OSCP--Jumping in the ocean without knowing how to swim (#Ain't_Never_Scared)

2230622306 Member Posts: 223 ■■□□□□□□□□
Thats the motto I personally follow. so i signed up for the OSCP (90) days.

What did i do for prep? NOTHING, i tried my best to read books(after couple pages i stopped), watch the Georgia series from Cybrary (her voice is annoying so i stopped), practice on VMs (since i am paying for this course to give me the knowledge that i need to comprise VMs, Machines in the future, this didnt go that well, since i dont have that knowledge yet....,) I don't see a reason for me to prepare for a course that is supposed to prepare me.

so i plan on reading the PDF, watch the videos and do all the exercises within the first 2 weeks and then attack the lab.

there are about 376 pages (i am planning on reading about 27 pages per day) and about 8 hours of videos( i plan to watch the videos while at work)

so i plan to do majority of this while at work (about 8 hours a day)
so during the week i will dedicate about 8 hours a day and on the weekends about 10 on sat and 10 on Sunday.

This is how i quickly finished WGU (CCNA RS (2 parts) CCNA Sec, A+ and so on)

i will try to update this on a daily bases.

«13

Comments

  • atippettatippett Member Posts: 154
    Good luck... you'll need it
  • tcundifftcundiff Registered Users Posts: 2 ■■■□□□□□□□
    Hey 22306,

    I just enrolled in PWK myself 90 days will be starting 4 Mar, the book by Georgia Weidman is a very good resource for preparation I am using it, I don't have any experience in Pen-testing but I figured I could at least "Try Harder" and get the PWK course and OSCP Cert done. I am also in the NOVA area 22314 if you wanted to collaborate on getting it done let me know. Good luck
  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    tcundiff wrote: »
    Hey 22306,

    I just enrolled in PWK myself 90 days will be starting 4 Mar, the book by Georgia Weidman is a very good resource for preparation I am using it, I don't have any experience in Pen-testing but I figured I could at least "Try Harder" and get the PWK course and OSCP Cert done. I am also in the NOVA area 22314 if you wanted to collaborate on getting it done let me know. Good luck

    sure PM me

  • chrisonechrisone Senior Member Member Posts: 2,141 ■■■■■■■■■□
    22306 wrote: »
    What did i do for prep? NOTHING, i tried my best to read books(after couple pages i stopped), watch the Georgia series from Cybrary (her voice is annoying so i stopped), practice on VMs (since i am paying for this course to give me the knowledge that i need to comprise VMs, Machines in the future, this didnt go that well, since i dont have that knowledge yet....,) I don't see a reason for me to prepare for a course that is supposed to prepare me.

    I guess you will be upset that the whole concept of "try harder" is geared towards doing your own research and filling in the gaps that was purposely left out in the material. Every OSCP reviewer/blogger stated that in one way or another, they had to research elsewhere using other materials.

    Good luck!
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (completed)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eWPT (failed 2x, no further attempts), eCIR (complete), eCTHPv2 (report: awaiting results), eCPTXv2 (Dec)
    2021: AZ-500, AZ-104, AZ-204, AZ-303, AZ-304, MS-500
  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    chrisone wrote: »
    I guess you will be upset that the whole concept of "try harder" is geared towards doing your own research and filling in the gaps that was purposely left out in the material. Every OSCP reviewer/blogger stated that in one way or another, they had to research elsewhere using other materials.

    Good luck!

    researching is part of learning.

  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 515 ■■■■■■■■□□
    22306 wrote: »
    researching is part of learning.
    And it's also a huge part of pen testing.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2020 goals: AWS Security Specialty, maybe AWAE or SLAE, CISSP-ISSAP?
  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    i finally received the materials. i downloaded everything and i made back up copies. URL stays alive for 72 hours and if you lose the material, youll have to pay them 100 bucks for them to send you the material again. so what i did is i backed up all the files to different places. of course keeping them secure.

    i will be using vmware workstation 12 pro (thanks to wgu got it for free)
    once i downloaded the VM they provided me. i powered it on (created a shared folder between host and guest, makes it easy to share files) and once i had everything configured, i created a snapshot (for you all who are using the player, you can just create a backup of the vm folder and when you need to revert back. just delete the current vm folder and use the back up)

    they provide all the instructions that you need to follow.

