CyberCop's OSCP blog

1235

Comments

  • MooseboostMooseboost Member Posts: 778 ■■■■□□□□□□
    I feel like I need to set a reminder to check this thread on Friday. It is like waiting on a movie you have dying to see come out.

    You have done an excellent job in the labs and I have no doubt that this will carry over into your exam. I fully expect to see a passing post from you.
  • HornswogglerHornswoggler Member Posts: 63 ■■□□□□□□□□
    Great progress! Looks like you have ramped it up significantly. As you get a routine down and more experience, it starts to snowball.

    You will nail this and you will own it. Hopefully the first try but I know you'll stick with it until that title is YOURS! Good luck on the exam tomorrow!!!

    Good call on doing the exercises and lab report. I quit once I got to the metasploit section (was like, if I can't use metasploit on the exam, I won't bother with this chapter). I took the exam and I was right on the bubble on points alone. During the 24 hours of reporting I scrambled to finish what I could and do the lab report on 10 machines all from my crappy notes. Luckily I took screenshots with the required info! I was so impressed with sufferance that I (somehow, thankfully) did an excellent write-up which I copied/pasted into the lab report with the 9 others. It was a little bit scrappy but was somehow enough points to pass (whew). Wish I had finished the exercises and lab report long before that point, lol. Knock it out tomorrow!!!
    2018: Linux+, eWPT/GWAPT
  • gphilipsgphilips Member Posts: 22 ■■■□□□□□□□
    CyberCop123,

    Just wanted to join the others and say Thank You for an uplifting and user-friendly review.

    Also, if I'm reading it right, the big day is tomorrow, so best of luck!
  • NEODREAMNEODREAM Member Posts: 124 ■■■□□□□□□□
    God speed my friend! This has been a joy to follow..hope to start my own progress thread one of these days ;]
    Goal: eJPT Mar. 2020 | GDAT May 2020 | eCPPT Dec. 2020
  • ansionnachclisteansionnachcliste Member Posts: 71 ■■■□□□□□□□
    Best of luck on the exam.
    You've inspired me to attempt this exam this year.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Mooseboost wrote: »
    I feel like I need to set a reminder to check this thread on Friday. It is like waiting on a movie you have dying to see come out.


    You have done an excellent job in the labs and I have no doubt that this will carry over into your exam. I fully expect to see a passing post from you.


    Haha that's so funny, I'm really glad you enjoyed reading my blog and hearing about the pain I was experiencing! It was really great to vent on here and also to look back myself to see the progress when I feel I'm not getting anywhere.





    Great progress! Looks like you have ramped it up significantly. As you get a routine down and more experience, it starts to snowball.


    You will nail this and you will own it. Hopefully the first try but I know you'll stick with it until that title is YOURS! Good luck on the exam tomorrow!!!


    Good call on doing the exercises and lab report. I quit once I got to the metasploit section (was like, if I can't use metasploit on the exam, I won't bother with this chapter). I took the exam and I was right on the bubble on points alone. During the 24 hours of reporting I scrambled to finish what I could and do the lab report on 10 machines all from my crappy notes. Luckily I took screenshots with the required info! I was so impressed with sufferance that I (somehow, thankfully) did an excellent write-up which I copied/pasted into the lab report with the 9 others. It was a little bit scrappy but was somehow enough points to pass (whew). Wish I had finished the exercises and lab report long before that point, lol. Knock it out tomorrow!!!


    Thanks Hornswoggler! At least you passed, that's the main thing! I've finished the exam... see next post for a little writeup.



    gphilips wrote: »
    CyberCop123,


    Just wanted to join the others and say Thank You for an uplifting and user-friendly review.


    Also, if I'm reading it right, the big day is tomorrow, so best of luck!


    That is right... I feel truely humbled that you and others have actually remembered/noticed the date. That's one reason why I really like these forums icon_smile.gif


    Thanks for the good wishes!



    NEODREAM wrote: »
    God speed my friend! This has been a joy to follow..hope to start my own progress thread one of these days ;]


    Thanks! If you do ever start your own then I will definitely read it. Thanks for reading and following my blog, really appreciate it.



    Best of luck on the exam.
    You've inspired me to attempt this exam this year.


    That is fantastic. There's so many great writeups, tips, information online so you'll have lots of help and support from people. It's a good journey. It's hard at times but never so hard that it feels impossible, just like solving puzzles really. The more you do it then the more you start to notice things like ports which aren't really worth looking at (at least initially), and also ports and services which just don't look right.


    Good luck with it all!
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Once again, I'd just like to say how great it is to have so many wish me well and also follow the blog. It's humbling really, as it was just something I thought a few people may just look at and ignore. But I'm glad to see some have enjoyed it and also found some inspiration and motivation from it.


