Route to OSCP - non-techie

Yet another route-to-OSCP thread I don't come from a particularly technical background, so I thought sharing my journey may be of interest to others, especially anyone put off by the idea they have to be really techie to succeed. I hope I don't come to regret the last comment!

I feel fortunate to be starting this journey with no expectations. I don't need to pass for my job, so I'm going enjoy the learning experience.

Background:I have spent a few years almost exclusively in identity management and governance work.
I crave something more challenging and want to work in the cyber security space.
I don't have an IT degree so started a part-time Masters in Systems Security this year. One subject tracked EC-Council’s CEH course material. I passed CEH in March but was disappointed in the quality of this cert and went looking for something more substantial.
Then I found OSCP...

Preparation:These have been my resources and preparation activities.

Penetration Testing: A Hands-On Introduction to Hacking, by Georgia Weidman
This is a great book. OSCP garners a lot of respect due to its practical nature. Weidman's book takes the same approach, encouraging you to set up virtual machines and walk through practical exercises.

ITPro.tv, Cybrary.it, Youtube
Watched a few courses on pen testing and buffer overflows.I think I will return to these if stuck on specific topics such as client-side attacks, programming and scripting.

CEH v9
This gave me overview of pen testing methodology and a tour of the various tools.

HackThisSite.org
Worked through a few exercises. Not sure how valuable this was, but getting into a hacker's mindset surely helps.

Masters degree subjects
Recently completed courses on cryptography and digital forensics.I guess understanding cryptography concepts, password cracking, hash functions etc will help a little.As OSCP is a basic pen testing cert I doubt there will be forensic challenges such as hidden data in unallocated space or media, though I could be wrong.

Challenges
These are what I expect to be the biggest challenges.

Consistency and patience. 'A young bull and an old bull were at the top of a hill…'
Being new to this area I guess there will be a temptation to excitedly chase the first clue you find, rather than being patient and thorough in your scanning and enumeration, then rinsing and repeating til you squeeze every drop of info from your targets.I plan to develop some basic operating procedures to keep me on track.

Learning to discern what is of value and what is noise.
Experienced pen testers know what is high priority and what can be parked for later review. I haven't earned such experience so I will have to rely on some good documentation to help me.

Programming
I have no experience so expect so spend a lot of time on this.

Buffer overflows
These are twisting my melon! I have spent the last couple of weeks working slowly through some step-by-step examples.I hope familiarity with the exploit process rather than a deep understanding of memory theory will be sufficient for the test.

I signed up for 90 days which began last Sunday (16th July) and will post as I progress.Good luck to everyone else on the course.

Find more posts tagged with

Comments

JDMurray

mattf73 wrote: »

Buffer overflows
These are twisting my melon! I have spent the last couple of weeks working slowly through some step-by-step examples.
I hope familiarity with the exploit process rather than a deep understanding of memory theory will be sufficient for the test.

Have a look at my Ethical Hacking: Buffer Overflow course at Pluralsight. It's four hours of detailed explanations about everything buffer overflows with almost no code examples. It's a nice change from all the YouTube BoF videos that start right away with assembly language and debugger output.

You can sign up for a free trial subscription on Plualsight.com, or I can PM you a 90-day full-access code.

mattf73

Thanks JD. Buffer Overflows are coming up this week so I'll check this out.

mattf73

So...one week in.

The course consists of videos and almost 400 pages of pdfs. I'm about a third of the way through - just completed active info gathering and now starting vulnerability scanning.

I've being getting comfortable with enumeration tools - primarily nmap - and learning how to output the data in a format I can use later on.
I'm attempting all actions in the pdfs and videos as I go, plus the exercises at the end of each section. Then I run a few variations on them, look through the man files and see what other info I can mine.

The general approach seem to be to cast a wide shallow net, then focus in on interesting services. I made a mistake with an early scan that missed some machines - I fed the results into subsequent scans and it took a while to realise I wasn't seeing the full picture.
In future I'll check my inputs and outputs - a good lesson to learn sooner rather then later.

Fine tuning output via grep and cut is strangely satisfying. Some results don't seem greppable and for those I'm editing in KeepNote which has typical word processing functions.
My Kali directory is starting to look a bit of a mess with all the scan results. However the search functions are so powerful I'm wondering whether there is any need to tidy them up. For now I'm copying useful results to KeepNote to form the basis of reports.

Of my preparation Georgia Weidman's book has been the most helpful so far - it was reassuring to spot a well-known vulnerability that was covered in her book.

I expect this week to be tough as buffer overflows are coming up.

bladeism

mattf73 wrote: »

So...one week in.

The course consists of videos and almost 400 pages of pdfs. I'm about a third of the way through - just completed active info gathering and now starting vulnerability scanning.

I've being getting comfortable with enumeration tools - primarily nmap - and learning how to output the data in a format I can use later on.
I'm attempting all actions in the pdfs and videos as I go, plus the exercises at the end of each section. Then I run a few variations on them, look through the man files and see what other info I can mine.

