connecting to oscp lab from work

mike2020mike2020 Registered Users Posts: 2 ■□□□□□□□□□
Because of typical work firewall rules I can't ssh out to my home oscp laptop. However, the boss said using ssh on cloud 9 (c9.io) is
fine during lunch and to check into during the day as long as I don't over do it.

cloud 9 runs inside the browser and provides a fully functional bash shell inside the online VM. With that beautiful shell, I can ssh to the home laptop, ssh to the kali vm and connect to the crazy thinc.local domain.

Anyone see any major security risks doing this? Obviously, I like having a job. We want to know if anyone has any thoughts about this that my boss and I have not considered.

Comments

  • adrenaline19adrenaline19 Member Posts: 251
    Why aren't you just taking your laptop to work with you and just use it there during lunch? You'll have problems with buffer overflows trying to do it the way you've described.

    I don't see why you'd get in trouble. Your boss knows whats going on.
  • mike2020mike2020 Registered Users Posts: 2 ■□□□□□□□□□
    Outside computers are not allowed on company network.

    Yes, and now I have this thread to refer back to if the boss denies it :) Seriously though, we just want to be sure that the browser will prevent someone or something malicious from reading data off of the work computer. The oscp lab has lots of evil software in it.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Buy a 4G USB and use that to do the labs????
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • bigdogzbigdogz Member Posts: 881 ■■■■■■■■□□
    I have not taken this exam yet but after reading up on some of the other posts you should be doing this from home. If not, there are some options:

    1) Google/research/read what you need at work. save/review notes. (do what you can when you are not at home). NO DOWNLOADS.

    2) Buy a hotspot $40 USD/month + device (YMMV) that only your laptop will use to connect out... see if your boss would like to expense it. At the least you show that you are willing to separate your play area and the production network.

    3) See if there are opportunities to work from home 1 or 2 times a week (maybe more). This may depend on what your may allow you to do from home.

    I hope this helps.
    Good Luck!
  • adrenaline19adrenaline19 Member Posts: 251
    James has a good point. Boot from a usb, and connect.

    You could do it the way you suggest, but you'll have a ton of problems when you start attacking boxes. If you are just doing labs, you should be fine. But you'll have to set your mtu lower or you'll have problems with the windows7 machine.
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Some companies has every strict policy to where you connect or protocols specially if you are under any compliance. Now you could use that time to polish more python, web application, review the video or the pdf file, the theory, including more knowledge in Linux/Windows.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    I meant like using a 4G network dongle to VPN over instead of using the company's network. This way, you might not have as many problems. I'm not sure if this will work out but if you have an xfinity account, login to a hotspot and use that hotspot if you can... legally. I'm not sure if doing these labs over vpn while using someone elses cable modem is a good idea or not.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
Sign In or Register to comment.