    Before the Exam

    Well for days and actually around two weeks now I've been anxiously and nervously waiting for exam day. I spent most of the time in the two weeks before the exam finalising my lab report and exercises. I managed to do 1-2 solid days of hacking in the labs, but honestly felt a bit burned out by it and just wanted to do the exam... pass or fail I just wanted to try.


    This week was so difficult as I've been filled with nerves. I actually thought at one point it may really effect me as I'd be so nervous that I may just be held back.


    Exam day was yesterday, and I got up about 1030am... forced myself to stay in bed later than usual and to rest longer.. Exam time was at 12pm and the only thing I really did was set up a Microsoft Word Document which I wanted to use to **** screenshots in and make notes of the important breakthroughs.


    I also had prepared with food/drink etc... so that I could just concentrate on the exam.




    The Exam


    Exam time came, email arrived, managed to connect and get onto the VPN. It's funny as I'm sure everyone who has done the exam has this experience but even just connecting and reading the requirements was overwhelming. I had to actually just tell myself to chill out... I had 24 hours and that's a long time so I just took it easy.


    I started as people suggest on the Buffer Overflow machine. That's worth 25 points. About 2 weeks before the exam during the exercise writeup I had done 2-3 buffer overflows for the exercises, and had made really really good notes on it. I knew the commands, the process etc... So I had thought that this overflow was 25 easy points in the bag.


    However, I had made a ridiculous stupid mistake as I was rushing and for some reason had thought I shouldn't take more than two hours on this machine. The stupid mistake led to me being stuck on this overflow box for over four hours. At one stage I actually started to panic and think I had screwed the entire thing up already! Once again, I tried to calm down and eventually succeeded with this.

    ...


    I moved on then to the other boxes, and I managed to gain limited access to a Linux machine quite easily. I couldn't escalate this and despite trying to escalate for around 6-7 hours I just couldn't. I had to settle for low privileged shell. Another Linux machine I again got limited access. After about 4-5 hours I did manage to escalate this.


    I identified one of the hosts which was a good candidate for Metasploit and so I avoided any use of this until that one came up. I did try manual exploit but crashed the service and didn't want to waste reverts on trying to blindly exploit, so I saved this one for last.


    One of the other hosts was a Windows box and I got limited access to the host. This took absolutely ages, and around 2am I started to wonder if this was just the end as I couldn't find any vulnerability or way in. I wasn't tired but I was obviously struggling with sitting in front of a computer for 14 hours typing non stop as I started to make stupid mistakes and just go round in circles. I ran the same scans several times. I tried the same things 2-3 times. I tried things I knew wouldn't work as I was just running out of ideas. Eventually I found a way in. I spent around 6+ hours on the escalation and just couldn't get Admin access. Very annoying. I knew this was a weakness and I wish there was a way that OSCP could send me the answers as I just want to know how to do it, and I know that would probably teach me a lot.


    Around 8am I returned the Metasploit one and thank god this worked and I got straight into the machine.


    I worked in the end for just over 23 hours. I basically did my report during the whole exam. Scrappily adding screenshots, and notes of breakthroughs. At different intervals I'd return and tidy it up, adding some headings, and also 1-2 more screenshots. By the end of the exam the report was around 70% complete and just needed tidying up and changing from notes into sentences. In total it is 38 pages long.


    Around 11am, 23 hours after I started I decided to close the VPN and end the exam there as I just couldn't do anymore. I couldn't escalate two of the hosts despite trying for probably a total of around 10 hours.

    ...

    Have I passed?




    That is the question... I have just submitted my exam report and also the lab/exercises to offsec. Hopefully they will acknowledge this soon. They say they will within 12 hours. I guess they then check the results/documentation and let me know within 3 business days.


    I think I may have passed... I checked and checked the points I got and believe I achieved 80 points including 5 for the lab exercises. I can't be sure but if the low privileged shells are worth half points then I must have passed.


    I was also thinking, have I done anything wrong? Have I used a banned tool, have I used metasploit more than once? I'm sure I didn't but I'm paranoid and just anxious to know if I've done enough.


    So the thread remains open as I wait to hear my fate! I will post back as soon as I hear, thanks again for all your support, and also for reading and following.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    Great write up. Sounds like you're damn close!
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Blucodex wrote: »
    Great write up. Sounds like you're damn close!


    Thanks... Turns out you were right...


