OSCP vs OverTheWire Bandit/Natas

sesha437sesha437 Member Posts: 48 ■■□□□□□□□□
Dear All,
I am planning to register for PWK/OSCP after a month or two. As a preparation I started working on OverTheWire Bandit and Natas. My progress is good. Completed 22 levels in Bandit as of now. Only for 2-3 levels have searched in google for help or hints, remaining have solved myself without much sweating.
So, Have question: in Bandit we will have hint or suggestions at the overthewire website. But in OSCP also we have any hints/suggestions to get the root or move forward. I heard like #offsec channel will help out. But now #offsec is not live.
So please let me know how we can compare OSCP vs bandit in difficulty wise.

Thanks :)

Comments

  • lugerluger Member Posts: 52 ■□□□□□□□□□
    Just a question.....why are you comparing the PWK course with OverTheWire? The PWK course is a pen testing course using different tools and skill sets while OverTheWire is just a few puzzles you have to solve using Linux commands. There is absolutely no comparison between the two. OverTheWire will help you sharpen your Linux skills needed for OSCP but by no means is enough to prepare you for the OSCP exam.

    I suggest you take a look at the PWK course syllabus and prep on the subjects contained in the PWK course and forget OverTheWire for now.
  • SaSkillerSaSkiller OSWP, GPEN, GWAPT, GCIH Member Posts: 337 ■■■□□□□□□□
    What the heck is Natas?
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    I would agree - OverTheWire is a fun game but has little carry over to something like OSCP, or even a lower certification like CEH.

    If you are looking for free ways to get your skills started, I would look at starting with VM's from VulnHub
  • sesha437sesha437 Member Posts: 48 ■■□□□□□□□□
    Hey Thanks All,

    I agree OverTheWire and OSCP are totally different. Thanks for the clarification.

    One question: Is there any hints or clues in the OSCP Labs similar to Bandit?
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    sesha437 wrote: »
    Hey Thanks All,

    I agree OverTheWire and OSCP are totally different. Thanks for the clarification.

    One question: Is there any hints or clues in the OSCP Labs similar to Bandit?

    Well the real question is, are you talking about hints for the lab environment, or hints for the actual 24 hour exam?

    Hints for the lab environment aren't really given out during the learning process. Most of the "hints" you may be able to find would be from students writing blogs about each section.

    Someone else can correct me if I am wrong on that - I haven't taken the PWK yet.

    As to the exam itself, people guard that one pretty well. You'll be hard pressed to find too many OSCP certified folks that would spill the beans on hints for the actual exam.
  • SlythSlyth Member Posts: 58 ■■■□□□□□□□
    I agree with BuzzSaw. You wont find many OSCP's that will give hints on the exam or labs. To be honest you should not even be looking for "hints" if you are looking at taking OSCP. Even the "hints" provided by OffSec are hit or miss (most of the time miss) on if there even useful or not. Any hints you many find online about the lab environment are most likely outdated. The lab I went through had 2 revisions just during the time I took it due to someone leaking hints. OffSec seems to not like hints being given out and will actively stop it either by revamping the lab or canceling someones OSCP certification if found to have provided information about the exam.

    The hints you are referring to would really only be in the Student forum you gain access to after you start the course. However these are heavily monitored and edited after posted to avoid any spoiling anything.
  • DollarhydeDollarhyde Member Posts: 111
    OSCP should not be considered entry level and compared to any other cert as nothing compares to it. There are no hints on OSCP, while there are some they are rarely useful. Example: ____ is laughing at you. That does not help you too much to determine how to solve it. In addition during the labs only admins are able to provide hints without spoiling it, and they will only do that if you have spent significant amount of time and really tried hard to obtain all necessary information. If you have not done so, they will just tell you to try harder which is what you should have done in the first place. On the exam you cannot get help or hints from anyone, if someone does so both you and they will lose all of their certification and will be unable to take any more courses from offsec.
    ___________________________________________________________________________________________________________
  • sesha437sesha437 Member Posts: 48 ■■□□□□□□□□
    Got it. Thanks a ton for your replied.

    Finally expect the unexpected :) #tryharder :)
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    I'm dumbfounded by the questions you asked with the credentials you hold....

    Edit: Not a personal attack by any means, this is a safe place to ask questions after all, but dude......
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • sesha437sesha437 Member Posts: 48 ■■□□□□□□□□
    I got your point. :) But mostly i work in consultant role. So I am newbee in pentesting and OSCP as well.
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    Good luck Sasha, glad you are trying to expand your knowledge.

