam. I started with a strong DBA and computer science background. 17 years in IT, but no pen-testing experience. So far I have owned about 28 labs machines.
This course is a blast, so addicting. Never in my life have I had such a hard time pulling myself away from the computer. It is so easy to stay up all night because it always seems a breakthrough is only 15 mins away.
After 5 months it is easy to forget the techniques I used to own a machine months ago. Because of this I have gone back to remind myself the steps to own each machine. Of course hindsight is 20/20, but it is fun to see my automation script own Bob from start to finish in 90 seconds when it killed me for several days. -
eth0 Member Posts: 86 ■■□□□□□□□□HappyGoats wrote: »OSCP/OSCE alumni here. Feel free to ask any questions etc.
OSCE was hard? what knowledge is needed to start this course? -
HappyGoats Member Posts: 5 ■□□□□□□□□□OSCE was hard? what knowledge is needed to start this course?
You definitely want some basic assembly language experience, it makes things a lot easier. I found the web part of the course really easy, but the more in depth binary exploitation was a bit more challenging but fun at the same time. -
eth0 Member Posts: 86 ■■□□□□□□□□HappyGoats wrote: »You definitely want some basic assembly language experience, it makes things a lot easier. I found the web part of the course really easy, but the more in depth binary exploitation was a bit more challenging but fun at the same time.
I have only experience from OSCP with low level stuff (so basic buffer overflow exploitation), no any other, will be ok? What I mean, not sure if I am prepared to start this OSCE, I have little problem with last step to register -
Muggie Member Posts: 6 ■□□□□□□□□□I'm a current student. My lab opened up 9/12 but I haven't been able to really jump into it except for this weekend.
-
leugenel Member Posts: 27 ■□□□□□□□□□My lab starts Oct. 10th. Is there a way to request a book before the lab starts?
-
TechGuru80 Member Posts: 1,539 ■■■■■■□□□□My lab time ends pretty soon. It is definitely grueling and there probably will be times you get annoyed and need to take a break.
-
BlackBeret Member Posts: 683 ■■■■■□□□□□I'm in the labs as well. I missed the past week and a half, but I'll be back in the labs and on IRC at night from here on out.
-
Pnut_Butter_W0lf Registered Users Posts: 1 ■□□□□□□□□□Been in off and on for a while juggling a infosec MS along with it
-
Blade3D Member Posts: 110 ■■■□□□□□□□My lab time runs out Sunday but I plan to extend at least another 30 days, I'll try to start getting in the IRC channel again.Title: Sr. Systems Designer
Degree: B.S. in Computing Science, emphasis Information Assurance
Certifications: CISSP, PSP, Network+, Security+, CySA+, OSWP -
robantonucci Registered Users Posts: 4 ■□□□□□□□□□10 days in.. 28 boxes down.. starting to feel the burn this is litterally taking over ALL of my free time. but well worth it so far..
-
Muggie Member Posts: 6 ■□□□□□□□□□Has anyone been able to figure out the vulnserver buffer overflow? I'm having issues with getting my JMP ESP to work and would love to bounce some ideas off of someone. Right now I feel like I'm spinning my wheels.
-
ilikeshells Member Posts: 59 ■■□□□□□□□□Has anyone been able to figure out the vulnserver buffer overflow? I'm having issues with getting my JMP ESP to work and would love to bounce some ideas off of someone. Right now I feel like I'm spinning my wheels.
I'd make sure you know how much buffer space you have. If you get stuck, ping the admins in IRC, they are actually very helpful if you proove you've made concerted effort. -
BlackBeret Member Posts: 683 ■■■■■□□□□□Don't forget to check the OffSec forum posts for the modules as well. I've seen it discussed a lot on there.
-
Dill_ Registered Users Posts: 2 ■□□□□□□□□□I just finished the vulnserver. Feel fee to PM me in the #offsec irc if you still need to bounce ideas around.
-
dende3 Member Posts: 6 ■□□□□□□□□□Will be starting on 1st of 8th of November, have to get my payment sorted. Gathering materials for a while now.
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■I start November 1st. I purchased the course previously, but will actually complete it this time.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
TK1799_st Member Posts: 111I just started this weekend in prepping.
Any guide or opinion that anyone else on here has for a course of action would be great.
I started by Installing Oracle Virtualbox, downloading Metasploit 2, will be going through the Offensive Security course Metasploit Unleashed, and purchasing to read:
1) Metasploit: The Penetration Tester's Guide
2) Basic Security Testing with Kali Linux
3) The Hackers Playbook 2
I just started to read #1 yesterday. I also ran through some videos and online training at Cybrary.it
Any advice from those of you that are ahead of me would be great and appreciated!
So far, I'm excited about this course of study and available training, which most of it is free. -
Janne4 Member Posts: 29 ■□□□□□□□□□Hi!
Sounds like you are on the right track.
Skills that can be useful is general Linux skills, understanding and writing simple scripts in python and bash, understanding the basics of modifying exploits in various programming languages and knowing your way around in Metasploit and Nmap.
I would also recommend looking into Web App Pentesting (approx. 50% of the Machines in the lab network has a web attack vector) and privilege escalation on Windows and Linux (often you have a shell but as a low-priv user).
The later two areas is where I am having some problems when it comes to practical skills ; ) -
TK1799_st Member Posts: 111nice meeting you Janne4 - I read your other post -- seems you've been very busy. Thank you for the information. I've spent all weekend getting organized and just started reading 1) on my list.
On my breaks I've been gathering research articles and videos of stuff I've come across to build a minor library to understand what I've just read.
I'm appreciating the effort in learning this -- am I am very excited to be taking this path.
Keep at it! With effort comes victory! -
Janne4 Member Posts: 29 ■□□□□□□□□□Thanks. I wish I had practiced more "hands-on" with vulnerable machines (metasploitable, Damn Vulnerable Web App and others) when preparing for this course and not just read books and gathering information.
-
Blade3D Member Posts: 110 ■■■□□□□□□□I plan to renew for a month on November 13th, schedule my first test November 29th, and if a retest is needed December 12th. I had originally gotten my employer to pay for 90 days of lab time, but got extremely busy with work and relationship. I am now single again, and hope to finish this ASAP as I'd like to start on the CISSP and other certs.Title: Sr. Systems Designer
Degree: B.S. in Computing Science, emphasis Information Assurance
Certifications: CISSP, PSP, Network+, Security+, CySA+, OSWP -
kiems Member Posts: 3 ■□□□□□□□□□Hi! I will be renewing my labs in the beginning of December for two or three months. Really enjoying the material / videos. Nice to meet you all.