    I PASSED


    Very very relieved to have passed as I believe I had achieved 80 points but was stupidly paranoid that I had made a massive mistake somewhere. I had re-read the exam instructions and the process about 100 times and even had the guide printed. But still I was worried they'd come back and say I missed something stupid or that I'd done something wrong. So very very happy to have passed, it was something I really really wanted and never imagined achieving as it seemed so far away when I first started four months ago.


    What Next



    Well, I am very close to paying for the CISSP exam and starting to seriously study for that. I may well sign up for it this week and try to pass within 12 weeks. This one's difficult as for the OSCP getting motivated was easy, in fact I was always motivated and at times spent 12+ hours per day workign on it. With the CISSP the subject matter I find quite boring and dry. But career wise I think it's worth it and having flicked through the book there's stuff there to learn.


    Thank You

    I've said it before, but thank you to everyone for posting here, for having an interest and for reading. It helps, it really does. This was a blog, somewhere for me to vent, and to note down a breakthrough, so it was a great outlet for me, and was brilliant that people took an interest and followed the progress.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    My Tips for OSCP wannabes


    There's about 100000 blogs and posts about tips and advice so I won't go on about this too long. But for me:


    enumerate, enumerate enumerate - I used to hate this phrase as I didn't know what it meant. I learned within the last 3-4 weeks that it just means keep digging. For example you've done all your scans but got nothing... keep digging, try to scan the web service with a bigger directory list, or do another nmap scan to see if the ports opened/closed are different. Check wireshark, is it doing anything weird?


    the host is vulnerable - at times it felt like the lab machine was super secure but a good attitude is to keep remembering that there's a hole somewhere, at least one. Also there's other students that have found it. It's there, keep trying to get it.


    Rotate lab machines = I usually had about 5 that I was hacking at a time. So one day I may focus on 1-2. I may then leave them alone for 4-5 days as I'm getting nowhere. Then I will continually come back to them.


    GitHub - I should have done this earlier, but I set up my notes on there and it's been far far better than anything I've used. Github files can be named .md for mark down, meaning you can very easily format things so they have nice pretty boxes around syntax and code. I have files named buffer_overflows.md and smb.md so anytime this comes up I look at the page and can see the syntax to use.


    Keepnote - A very very frustrating application and one that I wouldn't recommend to anyone. I was using the WIndows version. So Kali on one screen, Keep note and browsers on the other. It crashed a few times and had a stupid glitch where it stopped allowing me to copy from the notes. SO I would have to re-type ANYTHING within the notebook rather than copy it out and paste somewhere. Seriously, there MUST be better note taking software than this.

    Use the forums - Some of the forums do give hints. The majority of the times they don't tell you the answer, but they do confirm you're on the right track. For example, you may be trying and trying to hack the web front end of the machine, and when you check the forum you can discover that yea you're on the right track. The alternative is that you "waste" hours and hours on the wrong part of the host. Without the forums I think I would have found all the answers, but time is limited, I wanted to learn what was there to learn and move on. I didn't rush, I didn't go to the forums first, I went there after quite a while of trying.


    Note Taking - I've said before my note taking is appalling, absolutely abysmal. I paid the price as the more hosts I hacked the more I lost track. I looked back and I knew how I had hacked the machine but couldn't remember what order I did things, what commands, what things I entered. I probably wasted 8+ hours in total re-hacking machines I had previously covered. So if you're bad a tnote taking fine... but once you hack a machine, just stop for 10 minutes and write down clearly what you did.


    Post Exploitation - I think I missed out on 3 roots due to my poor post exploitation. I initially didn't see any point in checking IP addresses,and checking the users on the computer. Tha twas because I was stupidly ignorant of the fact that the OSCP lab is a network. There's a domain controller, there's a default gateway, there's domain admins, etc... I was narrowly thinking "Yea I hacked it... next computer". I missed out on users passwords, and some of the structure. I got most of it in the end, but I made it so much harder for myself.


    Do the exercises - These are a goldmine of knowledge. There's answers in there for the lab machines, they guide you towards finding holes in some of the systems.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • johndoeejohndoee Member Posts: 152 ■■■□□□□□□□
    Congratulations!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    Well deserved.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    johndoee wrote: »
    Congratulations!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    Well deserved.

    Thank you very much! Very pleased to have done this and passed icon_cheers.gif
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • hal9k2hal9k2 Member Posts: 77 ■■■□□□□□□□
    AWESOME MAN!! GREAT WORK!!

    I followed you from first posts, now I am on my own start of this journey. I hope it will end same good as yours.

