OSWP Progress

I will "attempt" to update this thread regularly, regarding my progress. We all may have our own definition of regularly. But, like I mentioned previously I really have a lot going on.

First day, Friday I received all of the links regarding downloading the necessary course materials. As stated in the SANS forum previously, I bought every single recommended device they suggested on the website. The wireless card for example gave me the most issues. It took me over a day attempting to find the drivers for my MacBook. Being that I am running the Sierra OS, no drivers existed. The latest drivers were for like 2 updates ago for the MacBook. This is in fact with me searching the manufactures website. I went against my golden rule of downloading non-trusted drivers from iffy sites and every workaround stated online...unsuccessfully. I went to websites I knew were totally bogus, just because I was gun-hoe on this OSWP training. I usually get a new OS installed at the Apple store twice a year, just because. I think it's about time to pay the apple store a little visit, plus it's free! I've tested various "anti-virus" solutions and I know for a fact I had anything you can think of "malicious" on a cd/thumb-drive and some caught some things and some things weren't caught (at all). Either way, a good clean installation never hurt anyone.

After sitting down on the couch I realized it was user error. Once I plugged in the wireless card and clicked on VM instead of my MacBook OS the device started to flash green lights. Silly me Silly me. It's alive!! I am going through the slides and doing every single command, not just reading them and moving on. I am also taking notes, every single command. So this may be the slowest OSWP training someone has ever done in the history of Offensive Security. Being that the Offensive Security Forum is a ghost town and it's really not that many replies/if any to any questions, I am not going to give many suggestions, if any. They seem to be frowned upon, so forgive me if I don't say anything beneficial. All I see is an AVI, certificaitons, and a name. You OS moderators aren't going to social engineer me into getting my (soon to be) cert revoked icon_cool.gif

I am more than half way through the document, I should be done considering I am taking my sweet time within the next 48hrs. I have not been through the videos but if the videos are the same exact commands as the docs I am skipping the videos. I am not a fan of doing the same thing two different ways. It's like you writing me a note to take out the trash and then tell me to take out the trash. You only have to tell me to do something one time, in one way. I haven't looked at the videos as said, but I'll just assume we are going over something new

I tried to study an hour before work and I didn't get very far. I moved an entire two pages...I guess I am a perfectionist. When I have to read I fly through the material. When I have to do commands I take my time, open up terminals, see what's going on in Wireshark and actually understand the material. Although the material isn't hard or not hard at all. Someone said it wasn't a walk in the park.....I am not saying it isn't a walk in the park, but it isn't far from it. I would not classify it as being hard. So far, I would suggest this material to anyone looking to gain some "security" knowledge. I wouldn't say it's going to get you into the Information Security Field though. It may just compliment something else on your resume.

My PM said he should know if I am approved for the 560 course next week. I think I have one more GIAC cert left and OSWP and I am going to take a break from certifications. I am going to shift to learning how to code. I don't need 500000 certs to get a job icon_lol.gif

Comments

  • bluesquirrelbluesquirrel Member Posts: 43 ■■□□□□□□□□
    Lots of good luck GirlyGirl and thanks for sharing your experience with OSWP !
  • RichAsskikrRichAsskikr Member Posts: 51 ■■■□□□□□□□
    The OSWP is a cert I would like to gain myself at some point, ideally next year - so I shall watch this thread with interest.

