Finally starting the OSCP!

chrisone · February 2017

Wow! so all in all this journey has taken you almost 3 months! that is pretty quick! I hope you get that well deserved pass, looks like you were beasting through hours and hours of study.

p@r0tuXus · February 2017

chrisone wrote: »

Wow! so all in all this journey has taken you almost 3 months! that is pretty quick! I hope you get that well deserved pass, looks like you were beasting through hours and hours of study.

He has some threads dating back to May of 2016 signalling the prep for this exam. It was no doubt hard work and dedication to do everything needed to get to this monumental point of tribulation. Surely, with all the work and lab-time, he nailed it. Also, I noticed he's taking his exam with 2-3 weeks to spare in case he needs to re-take the exam... I'm assuming.

Excited to get to tackle this too, but I'm just on the outset of his own timeline and always watching for these OSCP threads. They're exciting!

chrisone · February 2017

I hope I can complete OSCP within 3 months, after I finish eCPPT. I start OSCP in April and want to have both eCPPT and OSCP completed before blackhat where I will be taking Darkside Ops Custom pentesting course. Hopefully eCPPT is good enough prep/pre work that will help me finish within 3 months

p@r0tuXus · February 2017

chrisone wrote: »

I hope I can complete OSCP within 3 months, after I finish eCPPT. I start OSCP in April and want to have both eCPPT and OSCP completed before blackhat where I will be taking Darkside Ops Custom pentesting course. Hopefully eCPPT is good enough prep/pre work that will help me finish within 3 months

How is your experience with the eCPPT course? I was considering that as well and had hoped there were more videos/labs than slides, based on the ejpt course I'm doing now.

chrisone · February 2017

I think eCPPT is good. I had taken PTPv2 back in 2013 and failed the exam. I was under a lot of pressure at the time working on a Nexus Data Center core replacement and my career was strictly network engineering. Now I am fully security dedicated and I came back to finish the job with eCPPT lolThe information is good, the slide format has big text and it seems like the slides only use 40% of the browser real-estate. That combination causes the user to click through loads of slides and clicking back and forth to cross reference topics is a pain. I highly enjoyed the Systems module. Going through Architecture fundamentals, Assembly language, Debuggers, buffer overflows, shellcodes was interesting. I had to go over the systems module twice in order to get those concepts. That is after going through it back in 2013, which obviously to be fair, I don't remember much from back then. I think most people would get a little frustrated or find that module hard, but at the end of the day I feel good somewhat being able to understand it. I think the only things that will translate or help me with OSCP would be the Networking module and bufferover flow/shellcode topics from elearn. Many say OSCP does not entertain web pentesting topics like elearnsecurity does. So when I tackle OSCP I am hoping to progress well knowing I don't have to focus on XSS, SQL Injections, etc. nevermind I stand corrected

OSCP HOLDERS CAN

Use multiple information gathering techniques to identify and enumerate targets running various operating systems and services.
Write basic scripts and tools to aid in the penetration testing process.
Analyze, correct, modify, cross-compile, and port public exploit code.
Successfully conduct both remote and client side attacks.
Identify and exploit XSS, SQL injection, and file inclusion vulnerabilities in web applications.
Deploy tunneling techniques to bypass firewalls.
Demonstrate creative problem solving and lateral thinking

McxRisley · February 2017

Those people who said that the OSCP does not contain web pentesting topics are wrong lol. It does in fact have web pentesting topics and A LOT of the labs are web app based.

Mike7 · February 2017

Wow! Impressive! I look forward to your review.

OSCP is still on my to-do list, but I want to do eCPPT first.

chrisone · February 2017

McxRisley wrote: »

Those people who said that the OSCP does not contain web pentesting topics are wrong lol. It does in fact have web pentesting topics and A LOT of the labs are web app based.

Ah ok my mistake, so it did cover a lot of xss and sql varities? What about any assembler exploit development?

TeKniques · February 2017

McxRisley wrote: »

Those people who said that the OSCP does not contain web pentesting topics are wrong lol. It does in fact have web pentesting topics and A LOT of the labs are web app based.

Congrats on the pass. I was wondering the same thing who was talking about that ... not only in the labs but the exam definitely has web application things.

chrisone · February 2017

sorry I misread someone elses post. Disregard

McxRisley · February 2017

I received my official confirmation of passing the OSCP today! This has been one of the greatest and most challenging experiences of my life to say the least. As promised I will give a brief review of the exam and my final thoughts in a coming post but for now I am going to take a break and stare my confirmation email for a bit haha

chrisone · February 2017

DUDE! Well deserved! we all knew it the moment you posted your score lol Ah man I start my jouney in 4 weeks! Can't wait!

