connecting to oscp lab from work

mike2020

Because of typical work firewall rules I can't ssh out to my home oscp laptop. However, the boss said using ssh on cloud 9 (c9.io) is
fine during lunch and to check into during the day as long as I don't over do it.

cloud 9 runs inside the browser and provides a fully functional bash shell inside the online VM. With that beautiful shell, I can ssh to the home laptop, ssh to the kali vm and connect to the crazy thinc.local domain.

Anyone see any major security risks doing this? Obviously, I like having a job. We want to know if anyone has any thoughts about this that my boss and I have not considered.

adrenaline19

Why aren't you just taking your laptop to work with you and just use it there during lunch? You'll have problems with buffer overflows trying to do it the way you've described.

I don't see why you'd get in trouble. Your boss knows whats going on.

mike2020

Outside computers are not allowed on company network.

Yes, and now I have this thread to refer back to if the boss denies it Seriously though, we just want to be sure that the browser will prevent someone or something malicious from reading data off of the work computer. The oscp lab has lots of evil software in it.

jamesleecoleman

Buy a 4G USB and use that to do the labs????

bigdogz

I have not taken this exam yet but after reading up on some of the other posts you should be doing this from home. If not, there are some options:

1) Google/research/read what you need at work. save/review notes. (do what you can when you are not at home). NO DOWNLOADS.

2) Buy a hotspot $40 USD/month + device (YMMV) that only your laptop will use to connect out... see if your boss would like to expense it. At the least you show that you are willing to separate your play area and the production network.

3) See if there are opportunities to work from home 1 or 2 times a week (maybe more). This may depend on what your may allow you to do from home.

I hope this helps.
Good Luck!

adrenaline19

James has a good point. Boot from a usb, and connect.

You could do it the way you suggest, but you'll have a ton of problems when you start attacking boxes. If you are just doing labs, you should be fine. But you'll have to set your mtu lower or you'll have problems with the windows7 machine.

impelse

Some companies has every strict policy to where you connect or protocols specially if you are under any compliance. Now you could use that time to polish more python, web application, review the video or the pdf file, the theory, including more knowledge in Linux/Windows.

jamesleecoleman

I meant like using a 4G network dongle to VPN over instead of using the company's network. This way, you might not have as many problems. I'm not sure if this will work out but if you have an xfinity account, login to a hotspot and use that hotspot if you can... legally. I'm not sure if doing these labs over vpn while using someone elses cable modem is a good idea or not.