    What you were saying about being told how to do something one way, I have no idea what the course material is like for OSWP, but I would say its always better to learn various ways. If you come across a situation where that one way you learned doesnt work (for whatever reason), I'm sure it would be handy having that other method to hand.
  • GirlyGirlGirlyGirl Member Posts: 219
    The OSWP is a cert I would like to gain myself at some point, ideally next year - so I shall watch this thread with interest.What you were saying about being told how to do something one way, I have no idea what the course material is like for OSWP, but I would say its always better to learn various ways. If you come across a situation where that one way you learned doesnt work (for whatever reason), I'm sure it would be handy having that other method to hand.
    I am neutral on the learning various ways suggestion. I really think it all just depends on the situation and a students past experience. It is 2016 and unfortunately/fortunately a lot of things have been automated over the years. I came into the course excepting much less than what I have so far obtained. I have learned a great deal of information. But the course is like a crawl, walk, and jog. So it is kind of baby step walking your way through the material. Would I prefer that? Why not? But I don't mind it. I am sure I have come across sections where I was like they could of omitted this. Then I came to the understand that everyone is going to enter the course at certain levels of prior experience, so it all made sense. Two of the prior SANS training events I've attended touched on wireless. One more than another. But this course goes into much more detail than either event combined. Not taking away from the events but this is strictly a wireless course I am taking. So I can't compare potatoes to tomatoes. So leaning more than one way is a great idea. Like anything depending on your prior experience depends on if you want to hear/read something you already know. Although, getting something pounded in your head will help you to memorize it. Moral of the story you are absolutely correct.
  • GirlyGirlGirlyGirl Member Posts: 219
    Today was a great day. I spent more time in my virtual machine today than I did the readings. This doing the commands and labs is really slowing me down, but I think it's worth it. I went through 24 pages but did hours of time in the VM. I kind of would of preferred it to be the other way around but it is what it is. With the readings, excessive lab time, and notes I think I am setting myself up for success. I know I am going to shoot myself in the foot and fail the exam the first 5 times. I said that to say this, if I can't crack WEP I am going to email every certification provider and tell them to revoke all my certs. icon_lol.gif I hope all that starts well ends well. I don't want to take away from the respect that OS has in the industry so I am sure that the exam isn't easy. I just through a little humor into the equation. With my luck they will change to WPA/WPA2 the day before my exam. As slow as I am going I should take the exam about July of 2018. No really, maybe next week. We shall see. The course has grown on me, I like it and I never thought I'd say it. I know people are interested in the course, which is great. I would definitely suggest it. Join me. It is more for learning, the experience, and enjoyment. I am getting all of the above
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    "With my luck they will change to WPA/WPA2 the day before my exam." That's the last few sections of your exam guide. As of Saturday the test had both WEP and WPA2 on it. If you want to get more into wireless, both enterprise WPA security, or other protocols, the book "Wireless Hacking Exposed" is an amazing resource.
  • GirlyGirlGirlyGirl Member Posts: 219
    BlackBeret wrote: »
    "With my luck they will change to WPA/WPA2 the day before my exam." That's the last few sections of your exam guide. As of Saturday the test had both WEP and WPA2 on it. If you want to get more into wireless, both enterprise WPA security, or other protocols, the book "Wireless Hacking Exposed" is an amazing resource.


    Thanks. I appreciate the recommendation. I don't foresee myself getting more into wireless after this course. I personally don't see a big demand for wireless professionals. But, the education and training is needed. I say needed because I would rather be able to wear more than one hat. If I am brining A, B, C, D, E, F, and G to the table I can negotiate my salary. Especially if you are only looking for A, B, C, and D. Everything I learn/want to learn is based upon job security. If I can't get a job being a system admin I can be a server admin. If I can't be a vulnerability scanner I can be a SOC Analyst. If I can't be a penetration tester I can be a Jr Linux Admin. Not saying I am or can do all of what was mentioned but I do have and will continue to build on skills where If I can't find a job doing one thing I'll be able to find a job to another and that's a fact!
  • GirlyGirlGirlyGirl Member Posts: 219
    My PM said he's going to approve my 560 course on tomorrow. I am going to do OnDemand maybe in January. Just depends on what I have going on. I have classes that start in January as well. Work, school, sleep, gym, and 560 will be difficult. Not impossible but difficult. Considering I have to pay for the course out of pocket, the quicker I pay for it the quicker I get my money back. At least most of it anyway. They are only paying about 5k. Win/Win for me So the heck with this OSWP course I am doneicon_cheers.gif. They can call that money I paid an investment. LOL

    Just playing. After you get past the "introduction" stuff in the (first half of the) document it's more commands and lab time. So I thought I was going slow before, I am really slowing down on progress. It's not a big deal. I like commands. I personally learn more doing commands and seeing the output/failure rather than just reading something out of a book. Sometimes I find myself being more of a visual person. I have taken excellent notes so either way I am setting myself up for greatness.