AHHHH! "must have this done before Blackhat/Defcon"

Great work once again, much respect!

McxRisley · March 2017

*****PWK COURSE REVIEW*****

This course was by far the toughest and greatest learning experience of my life, it will literally crush your soul if you let it. I had planned to start studying for it mid last year and did so for a couple of weeks and then got involved in other things. I didn't really buckle down on it until mid November of last year. So all in all it took me around 3 months of studying and working my ass of on VMs from vulnhub and the labs. I came in with almost no scripting experience and left with some but what I can do now is read scripts and alter them to my liking (I plan to remedy this by doing some heavy python work), this course is also VERY web app heavy when it comes to the lab machines. I came into the course with some decent web app skills and it paid off (insert zaids udemy courses plug for 1000th time here). One thing in particular about the web apps in the lab though is that I only really got to use Burp effectively once, could I have used it more than once? Yes, but it wasnt needed. I kept my usage of metasploit to a bare minimum in the labs but I did use it a handful of times. Let's face it, metasploit is a badass is tool and is very fun to use. One thing I did use A LOT througout the course is msfvenom and the multi handler exploit, these 2 things combined are a god send and very handy for the labs. DO YOUR EXERCISES AND LEARN THEM! My usage of netcat and FTP was also key to my success in the labs, you will become very familiar with pentestmonkey(or at least you should). Another crucial thing while doing this course, if you figure something out and dont quite understand why or how it works, FIGURE IT OUT! Understanding how and why things work is a big part of this course and will aid you and applying that method effectively later on in the course as well.

*****EXAM REVIEW*****

My exam was tough, I started off strong getting my 10 point box without the use of metasploit and getting a low priv shell on one of my 20 point boxes. I spent the next several hours getting nowhere so I decided to go ahead and finish the buffer overflow box up and within less than an hour secured another 25 points. I then spent the next 12 hours spinning my wheels and feeling hopeless and defeated. There was one exam machine in particluar that was taunting me the entire exam, it had a web page on it with a long binary string that translated to "only n00bs can't pwn me"....... This infuriated me. Then finally in my last 2 hours, when i had all but given up, I found something and hit my stride again. I rooted the box that had been taunting me and then in another 45 minutes rooted my other 20 point box giving me a grand total of 75 points not including my lab report or exercises. The feeling this gave me is indescribable, I had done it, I conquered the OSCP. After submitting all of my local and proof.txts I decided to call it and finish up my report instead of working on my last 25 point box. I finished up my report and sent it off before my exam time was up. My report was a grand total of 220 pages and included the lab report, all of the course exercises and my exam report.

One thing I noticed a lot of people saying in thier reviews is the neccessity of scripting your scans. I can assure you that this statment couldnt be farther from the truth and is not needed. If you feel the need to do this, then go right ahead but it is not a necessity.

Also for those wondering, the use of metasploit is limited in the exam. You may only use metasploit ON ONE SYSTEM ONLY. You can not poke around with it on every machine, once you fire it off against a machine, that's it. Thats is now your one metasploit target. However the use of msfvenom/meterpreter and the multi handler exploit is not limited, you just cant use any post modules with your meterpreter shell if that machine is not your one metasploit target. All of this is explicity detailed in the exam rules. If you have already passed the exam at an earlier date and are reading this, the rules have changed since you last took it.

*****DISCLAIMER*****
What I am about to say may offend or upset some of you, but hey, the truth hurts. So if you're a softie this next paragraph isn't for you.

*****FINAL THOUGHTS*****

So I originally came into this course basically knowing nothing and wanting to prove that anyone can do it, but throughout my time in the course and dealing with some of the other students or those who were hopeful in one day taking the exam I noticed a few things and I would like to express my opinion on these things. I know this contradicts my original thought process but THIS COURSE IS NOT FOR EVERYONE. I spent over 40 hours a week on this course, I have literally never worked harder for anything in my life than I did for this course. If you can't devote the majority of your time to this course, DON'T SIGN UP FOR IT. There are people who have been taking this course for close to a year or longer just to give you an idea of the amount of time and dedication it takes. Also another thing I noticed is that people were skipping the pdf and videos and going straight to the exercises, only to get stuck on simple things that they would have known if they would have just took the time to do the exercises, so for the 100th time I'll say it again, DO YOUR DAMN EXERCISES!!!!!!!!! I met people who were better than me in a lot of areas but would get stuck on simple things because they hadn't done thier exercises.