    i started reading the pdf and watching the videos that correspond. reading the PDF itself might not make sense or it might be boring. so i am doing both at the same time. also having more than one monitor helps! trust me. i have 3 monitors and one is running the video and the other is running the PDF and the third one has word open for note taking.

    so far the PDF has been nice. they get right to the point. No fluff and also the dudes voice isnt as annoying as Georgia's. his tone shows that he enjoys teaching.

    page 61

  • cdxcdx Member Posts: 186
    *eats popcorn waiting for updates from OP*icon_cheers.gificon_cheers.gificon_cheers.gif
    Bachelor of Science - Information Technology - Security
    Associate of Science - Computer Information Systems
  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    yesterday i continued reading the PDF and watching the videos at the same time. Advice, READ AND WATCH at the SAME TIME. trust me itll make it easy for you. where the PDF lacks, the Videos come in handy and where the Video lacks, the PDF comes in handy. Even tho i just started. I already have picked up couple tricks. I cant wait to touch the Labs and see what i can do. One thing i learned from growing up and having a rough life.. NEVER BE SCARED to try. Even if you have tried and failed, Guess what? you sit back and see why you failed, plan a new way to attack and attack again.

    PS: a trick that always pushes me to try harder is that i schedule the exam before i start studying. so i already scheduled my exam date. Hopefully this will push me to learn and try even harder. i paid for 90 days so when exam day comes and if i feel that i am not ready, i might reschedule but i normally would take the exam (so far this has worked for me and i never rescheduled any exam and always passed)

    PDF page 107

  • supasecuritybrosupasecuritybro Member Posts: 206 ■■■■□□□□□□
    22306 wrote: »
    yesterday i continued reading the PDF and watching the videos at the same time. Advice, READ AND WATCH at the SAME TIME. trust me itll make it easy for you. where the PDF lacks, the Videos come in handy and where the Video lacks, the PDF comes in handy. Even tho i just started. I already have picked up couple tricks. I cant wait to touch the Labs and see what i can do. One thing i learned from growing up and having a rough life.. NEVER BE SCARED to try. Even if you have tried and failed, Guess what? you sit back and see why you failed, plan a new way to attack and attack again.

    PS: a trick that always pushes me to try harder is that i schedule the exam before i start studying. so i already scheduled my exam date. Hopefully this will push me to learn and try even harder. i paid for 90 days so when exam day comes and if i feel that i am not ready, i might reschedule but i normally would take the exam (so far this has worked for me and i never rescheduled any exam and always passed)

    PDF page 107


    I like your style!
    Completed: CISSP, GPEN, GWAPT, CCSA R80, eJPT, CySA+, M.S. Information Security
    Current Goal: CCSE
    Continuous Education Plan:​ AWS-SAA, OSCP, CISM
    Book/CBT/Study Material:​ Max Power
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,000 ■■■■■■■■□□
    You braver than me, I will not even considering attempting this certification until I master a Linux certification and get some Python knowledge first. I'm sure even without proper prep work, it's a very educational and beneficial course. However for me, I would like to try to ensure the greatest chance of success. On the bright note, it's really not that all expensive security training and certification. For $1,300 it's dirt cheap in my opinion when compared to some of the SANS security courses. Wish you the best of luck, I see you have a Linux certification, that will certainly help.
    Still searching for the corner in a round room.
  • E Double UE Double U Member Posts: 1,785 ■■■■■■■■■□
    @ 22306

    You might have more balls than brains...just like me! Good luck icon_cheers.gif
    Alphabet soup: CISSP, CCSP, CISM, CISA, GDSA, GPEN, GCIA, GCIH, GCCC, CEH, Azure Fundamentals, Azure Security Engineer Associate, ITIL 4 Foundation, and more.

    2020 goals: AZ-900, AZ-500, GDSA, ITILv4

    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
  • LonerVampLonerVamp OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK Member Posts: 515 ■■■■■■■■□□
    Just 2 tips... be sure to do (now or later) the exercises in the PDF. Doing them and turning them in will give you some bonus points for the exam. Depending on how you do things, you'll watch the videos, read the PDF, do the exercises while watching and reading a second time, and then re-watch and re-read sections several times as you do the lab. It'll be ok to not get 100% understanding of everything in there on the first go around.

