Options
OSCP: Questions about Lab + Exercises (optional reports) and other questions
Rapt0r
Member Posts: 11 ■□□□□□□□□□
Hey everyone,
So I am planning to enroll for the OSCP course from 9th October and am currently brushing up on few tools and methodologies mentioned in the syllabus. Learning Buffer Overflow exploit, have fairly decent linux skills, have sourced few automated scripts from the internet and github namely SecuritySift, JollyFrogs, onetwopunch, Pillage, LinEnum etc.
Background: Working in a SOC profile, about 3 years of experience, doing VA too but no Pen Testing and have plans to move into core PT.
Did CEH, was planning for CISSP (on hold until OSCP) but now planning to crack OSCP before EOY. Have sourced and read several reviews of OSCP and felt that I can try harder and do it.
My labs might start 9th October - 60 days lab (not yet made the payment, credit card issues) and am planning to work on at-least 12-15 VMs from the VulnHub site and then go for the labs. I will try to 'root' most of these VMs while simultaneously reading different walkthroughs and different methodologies to understand different scenarios.
One important question/doubt I have is that we are required to send a Lab report of at least 10 machines to qualify for the 5 points and another 5 for the exercises/course materials. So is it compulsory to have reports of all the tools/procedure mentioned in the exercises or would it be a count of 10-20 odd tools/procedures? I do not want to waste my time on documenting exercise reports and would prefer to directly target the labs so that I would learn more. Want to give 4-5 days max for the exercises and videos which are fairly not much.
Also I might keep on bumping this thread if I have more doubts as I want to be at an optimum level before I attempt the labs.
So I am planning to enroll for the OSCP course from 9th October and am currently brushing up on few tools and methodologies mentioned in the syllabus. Learning Buffer Overflow exploit, have fairly decent linux skills, have sourced few automated scripts from the internet and github namely SecuritySift, JollyFrogs, onetwopunch, Pillage, LinEnum etc.
Background: Working in a SOC profile, about 3 years of experience, doing VA too but no Pen Testing and have plans to move into core PT.
Did CEH, was planning for CISSP (on hold until OSCP) but now planning to crack OSCP before EOY. Have sourced and read several reviews of OSCP and felt that I can try harder and do it.
My labs might start 9th October - 60 days lab (not yet made the payment, credit card issues) and am planning to work on at-least 12-15 VMs from the VulnHub site and then go for the labs. I will try to 'root' most of these VMs while simultaneously reading different walkthroughs and different methodologies to understand different scenarios.
One important question/doubt I have is that we are required to send a Lab report of at least 10 machines to qualify for the 5 points and another 5 for the exercises/course materials. So is it compulsory to have reports of all the tools/procedure mentioned in the exercises or would it be a count of 10-20 odd tools/procedures? I do not want to waste my time on documenting exercise reports and would prefer to directly target the labs so that I would learn more. Want to give 4-5 days max for the exercises and videos which are fairly not much.
Also I might keep on bumping this thread if I have more doubts as I want to be at an optimum level before I attempt the labs.
Comments
-
OptionsTechGuru80
Member Posts: 1,539 ■■■■■■□□□□
The course walks you through how to do the exercises so obviously you should use those methods with screenshots and procedures.
I am not sure what 5 points you are talking about....the exam is based on compromising the exam machines which is what gets you certified. -
OptionsRapt0r
Member Posts: 11 ■□□□□□□□□□
TechGuru80 wrote: »The course walks you through how to do the exercises so obviously you should use those methods with screenshots and procedures.
I am not sure what 5 points you are talking about....the exam is based on compromising the exam machines which is what gets you certified.
From https://support.offensive-security.com/#!oscp-exam-guide.md#Points
[h=3]Points: Bonus[/h] Up to 5 points may be earned by submitting your lab report. If the course exercises are also included, then an additional 5 points may also be earned, for a total of 10 points that could potentially be added to your final exam score.
--
Now even if I crack 30 lab machines I would prefer documenting around 15 into the reports. Exercises are around 350+ pages so there would be some decent amount of documentation which I want to try and lessen but if there's no option then I'll do it. -
OptionsTechGuru80
Member Posts: 1,539 ■■■■■■□□□□
Ah interesting...when I took the course that was not explained anymore than it could help if you are close. The tools they show you in the exercises are pretty standard and frankly I would lean towards using those and avoid any auto-pwn tools.
-
OptionsRapt0r
Member Posts: 11 ■□□□□□□□□□
Definitely avoiding metasploit and other automatic tools as I want to tackle and clear the 24 hour juggernaut after the end of the labs.
I have also gone through those enumeration scripts to know what exactly they do and only then I start using them.
I'll go through those materials once I get them (a month still left) but until then I am sharpening my skill sets required to boot-root-loot those lab machines. -
Optionsputtar
Member Posts: 12 ■□□□□□□□□□
[FONT=&]You must successfully compromise no less than 10 machines in the labs and document all of your steps as illustrated in the “Offensive Security Lab and Exam Penetration Report: Section 3 - Methodologies” template. You may choose to include more than 10 machines in your report, however this will not provide any additional points to your final exam score.https://support.offensive-security.com/#!pwk-reporting.md[/FONT]
not all the exercises are mandatory and some won't even require more than a screen shot of your work. -
OptionsRapt0r
Member Posts: 11 ■□□□□□□□□□
not all the exercises are mandatory and some won't even require more than a screen shot of your work.
Thanks puttar! I'll try to get those screenshots once I get the access.
