OSCP - Start Date 28/5/17

Chard26Chard26 Member Posts: 49 ■■□□□□□□□□
Hi Guys,

Finally decided to bite the bullet and go for this awesome certification. I have my start date of the 28th May, also have the VM setup and ready to go. Connection to the lab environment has been tested and successful.

I am pretty much going into this blind, I have some experience in pentesting but not a lot, I would like to be able to take this cert and make my way to a full time pentester. I am currently in a NOC as a firewall engineer, and doing this off my own back, so my evenings and weekend will be full of study and hacking away in the labs.

Any advise would be appreciated :)

Thanks Guys
Chars

Comments

  • packetphilterpacketphilter Member Posts: 85 ■■□□□□□□□□
    Good luck! I don't have any advice, but I was curious if there's a deadline to start your lab time once you purchase the course. For instance, if I purchase the course with 90 days lab time, do I have to start within a month, two months, or could I start it six months later if I wanted?
  • Chard26Chard26 Member Posts: 49 ■■□□□□□□□□
    Hi Packetphilter,

    When you register for the course you are given a selection of dates to choose from (theses are usually 4-6 weeks advanced). I guess they do this to keep a steady stream of people in the labs. When you have selected your date and gone through the Proof of ID process they send you links for the VM download and test connectivity to the lab environment. Once connectivity is confirmed you then send payment, and your access to the labs start from the date you chose in the registration phase. I would suggest that you plan to register and pay when you think you are ready to tackle the lab, as your access will be cut off 90 days from the day you pick. Or you could just bite the bullet like i did and jumped in with both feet :D

    Thanks
    Chard
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Good luck! You mention you've had some pen testing experience. If so, you should do ok here. As a NOC/Firewall Engineer, I would have otherwise knee-jerked into suggestion brushing up on Linux and Windows administration a bit, since it's pretty heavy in the systems side. :)

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • Chard26Chard26 Member Posts: 49 ■■□□□□□□□□
    Hi LonerVamp,

    Yeah i think Linux and Windows Admin is on the weak side for me, as i mainly use windows/Linux as a tool rather than administering it. My previous pentest experience was basically shadowing one of the pentesters from my old job when i showed interest in pentesting at my old workplace. That being said i hope to spend up to the start of my Lab date, watching videos on Cybrary and also watching walkthroughs of VMs from Vulnhub and follow along myself. Hopefully this will give me a good starting ground and concept of how things will come during my lab time.


    Thanks
    Chard
  • dariooshdarioosh Registered Users Posts: 3 ■□□□□□□□□□
    Let us know how you get on. I'm preparing to CREST CPSA and OSCP will be my training for CREST CRT. I have good Windows and networking (Cisco) background but have to learn all the other stuff required for mentioned exams. If things go right with CPSA I'll start OSCP Sept this year.
  • Chard26Chard26 Member Posts: 49 ■■□□□□□□□□
    Hi Darioosh,

    Crest Certs are on my list to do after the OSCP. I think there is a way you can use your OSCP to get one of the CREST Certs, but I will probably just take the CREST Exams.

    Thanks
    Chard
  • unkn0wnsh3llunkn0wnsh3ll Member Posts: 68 ■■□□□□□□□□
    Hi Chard26,
    Good luck on your journey,
    I have sent PM to you. :) lets catch up soon,

    Cheers
  • adrenaline19adrenaline19 Member Posts: 251
    It's impossible to over enumerate.
    If you think you've enumerated enough, you are wrong.
    That goes for after you've popped the box too.

    Also, don't be shy about playing with code you get from exploit-db.

    Lastly, it's okay to pop a few boxes with metasploit in the beginning. Just so you get your legs under you. Once your confidence is up, try popping them without the crutch.

    Good luck!
  • Chard26Chard26 Member Posts: 49 ■■□□□□□□□□
    Hi adrenaline19,

    Yeah that was my plan, to have a go on a few of the low hanging fruit with Metasploit first and then to re-pop them manually.

    Thanks for the advise on Enumeration, that seems to be the big key here.

    I get my lab access and course materials this Sunday, cant wait :D:D

    Think i will also use this thread as a blog and keep myself accountable to the community(more of a lurker than a poster :) ), which in turn will keep me motivated (hopefully)

    Cheers
    Chard
  • Chard26Chard26 Member Posts: 49 ■■□□□□□□□□
    Hi Guys,

    Just a quick update, been working through the course material, and taking it nice and slow, i don't want to miss anything.

    Most fun part i think has been the buffer overflow section of the course, after following Muts and seeing the shell come back on your nc listener was just amazing.

    I realised quite quickly that i will have to do additional research into most of the topics in the course. So I decided to sign up to Pentester Academy for extra curricular activities :) I have followed Vivek from the early days of SecurityTube when he did the Wifi and Metasploit courses.
    I will watch the network pentest, web app and buffer overflow from Vivek.

    Other than this i have been busy with work so I am only able to put in 2-3 hours per day Monday to Friday and 10-14 hours Saturday's and Sunday's.

    I will collate any useful links i have found for other OSCP'ers that might find them useful.

    Thanks
    Chard
Sign In or Register to comment.