    Second, stick to your first exam date. When you re-up for more lab time, you get another exam take along with it. You'll want to read the FAQ or forums to verify that, but I'm pretty certain that's how it works. With every re-up, an exam take should be spent. Good luck!

    And bonus...probably 20% of this course is about finding and honing your own style of note-taking, system attacking, and report-building. Start honing that early before going too wild in the labs. A good, thorough student, imo, will end up pwning many boxes several times, either to do better post-root looting, to do it more manually (as opposed to using only Metasploit), or to discover multiple ways in.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2020 goals: AWS Security Specialty, maybe AWAE or SLAE, CISSP-ISSAP?
  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    I did not read as many pages as i planned. Thats fine tho, i will make it up tonight. I will also do some of the exercises tonight and practice what i have learned so far. I am creating a bank of commands as i go. Maybe a **** sheet organized by tool (or i might change this depending on what methodology i follow to attack the labs.) and i am not sure if ill also make my own scripts or just use what i find. still VERY exited and Every single word i read, it makes me feel like this is achievable and it wont be as hard as it seems! Hopefully this weekend i will attack the section that is loved by everyone 'Win/Lin BoF'.

    PS: its very very hard fighting the urge to just attack the lab! but Everyone advises to fight the urge and finish the PDF and videos first and that is what i will do.

    PS PS: if you are planning on taking the course and you want to prepare, i think the best thing for you to do is download this PDF and read it and learn the basics from every sections mentioned. DON'T WASTE YOUR TIME LEARNING PYTHON AND other languages. Yes python is good but it is not needed for this course. YES it will be a plus but IT IS NOT NEEDED. so far the course went over a very simple python script and he explained it. even tho this course is hard but it is still considered an entry level cert. BTW this is my opinion so please don't try to argue with me about it.
    https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf

    page 132

  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    TechGromit wrote: »
    You braver than me, I will not even considering attempting this certification until I master a Linux certification and get some Python knowledge first. I'm sure even without proper prep work, it's a very educational and beneficial course. However for me, I would like to try to ensure the greatest chance of success. On the bright note, it's really not that all expensive security training and certification. For $1,300 it's dirt cheap in my opinion when compared to some of the SANS security courses. Wish you the best of luck, I see you have a Linux certification, that will certainly help.

    Right there with you buddy.
    No way in hell im going to do that.
    Once i complete my pre studies, of which im having alot of fun with learning btw, python, metaspoit, Georgia W book, Vulnhubs and a few other books, forgot to mention brushing up on my bash scripting, then ill go for it.
    I dont want to set myself up for failure.
    But then again, we dont know what the OPs prior experience (IT/proffesional) is.

    BTW, Linux + is a cakewalk. As in too easy. But, is a bulletpoint I suppose.

    BTW OP, how did you like WGU?
    Online Schools sort of scare me (ITT Technical Institute anyone?) unless its your standard type University Of Georgia/UCLA etc.

    This actually might be the wrong place to ask that question tho lol
  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    So i been gone for about 4 days now. this weekend, i worked on doing some of the exercises and also finished up windows BoF. OffSec does an amazing job explaining everything but of course its up to the reader to actually spend time in reading the PDF and also watching the video and doing the exercises. I read this section maybe 3 times and watched the videos and actually did the work. it doesn't really sound as hard as people make it sound. Since the exam has a windows BoF machine and its the one thats worth a lot of points. i will be spending time in really understanding what they are teaching me concerning this subject. I googled around and also found other resources but honestly i didnt really need to. now for Python, Offsec gives you a basic script that anyone can understand and they also explain what every line does. seriously they are literally holding my hands and walking me through this. It has been about a week now and i am in the midway point with the PDF. so this week i will finish up the remaining half and then attack the labs. ADVICE: fight the urges to attack the labs. seriously i get tempted at times but i got people who keep reminding me to finish the materials!

    PS: yes having basic understanding on how to use linux is good and will help you (things like LS, PWD,CD ./, CHMOD and so on)

    lol i hope i dont get slapped on the face once i start attacking the labs.

    PS PS: WGU and ITT Tech dont compare. one is non profit and the other is for profit one is regionally accredited and the other is nationally. you can save money and do BS with WGU and then do masters with a known school like penn state, GMU, ..etc

    Page 160ish

  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    Finally finished the materials yesterday and i rooted one of the easiest machines in the lab (Alice). next is PayDay. hopefully ill get to work on it today.. One thing ill need to work on is Priv Esc! loving the lab so far.