    If a turtle and a rabbit finishes the race at two different times who completed the race?

    Well, they both did. How you finish the race doesn't matter (unless you are in the Olympics). It's to me about just finishing the race.
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    GirlyGirl wrote: »
    Everything I learn/want to learn is based upon job security. If I can't get a job being a system admin I can be a server admin. If I can't be a vulnerability scanner I can be a SOC Analyst. If I can't be a penetration tester I can be a Jr Linux Admin. Not saying I am or can do all of what was mentioned but I do have and will continue to build on skills where If I can't find a job doing one thing I'll be able to find a job to another and that's a fact!

    Finally, someone who takes the same approach I have been. I've been able to move between the technical to non-technical side of InfoSec several times, and it's paid off. For now I'm settling into GRC and will probably stay for a while, but I'm challenging the GPEN soon and Pentesting will be my backup skill set. Am debating on adding in some cloud knowledge too since my employer seems big on *aaS.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    I'm having 101st flashbacks reading your post.

    Awesome progress on your endeavor. I look forward to reading your updates, even with the 2 scoops of hooah in every post
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • GirlyGirlGirlyGirl Member Posts: 219
    I'm having 101st flashbacks reading your post.

    Awesome progress on your endeavor. I look forward to reading your updates, even with the 2 scoops of hooah in every post


    You are funny. Coincidentally enough I was in the 101st. I actually have been paying on a storage container in Hopkinsville since 2010. You'd think they'd offer me a stake in the business by now.

    kaliboy,

    We have a rendezvous with destiny!
  • GirlyGirlGirlyGirl Member Posts: 219
    JoJoCal19 wrote: »
    Finally, someone who takes the same approach I have been. I've been able to move between the technical to non-technical side of InfoSec several times, and it's paid off. For now I'm settling into GRC and will probably stay for a while, but I'm challenging the GPEN soon and Pentesting will be my backup skill set. Am debating on adding in some cloud knowledge too since my employer seems big on *aaS.

    It's not much of us left around! I have been lucky with SANS courses somewhat. The first SANS course I ever took I paid out of the pocket. I was hooah. To be honest I was trying to break into security. Everyone I knew had Security+, CEH, and a few other entry level "security certifications". I was like I really have to stand out from the crowd, it's a competitive world. So I paid for the course out of pocket. It may have been a few hundred dollars cheaper than they are now but expensive is expensive. It's like someone saying a (2016) Mercedes CLS or BMW 7 Series. Both are expensive, you just have to find what works for you. Other than the paid course I've been fortunate with jobs willing to pay the majority of it and/or being a facilitator. The company I am with now has the best beneifts package I have ever had in my life (besides for the military). So if for nothing else, I'll stick with them.

    I personally doubt I'll ever apply to facilitate again. I don't know. Maybe. When you facilitate you get to see/here/read the good, bad, and ugly. One thing I don't like about facilitating is sometimes you pick A, B, C, and D course (I forgot how many picks you get). A, B, and C you get an exam attempt. D you just get a thanks for coming you were in this course. That basically means absolutely nothing to me. I need a cert attempt icon_twisted.gif. Guess what my luck will be ? You guessed it. We only need a facilitator for course D, thanks for coming you were in this course. NO thanks, I'll pass icon_lol.gif Good luck on the challenge. I wish you the best.
  • GirlyGirlGirlyGirl Member Posts: 219
    I just went ahead and reserved my date/time for this month for the exam. That will put the pressure on me.
  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    Good luck on the exam! Its really not difficult at all, you can do it!
  • TampaITTampaIT Member Posts: 7 ■□□□□□□□□□
    Hope you knock it out !

    Looking forward to your update about passing.
Sign In or Register to comment.