Blade3D wrote: » Good luck, wish I would have finished this cert. It definitely requires a good amount of time. I signed up for 90 days originally then 30 and another 30. I don't think I had the time to devote to this. I'm still interested in getting it eventually as the subject matter really interests me.
Blucodex wrote: » I was going to sit for the CISA in May but knowing I'll be starting my MS at WGU this fall I decided this may be the only chance I get to take this training (work sponsored) with plenty of free time. I've been reading the forums and think I have an idea as to how much time I will need to put in. I signed up for 90 days of lab access. This next month I'll be working on the boxes at vulnhub, reading, reading, and I'll be putting together a binder with commands, tips, and techniques that I learn this next 3.5 weeks. Any advice or relevant chat group recommendations are welcomes and appreciated. In a perfect world I'll get this done right before I head to DefCon this summer.
SteveLavoie wrote: » You know.. There is a time to chase girls, be stupid and party Also, your certs won't be listed on your tombstone. No one will care that you were MCSA 2016 in 2070
Blucodex wrote: » Well, tonight is the night. I won't get home until a few hours after my labs start so my plan is to download the PDF and get through the first 5-20 pages. Tomorrow I'll do some heavy reading and we'll see how far I get. I have 90 days of labs so my plan is to enjoy the PDF this week and hit the labs no later than next weekend. But we'll see, very possible I at least jump in for a few hours tomorrow after reading.
Blucodex wrote: » I was able to grab the proof.txt file from Alice. Am I correct to assume that once you have access to the System32 directory from CMD you have the system account? Learned a lot today through the lab manual and my own research. I feel like there is still so much to do with this box that I want to try out. So I'm going to try and accomplish a few more things before I call it a night. I still don't know if I've gotten shell access since this is all new to me but I did change the local Admin password. Haven't done anything with it yet though. Edit: I was able to verify I'm operating as the systemprofile.
saraguru wrote: » In case of windows, if the user you are logged in/having a shell is a member of either Administrators or System then it is fine I guess and in case of linux you must be root. Beware that in some cases you may be able to grab the proof.txt file without being a root or system user and that is not taken into consideration.
oscp wrote: » Glad to see an update after the first 30 days! We've got roughly 6 weeks til defcon! Now that you're done with the coursework and on to the lab, how would you manage your ~30 days of prep time in between paying and receiving the materials? I'm currently in that time window and am trying to prepare as efficiently as possible... I know this is vague and the answer probably differs person to person. But what were the most invaluable things you found helped you get ready?
LonerVamp wrote: » There have never been more ways to prepare for this course this year than at any other time. Between hack labs, CTFs, vulnhubs, other reviews and prep blog posts, and online courses...there's an absolute ton of resources today.
oscp wrote: » there's got to be a few well written books or something, no?
oscp wrote: » Agreed. My problem is really sifting through it all and figuring out what is worth using. There is way too much content and a lot of it is ehhhh. This is naturally a time sink so I'm trying to use my time as efficiently as possible. I'd rather use fewer resources that are thorough rather than collecting knowledge in a million fragments off different hacker blogs. Obviously that is an important data source but for learning the basics, there's got to be a few well written books or something, no? I wanted his perspective as I'm in a similar boat. I'm well aware of all the vulnhubs and hacklabs but I'm more concerned with materials like books and webpages that focus on teaching workflow, methodology, and underlying concepts of things, etc. I can read man pages of tools and vague blog posts all day long and attempt to practice in all the convenient ways out there. But trying to develop my own methodology from scratch is feeling really slow. It's quite possible this is just the stage I'm at and with enough sifting and practice all the pieces will feel a little more together and the process won't feel so confusing and abstract... Or maybe I'm just slow, and people in daily life are nice enough to not mention I'm an idiot
oscp wrote: » Agreed. My problem is really sifting through it all and figuring out what is worth using. There is way too much content and a lot of it is ehhhh. This is naturally a time sink so I'm trying to use my time as efficiently as possible. I'd rather use fewer resources that are thorough rather than collecting knowledge in a million fragments off different hacker blogs. Obviously that is an important data source but for learning the basics, there's got to be a few well written books or something, no? I wanted his perspective as I'm in a similar boat. I'm well aware of all the vulnhubs and hacklabs but I'm more concerned with materials like books and webpages that focus on teaching workflow, methodology, and underlying concepts of things, etc. I can read man pages of tools and vague blog posts all day long and attempt to practice in all the convenient ways out there. But trying to develop my own methodology from scratch is feeling really slow.
Dr. Fluxx wrote: » how many average hours would you both suggest to complete a 90 day run?