Ok now that I'm done ranting, I wana thank everyone whoever helped me out or gave me a nudge during my time in the labs. I also wana give a special shoutout to my bros from the Techexams discord, rex0r, hexcartel, swagger, and mindcrank. I owe my success to them and thier helpful nudges in my time of need in the labs. This has been one of the most rewarding things I have ever done and I am so happy to have earned my OSCP.

So what's next for me? Well im currently going to hone my scripting skills in python and other languages through pentesteracademy.com while searching for my next pen testing cert. I'm currently considering either the GPEN or GXPN, so if you have any input on these courses and thier value compared to OSCP I would greatly appreciate it.

p@r0tuXus · March 2017

This was the post I was waiting for. Excellent job. I appreciate the brutal honesty and complete description of your labs/exam experience (minus DQ details). I can't wait to see what you decide to do next.

McxRisley · March 2017

I just updated it for you to contain some DQ details.

thegoodbye · March 2017

McxRisley wrote: »

So what's next for me? Well im currently going to hone my scripting skills in python while searching for my next pen testing cert. I'm currently considering either the GPEN or GXPN, so if you have any input on these courses and their value compared to OSCP I would greatly appreciate it.

The GPEN/GWAPT will be a waste of time and offer very limited additional information that you haven't already taught yourself in the OSCP. From here on out, you'd only be looking at 600-700 level Pen Test courses from SANS. Anything in the 500 series/below will feel level to you. You would learn more advanced concepts in the GXPN/OSCE, but these courses are geared more towards exploit researcher/developer than penetration testing. I'd still say they're worthwhile, however.

Looking at the certs in your profile, I'd actually suggest looking at the CCNA or equivalent. Some of the best pen testers I know have really good network skills and you will be limiting yourself without them. You may also want to consider holding on your next decision until you land a pen test gig(assuming you haven't yet). You can assess your skillset once you have a job in the field to make a better decision on what certs or skills you need to improve. A good question to ask during the interview process is if there is a gap or skill that their team wishes they had, or are looking to address. You can dive into that area and make an immediate impact.

Mooseboost · March 2017

Congrats on the official pass! Great write up too!

mindcrank · March 2017

thegoodbye wrote: »

Looking at the certs in your profile, I'd actually suggest looking at the CCNA or equivalent. Some of the best pen testers I know have really good network skills and you will be limiting yourself without them.

I'd have to second this statement.

EANx · March 2017

I've never known a great pentester that wasn't at least a good network nerd. If you don't have at least CCNA level knowledge, you're limiting yourself.

McxRisley · March 2017

I may end up getting a Cisco cert or two eventually, but I can assure you that my networking knowledge is not lacking

Boy_Wonder · March 2017

McxRisley, As creepy as this may sound.. I got a little teary eyed reading your review, because I feel like we followed you all the way through your blood, sweat, tears and frustration. Thank you Thank you Thank you! so much for give us the drive and light to fuel this fire! Congratulations sir! you deserve every bit of that certification.

LaSeeno · March 2017

Got approval for the OSCP. After I sit for the CISA in May I'll be signing up! Congrats on your pass!!!

Dr. Fluxx · March 2017

Congrats.
This was a fun read!!

McxRisley · March 2017

So early on in this post I had mentioned a Red Team position that I was trying to get and I wanted to give an update on my current job situation. The Red Team position didn't end up working out for me and I'm a bit sour about it. When I had initially talked to the company they said that I was too jounior but if I passed the OSCP they would talk to me. Well I passed the OSCP and contacted them again only to be told that they had filled a number of junior positions and that they were only looking for more senior people now. They wouldn't even interview me like they said they would and I also find it hard to believe that they filled 10 junior positions in 2 months, but whatever none of that matters because I was able to get an even better offer from another company which I accepted yesterday morning. After months of hard work and persistence I have finally reached my ultimate goal that I set when I started this journey, to become a professional Penetration Tester. [Insert sappy sentence about how dreams really do come true here lol] Anyways this will be my last update on this post, thanks again to everyone who helped me and supported me through this journey.

Mefistogr · March 2017

Congrats McxRisley!!!!!!

JoJoCal19 · March 2017

Congrats McxRisley! Isn't that the absolute best? Getting knocked down by your current company and then getting an even better opportunity from another and leaving them. Same thing happened to me when I worked at BoA. Kept getting the shaft for years when they would just fill the positions externally so I knocked out my CISSP and got a much better position and 40% pay raise at their biggest competitor.