OSCP: Questions about Lab + Exercises (optional reports) and other questions
Rapt0r
Member Posts: 11 ■□□□□□□□□□
Hey everyone,
So I am planning to enroll for the OSCP course from 9th October and am currently brushing up on few tools and methodologies mentioned in the syllabus. Learning Buffer Overflow exploit, have fairly decent linux skills, have sourced few automated scripts from the internet and github namely SecuritySift, JollyFrogs, onetwopunch, Pillage, LinEnum etc.
Background: Working in a SOC profile, about 3 years of experience, doing VA too but no Pen Testing and have plans to move into core PT.
Did CEH, was planning for CISSP (on hold until OSCP) but now planning to crack OSCP before EOY. Have sourced and read several reviews of OSCP and felt that I can try harder and do it.
My labs might start 9th October - 60 days lab (not yet made the payment, credit card issues) and am planning to work on at-least 12-15 VMs from the VulnHub site and then go for the labs. I will try to 'root' most of these VMs while simultaneously reading different walkthroughs and different methodologies to understand different scenarios.
One important question/doubt I have is that we are required to send a Lab report of at least 10 machines to qualify for the 5 points and another 5 for the exercises/course materials. So is it compulsory to have reports of all the tools/procedure mentioned in the exercises or would it be a count of 10-20 odd tools/procedures? I do not want to waste my time on documenting exercise reports and would prefer to directly target the labs so that I would learn more. Want to give 4-5 days max for the exercises and videos which are fairly not much.
Also I might keep on bumping this thread if I have more doubts as I want to be at an optimum level before I attempt the labs.
So I am planning to enroll for the OSCP course from 9th October and am currently brushing up on few tools and methodologies mentioned in the syllabus. Learning Buffer Overflow exploit, have fairly decent linux skills, have sourced few automated scripts from the internet and github namely SecuritySift, JollyFrogs, onetwopunch, Pillage, LinEnum etc.
Background: Working in a SOC profile, about 3 years of experience, doing VA too but no Pen Testing and have plans to move into core PT.
Did CEH, was planning for CISSP (on hold until OSCP) but now planning to crack OSCP before EOY. Have sourced and read several reviews of OSCP and felt that I can try harder and do it.
My labs might start 9th October - 60 days lab (not yet made the payment, credit card issues) and am planning to work on at-least 12-15 VMs from the VulnHub site and then go for the labs. I will try to 'root' most of these VMs while simultaneously reading different walkthroughs and different methodologies to understand different scenarios.
One important question/doubt I have is that we are required to send a Lab report of at least 10 machines to qualify for the 5 points and another 5 for the exercises/course materials. So is it compulsory to have reports of all the tools/procedure mentioned in the exercises or would it be a count of 10-20 odd tools/procedures? I do not want to waste my time on documenting exercise reports and would prefer to directly target the labs so that I would learn more. Want to give 4-5 days max for the exercises and videos which are fairly not much.
Also I might keep on bumping this thread if I have more doubts as I want to be at an optimum level before I attempt the labs.
Comments
I am not sure what 5 points you are talking about....the exam is based on compromising the exam machines which is what gets you certified.
From https://support.offensive-security.com/#!oscp-exam-guide.md#Points
[h=3]Points: Bonus[/h] Up to 5 points may be earned by submitting your lab report. If the course exercises are also included, then an additional 5 points may also be earned, for a total of 10 points that could potentially be added to your final exam score.
--
Now even if I crack 30 lab machines I would prefer documenting around 15 into the reports. Exercises are around 350+ pages so there would be some decent amount of documentation which I want to try and lessen but if there's no option then I'll do it.
I have also gone through those enumeration scripts to know what exactly they do and only then I start using them.
I'll go through those materials once I get them (a month still left) but until then I am sharpening my skill sets required to boot-root-loot those lab machines.
not all the exercises are mandatory and some won't even require more than a screen shot of your work.
Thanks puttar! I'll try to get those screenshots once I get the access.