    By the way, do you work for DoD?
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • MrAgentMrAgent Member Posts: 1,309 ■■■■■■■■□□
    As mentioned already, you will not get any hints from the offsec staff unless you have shown that you have in fact tried harder. This course is designed to make you think outside of the box, and to figure things out on your own. Its challenging, but can be accomplished.
  • sesha437sesha437 Member Posts: 48 ■■□□□□□□□□
    Thanks xxxKaliboyxxx and MrAgent.

    xxxKaliboyxxx: I won't work for DOD. Another consulting firm in US.

    MrAgent: That's cool. I can improve my technical skills and thinking out of the box skills.

    Planning to start in Dec.
  • monkykapmonkykap Member Posts: 24 ■□□□□□□□□□
    There is a significant amount of clues in the student forums to get you on the right path; especially for the easier machines. There is even one machine that has full walk through by Offsec. So you do have a chance to get your feet wet and develop your own methodology before diving in.

    Highly recommend you look over the following topics before taking the course:

    -programming/scripting (know how to read code - this is important for full understanding; although you can piece together working code, if you haven't written and debugged code before you won't easily understand why something doesn't work perhaps because of basic syntax or object logic). Take a python course. should probably know javascript/c/java/sql in that order if you have time.

    -web attacks
    -traffic analysis (all layers i.e. wireshark, tcpdump, understanding what happens at the field level of most common protocols).
    -Read/Decode hex. Binary is even better!
    -windows/linux security and os fundamentals
    -basic windows/linux command line commands/navigation/log file analysis
    -basic bash scripting

    optional(some can be done before and some can be done during course as necessary):
    -buffer overflow
    -assembly language
    -shellcoding
    -powershell
    -privilege escalation

    That being said even if you have practiced all the skills and have the prerequisite knowledge, the course will not be easy...you will be googling...a lot. But everyone is in the same boat pretty much unless you have lots of prior experience. So once your ready have at it and GL.
  • sesha437sesha437 Member Posts: 48 ■■□□□□□□□□
    Thanks Monkeykap.

    That's good to know at least I have one machine walk-through by offsec. So I can know what to expect in the next machines, difficulty may varies but ultimate goal will be the same.


    Highly recommend you look over the following topics before taking the course:

    -programming/scripting (know how to read code - this is important for full understanding; although you can piece together working code, if you haven't written and debugged code before you won't easily understand why something doesn't work perhaps because of basic syntax or object logic). Take a python course. should probably know javascript/c/java/sql in that order if you have time.


    Yes, I am comfortable in reading code and understanding it.
    I wrote few python scripts earlier, so those indentation, formatting, modules etc i am aware of.



    -web attacks ---Working in Web and mobile Security aspects. So XSS, SQLinjection, Directory traversal, etc i am well aware of. This helps i think.
    -traffic analysis (all layers i.e. wireshark, tcpdump, understanding what happens at the field level of most common protocols) ---[FONT=&quot]Worked with Wireshark several time, but not the TCPdump. have good understanding in OSI layers.[/FONT]
    -Read/Decode hex. Binary is even better! ---Working with hex is new to me. need to learn more here.
    -windows/linux security and os fundamentals --- Know few basic security concepts like file permissions, password storage, etc concepts. Need to deep dive in.
    -basic windows/linux command line commands/navigation/log file analysis --- I am little bit more comfortable in Linux terminal commands compare to powershell. Need to introspect.
    -basic bash scripting -- Intermediate




    optional(some can be done before and some can be done during course as necessary):
    -buffer overflow --- little bit hands on here. Tried Corelan Simple buffer overflow. Followed the same steps, understood the basic BOF concepts. Need to implement on other vulnerable apps to learn more.
    -assembly language -- New to this. very limited knowledge
    -shellcoding -- Same here as Assembly language.
    -powershell ---Same here.
    -privilege escalation ---Same here as Assembly language.

    More over I just enrolled for 60days lab yesterday. I will start my journey on Dec 3rd. I think 90 days should have been better for my current knowledge. But due to other commitments i am not able to enroll for 90 days. Will give a try after 60 days of 100% efforts. Else will enroll for 30 days extension after a month or two.

    Thanks again :) have a wonderful holidays ahead for everyone.
Sign In or Register to comment.