Community Manager at Infosec!
Who we are | What we do
OSCP journey starts 4/29/17, Lets go!
Comments
-
Blucodex Member Posts: 430 ■■■■□□□□□□Update. Finally rooted 20 boxes. I see that my previous post says w/o Metasploit. Well, I don't have 20 manually but I don't care I'm just stoked I got to 20 and knocked down Pain which wasn't too hard after all. Test is scheduled for 4/27. Next goal is to get to 30 roots with knocking over humble and severance prior to test date. Feeling pretty good compared to where I was a few months ago and still have 3 weeks to prepare.
Manually rooted Alice, Alpha, Barry, Beta, Dotty, Mike, Pain, Phoenix, and Suzie. The rest I just haven't came back to try manually as I've been focused to getting into more boxes. -
JoJoCal19 Mod Posts: 2,835 ModGood work Blucodex!Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Blucodex Member Posts: 430 ■■■■□□□□□□Thanks JoJo. Been a lot of fun the last go round since I've been able to spend more time in the lab. Knocked out Core today manually. Time to shop for patio furniture before getting back to more boxes.
Small world, went to a local security meetup Friday and ran into a guy with his OSCP. He ended up not only being in the TechExams OSCP Discord channel but DM history shows we talked in July of last year when we both started the class. What are the odds? -
Blucodex Member Posts: 430 ■■■■□□□□□□Exam date is coming up this Friday at 3pm. I feel a lot better than I did last time but could use more lab time. I'm only up to 24 roots at the moment and LP shells on Gamma and Bethany. Also working on Sherlock at the moment. I definitely need better post exploitation enumeration. Heck, I could use better everything
My May is pretty booked between a work trip, vacation, and the Cisco CCNA CyberOps scholarship. Current plan is to sit the exam, if I fail, chew through the month of May while fitting in some Vulnhubs. Either sit the exam again, or purchase another 60 days of lab time and finish all (hopefully) the rest of the boxes and sit the exam. -
Blucodex Member Posts: 430 ■■■■□□□□□□I ain't dead yet. Been super busy at work and have had a lot on my plate. I am now able to get back focused on the OSCP. Currently working through HTB free boxes. Will update again when I get more boxes under my belt. Current goal is to sit for the exam sometime after BH/BS/DEFCON week. Probably late August or early September.
-
JoJoCal19 Mod Posts: 2,835 ModWoah he lives!! Good luck man.Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework -
Mooseboost Member Posts: 778 ■■■■□□□□□□I ain't dead yet. Been super busy at work and have had a lot on my plate. I am now able to get back focused on the OSCP. Currently working through HTB free boxes. Will update again when I get more boxes under my belt. Current goal is to sit for the exam sometime after BH/BS/DEFCON week. Probably late August or early September.
HTB is definitely a great way to go. If you do well on there, you will do well in the labs. IMO some of the HTB boxes were tougher than the exam machines. -
Blucodex Member Posts: 430 ■■■■□□□□□□Mooseboost wrote: »HTB is definitely a great way to go. If you do well on there, you will do well in the labs. IMO some of the HTB boxes were tougher than the exam machines.
I've heard that as well. I just want to do the low budget option to get better before taking the exam or buying more lab time. -
Blucodex Member Posts: 430 ■■■■□□□□□□Update: Been back in the labs for another month and some change. I am up to 35 boxes completed and 33 of those done manually. I'm going for the exam again on 4/19.
This has been a very long on and off again journey but I am motivated to get this done right now. Since I started my OSCP I started and finished my Masters, earned a ton of blue team certs, and had a few job changes. Looking back I can say these labs have helped me immensely in my career even though I have not completed the certification. I don't have another training until 7/27 so hopefully now is when I become... OSCP
-
EANx Member Posts: 1,077 ■■■■■■■■□□Good on ya for not giving up. The whole point of a cert is to have independent verification of knowledge but it's the knowledge that's key and it sounds like you're making use of what you've learned.
-
Blade3D Member Posts: 110 ■■■□□□□□□□I'm thinking about starting my journey back up as well. I've just been so busy recently.Good luck!Title: Sr. Systems Designer
Degree: B.S. in Computing Science, emphasis Information Assurance
Certifications: CISSP, PSP, Network+, Security+, CySA+, OSWP -
Blucodex Member Posts: 430 ■■■■□□□□□□Update: Sat for the exam yesterday and was able to get 3 root shells and 2 low-privs. Just submitted my exam and lab reports. If all goes well I will finally be OSCP certified by the weekend.
-
Infosec_Sam Admin Posts: 527 AdminBlucodex said:Update: Sat for the exam yesterday and was able to get 3 root shells and 2 low-privs. Just submitted my exam and lab reports. If all goes well I will finally be OSCP certified by the weekend.
-
Blucodex Member Posts: 430 ■■■■□□□□□□Infosec_Sam said:Blucodex said:Update: Sat for the exam yesterday and was able to get 3 root shells and 2 low-privs. Just submitted my exam and lab reports. If all goes well I will finally be OSCP certified by the weekend.
No snags at all. Assuming you are referring to environment behavior. -
Blucodex Member Posts: 430 ■■■■□□□□□□OSCP certified!
Wow, this has been quite a journey for me but it worked out for the best. Since I started I've really dug into InfoSec and have achieved my MS in Cyber, GCIA, GMON, GCIH, CCNA CyberOps, and a few other lesser known certs. I've also had two job changes and started to learn scripting and forensics. It's been a busy but amazing ride.
My best advice for those new to this subject is to stay calm and enjoy the journey. This is very much a self-paced learning experience with the icing on the cake being an industry respected certification. You'll get out of this what you put in.
I know these resources have been sprayed around but I'll put a few of my favorites here:
HTB/VulnHub Writeups: https://www.hackingarticles.in/
Enumeration Tools/Techniques: https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html
Directory Enumeration Tool: https://github.com/maurosoria/dirsearch
Windows Privilege Escalation: https://www.fuzzysecurity.com/tutorials/16.html
Linux Privilege Escalation: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
SecLists: https://github.com/danielmiessler/SecLists
Raj Chandel's blog is a great resource for beginners to get a feel for the process on attacking boxes.