    Again Big Big congrats!
  • TeKniquesTeKniques Member Posts: 1,262 ■■■■□□□□□□
    Congratulations on the pass!
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    Congrats! CISSP is pretty easy compared to the OSCP. With your experience I would study 4-6 weeks.
  • jortjrjortjr Member Posts: 8 ■□□□□□□□□□
    Congratulations! How many total hours did you study? Lab time?
  • Info_Sec_WannabeInfo_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□
    Congratulations!!! I've been taking a peek at your blog every now and then to get myself motivated. I plan to take the OSCP in roughly 2 to 3 years time. Well deserved! bowing.gif
    X year plan: (20XX) OSCP [ ], CCSP [ ]
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    hal9k2 wrote: »
    AWESOME MAN!! GREAT WORK!!


    I followed you from first posts, now I am on my own start of this journey. I hope it will end same good as yours. icon_thumright.gif


    Again Big Big congrats!


    Thank you very much for that! Really appreciate you following. Good luck for your OSCP studies, there's tons of good advice out there and the OffSec forums are good too for hints and to know you're on the right track.


    Fingers crossed you have a good smooth journey and pass as the end! :)





    TeKniques wrote: »
    Congratulations on the pass!


    Thank you! It's still sinking in icon_cheers.gif





    jortjr wrote: »
    Congratulations! How many total hours did you study? Lab time?


    Good question...


    I signed up for 90 days initially but was not in a rush. My plan was to spend 30 days of that doing the PDF and watching the videos, making notes and really learning the content. I stuck to this although I should have done the exercises at the same time as that would have helped me loads.


    After about 90 days I had hacked around 26 machines. I wanted to get to at least 30.


    As a result, I extended for 30 days. Within that 30 days I hacked another 10 lab machines, and also did all the exercises and completed my lab report.


    I did put a lot of work in, but it was enjoyable work. It wasn't like I was dreading going on to the labs. I was the oppositte where I almost felt I was overworking. It's easy to get motivated (I found anyway).


    Good luck if you plan on doing it!



    Congratulations!!! I've been taking a peek at your blog every now and then to get myself motivated. I plan to take the OSCP in roughly 2 to 3 years time. Well deserved!


    Thanks Wannabe! I'm sure when you do get round to doing the OSCP you'll have a great time. It's funny as people say you'll miss the labs. I feel a bit like I've said goodbye to a loved one. It wasn't the fact the labs were amazing (which they were) but it's the fact that all the time I was doing them I felt I had something really important to get on with. Now it's over, I'm sat around wondering what to do with myself!
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Blucodex wrote: »
    Congrats! CISSP is pretty easy compared to the OSCP. With your experience I would study 4-6 weeks.

    Thanks for that advice. It's so confusing as some say "No way, you need to study for around 6 months". Others say less, like 6 weeks or 10-12 weeks.

    I'm also confused by what people mean when they say "Infosec experience".

    I was a PHP/MySQL web developer for 4 years, I studied IT in college/University and also have worked in digital forensics for 3 years. None of that is "security" really.

    But then I look on LinkedIn and around me at those who have CISSP and they know very little about IT. But then I guess it is a management certification and business type one.

    Hard to say. I will have a think and try to book exam at some point soon to start the studies.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • srocky26srocky26 Member Posts: 39 ■■□□□□□□□□
    Congrats! I'm probably never going to take the exam, but I do enjoy reading about the journey. You put the work in, you deserved to pass!
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Congrats CyberCop!! I throughly enjoyed following your journey from start to finish. I know you're trying to knock out the CISSP (probably for resume reasons), but what is next for you in the pentesting realm? Plans to go for OSCE?
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • ansionnachclisteansionnachcliste Member Posts: 71 ■■■□□□□□□□
    Congratulations.

    Do you think this is possible with doing a couple of hours every night for 90 days?

    Basically, studying for this while working a full time job and keeping the missus happy :P.

    Off the top of your head, how many hours have you out into this?
  • jortjrjortjr Member Posts: 8 ■□□□□□□□□□
    Congratulations.

    Do you think this is possible with doing a couple of hours every night for 90 days?

    Basically, studying for this while working a full time job and keeping the missus happy :P.

    Off the top of your head, how many hours have you out into this?
    Good question...


    I signed up for 90 days initially but was not in a rush. My plan was to spend 30 days of that doing the PDF and watching the videos, making notes and really learning the content. I stuck to this although I should have done the exercises at the same time as that would have helped me loads.


    After about 90 days I had hacked around 26 machines. I wanted to get to at least 30.


    As a result, I extended for 30 days. Within that 30 days I hacked another 10 lab machines, and also did all the exercises and completed my lab report.


    I did put a lot of work in, but it was enjoyable work. It wasn't like I was dreading going on to the labs. I was the oppositte where I almost felt I was overworking. It's easy to get motivated (I found anyway).

    Good luck if you plan on doing it!

