OSCP information overload

I have been working on the OSCP labs for 5 months. It seems like the more I learn, the harder it is to remember tricks I learned months ago. I don't use the kali tools at work or have any coworkers that know what metasploit is.

Do you guys/gals have any tips that might help?

Find more posts tagged with

Comments

TacoRocket

This sounds terrible but practice, practice, practice.

Granted I haven't done the OSCP but when I'm learning Linux and the command structure, I just repeated commands over and over again.

If not that, then assess your note taking. Is it optimal? Is there a better way that you learn? I like to write to help remember, but that's not for everyone.

MrAgent

It also definitely helps to take notes. When I was doing the labs, I took notes on everything I did. This proved to be quite useful, as I was able to use things I learned for other boxes in the lab.

adrenaline19

Write a personal step by step checklist and follow it. Under each part of the check list, write some further pointers to remind you of things you've learned previously. If you are methodical, you'll remember things better instead of trying to remember things in a dynamic environment.

Mike7

Somewhere on https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/

To deal with the volume of information gathered during a penetration test, we suggest using KeepNote, a multipurpose note-taking application, to initially document all your findings. Using an application like KeepNote helps both in organizing the data digitally as well as mentally. When the penetration test is over, the interim documentation will be used to compile the full report. It doesn’t really matter which program you use for your interim documentation as long as the output is clear and easy to read.

Jebjeb

I swear by Keepnote at this point, I have multiple sections for all kinds of topics, discovered hashes, tools, machines, os Commands, each machine file has sub files for each type of info **** I do, say for netstat, arp,route,passwords/hashes,ifconfig,systeminfo, dirb,nikto. I also record the steps for the file exploit solution per machine, and when I can,I revert and try it again.

Its not a bad idea to do the tools also with the switches for different solutions. This is a particularly important for MSFVENOM where different combinations create different attack platforms.

Then you can use the search function to find what you did before.

But yeah I feel for you , I have no coworkers who can even spell Metasploit or Nmap.

impelse

I write how I hacked one machine in keepnote and in another file in txt I have some commands or procedures for hacking and options and in a third file I have only linux and windows admin commands