The general approach seem to be to cast a wide shallow net, then focus in on interesting services. I made a mistake with an early scan that missed some machines - I fed the results into subsequent scans and it took a while to realise I wasn't seeing the full picture.
In future I'll check my inputs and outputs - a good lesson to learn sooner rather then later.

Fine tuning output via grep and cut is strangely satisfying. Some results don't seem greppable and for those I'm editing in KeepNote which has typical word processing functions.
My Kali directory is starting to look a bit of a mess with all the scan results. However the search functions are so powerful I'm wondering whether there is any need to tidy them up. For now I'm copying useful results to KeepNote to form the basis of reports.

Of my preparation Georgia Weidman's book has been the most helpful so far - it was reassuring to spot a well-known vulnerability that was covered in her book.

I expect this week to be tough as buffer overflows are coming up.

Goodluck bro!

I took time reviewing the materials as I remembered I finish it for about 21 days including the activity.

I skipped the activities that requires me to interact in the labs.

adrenaline19

Buffer Overflows aren't so bad. Off-Sec explains them pretty nicely in the material. It really is just a step by step process. Only worry about the step directly in front of you. Don't think past that point. If you write down the exact steps to do and tick them off as you go, you'll find it to be much easier than you assumed.

noyasystem

Great information you shared with us.
How is programming skill necessary to handle the process? or is it a must? I'm not good at it.

BuhRock

noyasystem wrote: »

Great information you shared with us.
How is programming skill necessary to handle the process? or is it a must? I'm not good at it.

You need to have basic programming skills. If you can read code and replace or change variables and logic in the code, the class will be a little easier.

Dr. Fluxx

Non techie?
"Building a high performance engine for the non mechanic."

If youre not a techie, you will be after this lol!

As far as the OSCP being a "basic" cert...cuz ive taken basic certs before (Security+, CCNA etc) and this thing is ALOT more challenging specific to the prep work and those ive spoken with who have it than anything ive seen before. Id call it a "basic" advanced cert. After all, it is OSCPs "entry level" cert.

I'm currently in preparation, based on others who have passed and Ive also built my own set of study materials...but a few questions.

Have you ever used linux/bash etc.

No programming...which im working on presently. Python to be specific and dude...it is a VERY powerful language (automate the boring stuff with python book)..i also thew in Black Hat python which is awesome! I also have violent python which i havent gotten to yet. Its overkill, but man, its alot of fun so its slowed my studies.

How much time did you spend preparing?
Cybrary is a REALLY good one also, you can find, while spread out, a huge amount of stuff on youtube and "security tube". Theres a good section on buffer overflows. Also, if you got to netsecstudents on reddit youll find a good amount of OSCP posts. And, of course google "Reddit OSCP" and youll find even more stuff.

You mentioned georgia widemans book and i have that also. In my research, ive found that hers is a great gook in creating a foundation for preparation for the OSCP.

Youve got balls as big as church bells to go in that way, but it might work out regardless.

mattf73

Dr. Fluxx wrote: »

Non techie?
"Building a high performance engine for the non mechanic."
If youre not a techie, you will be after this lol!

Thanks Dr! I'm perhaps exaggerating when I say I'm non-techie. I mean I don't come from a network admin, or SOC background, which I'm assuming is the profile of most students.

As for being a basic course. Yes you're right, it's advanced subject matter, but it is still the 'basic' PWK course. What I meant was, there are some pen testing concepts you don't need to know too deeply for this particular course, e.g. you don't need to code from scratch, mobile devices are out of scope, etc.

Yes I know my way around linux. I'm expecting to be able to re-purpose or build on the scripts in the training.

Cybrary is good, but as I already had Georgia Weidman's book I didn't spend too much time watching her videos. The book is fantastic as her exercises are quite similar to those in the course.

I'm trying to stay away from forums until I get stuck, in case I see spoilers.

mattf73

So, second week finished and it’s getting tougher.

The week was learning about vulnerability scanning and buffer overflows.

I think the use of vulnerability scanners is limited in the exam (maybe to a host or two? not checked yet) so I didn’t spend too much time on them. Just familiarised myself with the GUIs and ran some scans. These can be slow, so when I get into the labs I’ll try and make these more specific for faster results.

Most of the week was spent on buffer overflows. The training walks you through a couple of examples and gives you an exercise to try yourself. The exercise is simpler than the worked examples, but I made an error that cost me some time - my script was ok but I changed settings on my target when I reverted it. Of course I didn’t realise this at first, so spent quite a bit of time tracking my script through the debugger, scratching my head, writing variations, trying again etc...

Buffer overflows can can take some time to craft, so definitely need to get familiar with the process and potential issues to avoid losing too much time in the exam.

On a separate note my CISSP endorsement was accepted on Friday, which was a nice way to end the week.

Next up, exploits

mattf73

I finally finished the course materials and turned my attention to the lab machines.
I rooted one machine, cracked a few passwords etc and felt very pleased with myself. Then looked at the others and started to wonder what to do next.
Fortunately the PWK forums have a beginners walkthrough of one of their lab machines. This is invaluable in showing you need to enumerate and research absolutely everything. Makes me wonder whether 24 hours of exam time will be sufficient.

The learning really starts now.