    PS: hopefully once i conquer the test. i will post a detailed post with resources and tons of info!

  • xxxkaliboyxxxxxxkaliboyxxx Member Posts: 466
    Awesome broski, just like the gym, hardest part is showing up! I like your style, no reason for all the ass grabbing like me and the C|EH exam. Good luck!
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • chrisonechrisone Senior Member Member Posts: 2,141 ■■■■■■■■■□
    Good stuff! Keep up the hard work! With your attitude its not a matter of IF but a matter of WHEN. icon_thumright.gif
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (completed)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eWPT (failed 2x, no further attempts), eCIR (complete), eCTHPv2 (report: awaiting results), eCPTXv2 (Dec)
    2021: AZ-500, AZ-104, AZ-204, AZ-303, AZ-304, MS-500
  • [Deleted User][Deleted User] Posts: 0 ■■□□□□□□□□
    I'm also studying for OSCP as well. Started back in Nov 2016 and still going! I may want to attempt the exam soon. Anyone with OSCP care to share any pointers or thought about how hard the exam is and things to focus on?
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Member Posts: 494 ■■■■■□□□□□
    How have you been "studying"? Is it hands on in your own home lab? or have you just been reading and not practicing? Have you registered for the course yet? You can't just take the exam, you have to register for the course and compromise a minimum of 10 lab systems before attempting the exam. The exam is 24 hours long, you will be given 5 boxes to compromise and each has a different point value. You can only use metasploit on ONE BOX ONLY. Also keep in mind that this course requires an enormous amount of time and dedication, it is attempted by many and passed by very few. I'm not trying to discourage you but just giving you a heads-up and making you aware of the commitment you need to make.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
  • BlackBeretBlackBeret Member Posts: 684 ■■■■■□□□□□
    "you have to register for the course and compromise a minimum of 10 lab systems before attempting the exam."

    You have to have registered for the course at some point in time in the past. I personally did it when it was still PWBv3. Otherwise, there is no requirement to compromise any boxes in the lab. The lab report is completely optional. It's only the exam report that is mandatory.
  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    its been about 9 days and so far i rooted alice, phoenix,bob, ralph, mike and i think i am forgetting another one. so far what i learned is to carefully read your results. and DONT assume. ALSO, at times with RFI, you have to pay attention to it being case sensitive. i spent whole Sunday trying to figure out why my RFI attack wasn't working and thanks to MrAgent who reminded me about case sensitivity and boom went down the machine. i know i am still going after the low hanging fruits. but it still feels good. BTW having the discord group chat is helping me ALOT! without these cool people in the group chat, i would be lost.

  • 2230622306 Member Posts: 223 ■■□□□□□□□□
    redworld wrote: »
    Is the OSCP Discord channel open or private? Last link I saw was no longer active.

    https://discord.gg/AQwaeGf

    its set on private but pm and i will send you the url

  • MefistogrMefistogr Member Posts: 17 ■■□□□□□□□□
    Hello 22306,
    How do I pm you?!? I can't see the appropriate icon
  • p@r0tuXus[email protected] Member Posts: 532 ■■■■□□□□□□
    Mefistogr,

    I think you have to have more activity before you can PM people. Probably a feature to keep spammers from creating accounts and buggering people. You need some more posts before people can PM you.
    Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
    In Progress: Linux+/LPIC-1, Python, Bash
    Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE
  • tcundifftcundiff Registered Users Posts: 2 ■■■□□□□□□□
    Hey 22306,
    could you send me an invite to discord? mrqs202 on gmail
  • MefistogrMefistogr Member Posts: 17 ■■□□□□□□□□
    I still can't pm you. I wonder if you are kind enough to pm me at : mefistogr on yahoo.com
  • gunmrgunmr Member Posts: 14 ■■□□□□□□□□
    Good luck, i hope you will pass the exam. i wondering how old are you?
  • Ignacio2019Ignacio2019 Registered Users Posts: 3 ■□□□□□□□□□
    I like this thread, 22306, and your posts so far. Please keep it up. I am starting PWK this Saturday April 1 and hopefully I'll have the last laugh.
Sign In or Register to comment.