    This is what cybercop posted.
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Congrats, good job, and good luck on your future!

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    Congratulations, your thread gave me anxiety. After reading and going through everything I look back to your first posts. Do you feel you have a better feeling of a process now? A methodology per se? I know this is something you struggled with at first. A few other questions.

    It was very concerning to hear about being stuck on a machine for 10+ hours trying to get a low priv shell. Any idea why it takes so long?

    Any additional resources for enumeration? Your last post described the way I feel very much, that no one really explains it in this context. They either talk about enumeration from the context of a real life test with linkedin and other stuff that won't exist in the lab, or they focus on one tool or the other.

    Do you have any advice on improving in your weak point area? Escalating privileges was yours, and I could see in part due to a lack of enumeration, but is there anything else I should know?
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • saeriansaerian Registered Users Posts: 3 ■□□□□□□□□□
    Thanks for that advice. It's so confusing as some say "No way, you need to study for around 6 months". Others say less, like 6 weeks or 10-12 weeks.

    I'm also confused by what people mean when they say "Infosec experience".

    I was a PHP/MySQL web developer for 4 years, I studied IT in college/University and also have worked in digital forensics for 3 years. None of that is "security" really.

    But then I look on LinkedIn and around me at those who have CISSP and they know very little about IT. But then I guess it is a management certification and business type one.

    Hard to say. I will have a think and try to book exam at some point soon to start the studies.

    Congrats on passing your exam!!! I'm taking a similar approach in that I'm taking my time going through the videos/pdf before tackling the labs. It's rough, because I really want to jump in ... but I have no prior experience with pen testing so I need to learn the basics. I'm hoping to finish going through the material by next week, and then fully jump into the labs. It's extremely encouraging to see that someone with a similar approach was able to get through it all and pass.

    The CISSP is more a business/managerial/procedural based exam. Depending on your experience (just like with any other exam), you can push through the material quickly, or it could take you longer.

    So, funny story. Last year I accepted a job position overseas, on the condition that I pass the CISSP within six months of hire. Getting the CISSP was already something I wanted to get anyway, so I agreed. Went through the hiring process, accepted the offer. On the morning I was going to give notice, I got a call from the new job. The position requirements changed, the CISSP was needed on hire. They wanted me to take the exam that week... I was able to get them to give me three weeks.

    At this point, I hadn't started preparing at all. First week I didn't do much studying, but really pushed the material hard the last two weeks. My test was scheduled at a testing center about an hour away from where I lived, so I stayed at a hotel the night before and stayed up late pushing through practice questions. The next morning I took the test. I finished in about 2 hours, and passed.

    I'm pretty sure I only was able to pass that quickly because of my background. I had about 3 years experience as a network administrator, and then almost 2 years in INFOSEC doing certification and accreditation in a couple of different roles. This helped tremendously, a lot of stuff on the test were things I had learned about/experienced while working.

    The CISSP exam has changed recently, not the content but the actual exam format itself: https://www.isc2.org/Certifications/CISSP/CISSP-CAT

    Here are the resources I used to study..

    Eric Conrad Books:
    https://www.amazon.com/gp/product/0128024372/
    https://www.amazon.com/gp/product/

    Cybrary Course:
    https://www.cybrary.it/course/cissp/

    CCCure Questions:
    https://www.freepracticetests.org/quiz/index.php

    I hope this helps!
  • t17hhat17hha Member Posts: 52 ■■□□□□□□□□
    Congrats! I knew you'd pass and welcome aboard!! icon_wink.gif
  • NEODREAMNEODREAM Member Posts: 124 ■■■□□□□□□□
    Amazing job! These threads motivate me so much, especially when it ends with a win!

    I really want to dive in, but I think I'll start off with baby steps and begin with the eJPT. I have very limited InfoSec experience (only around 1.5 years) and 0 on the offensive side of things.

    Good luck with the CISSP, I'm sure you'll do just as well.
    Goal: eJPT Mar. 2020 | GDAT May 2020 | eCPPT Dec. 2020
  • meni0nmeni0n Member Posts: 68 ■■■□□□□□□□
    Congrats on passing. You mentioned forums you were using to see if you were on the right track. What forums were you using ?
  • hal9k2hal9k2 Member Posts: 77 ■■■□□□□□□□
    meni0n wrote: »
    Congrats on passing. You mentioned forums you were using to see if you were on the right track. What forums were you using ?

    I am currently on PWK course and I believe he was talking about OSCP forums where access is only allowed to people that bought course and labs access. This forums has a lot of important stuff related to the course and labs boxes. However big spoilers are being moderated by forum admins, but anyway they can get you on track.
Sign In or Register to comment.