OSCP information overload

mabraFoomabraFoo Member Posts: 23 ■□□□□□□□□□
I have been working on the OSCP labs for 5 months. It seems like the more I learn, the harder it is to remember tricks I learned months ago. I don't use the kali tools at work or have any coworkers that know what metasploit is.

Do you guys/gals have any tips that might help?

Comments

  • TacoRocketTacoRocket Member Posts: 497 ■■■■□□□□□□
    This sounds terrible but practice, practice, practice.

    Granted I haven't done the OSCP but when I'm learning Linux and the command structure, I just repeated commands over and over again.

    If not that, then assess your note taking. Is it optimal? Is there a better way that you learn? I like to write to help remember, but that's not for everyone.
    These articles and posts are my own opinion and do not reflect the view of my employer.

    Website gave me error for signature, check out what I've done here: https://pwningroot.com/
  • MrAgentMrAgent Member Posts: 1,309 ■■■■■■■■□□
    It also definitely helps to take notes. When I was doing the labs, I took notes on everything I did. This proved to be quite useful, as I was able to use things I learned for other boxes in the lab.
  • adrenaline19adrenaline19 Member Posts: 251
    Write a personal step by step checklist and follow it. Under each part of the check list, write some further pointers to remind you of things you've learned previously. If you are methodical, you'll remember things better instead of trying to remember things in a dynamic environment.
  • Mike7Mike7 Member Posts: 1,074 ■■■■□□□□□□
    Somewhere on https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/
    To deal with the volume of information gathered during a penetration test, we suggest using KeepNote, a multipurpose note-taking application, to initially document all your findings. Using an application like KeepNote helps both in organizing the data digitally as well as mentally. When the penetration test is over, the interim documentation will be used to compile the full report. It doesn’t really matter which program you use for your interim documentation as long as the output is clear and easy to read.



  • JebjebJebjeb Member Posts: 83 ■■□□□□□□□□
    I swear by Keepnote at this point, I have multiple sections for all kinds of topics, discovered hashes, tools, machines, os Commands, each machine file has sub files for each type of info **** I do, say for netstat, arp,route,passwords/hashes,ifconfig,systeminfo, dirb,nikto. I also record the steps for the file exploit solution per machine, and when I can,I revert and try it again.

    Its not a bad idea to do the tools also with the switches for different solutions. This is a particularly important for MSFVENOM where different combinations create different attack platforms.

    Then you can use the search function to find what you did before.

    But yeah I feel for you , I have no coworkers who can even spell Metasploit or Nmap.
  • impelseimpelse Member Posts: 1,233 ■■■■□□□□□□
    I write how I hacked one machine in keepnote and in another file in txt I have some commands or procedures for hacking and options and in a third file I have only linux and windows admin commands
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

Sign In or Register to comment.