My OSCP Epic Journey

So… I’ve decided to go after the OSCP certification and I decided to start a thread to journal my progress, efforts, frustrations, failures and ultimate success. I started this for the CISSP but never completed it (I wish I had stuck with it now in hindsight).
This was not a decision I made lightly and it only came after a few months of consideration and pondering during my wife’s imposed "summer vacation of NO STUDYING". Because I am goal driven, I tend to need a “big goal” to work towards in order to move forward. Without an overall goal or purpose, I tend to start lots of projects and then move on to something else without ever completing anything.
My overall plan is this:
1 – general focused study on “the basics” for 2017 Q4
2 – focused study on eCCPT during 2018 Q1
3 – focused study on OSCP during 2018 Q2
I’ve combed the forums and read the majority of OSCP threads for help in developing a plan. I’ve also read many blogs and articles from people who passed the exam (as well as those who have unsuccessfully attempted it and stopped). Below are the steps and progress I have made since October 1 (almost one month in). I’m not publishing the resources I have not started yet because that list is quite long…
Courses
Cybrary.it Course: Penetration Testing and Ethical Hacking by Leo Dregier
Source: https://www.cybrary.it/course/ethical-hacking/
Status: COMPLETED
Cybrary.it Course: Advanced Penetration Testing by Georgia Weidman
Source: https://www.cybrary.it/course/advanced-penetration-testing/
Status: COMPLETED
Zercool Wireless Penetration Series
Source: https://www.youtube.com/channel/UCX-K9aANFs6FLNNFP176nCg
Status: COMPLETED
LearnPython.org
Source: https://www.learnpython.org/
Status: COMPLETED
CodeAcademy Course: Learn Python
Source: https://www.codecademy.com/learn/learn-python
Status: COMPLETED
PentesterAcademy: Network Pentesting
Source: Network Pentesting
Status: IN-PROGRESS, currently on video 13/83
Udemy Course: The Complete Ethical Hacking Course: Beginner to Advanced
Source: https://www.udemy.com/penetration-testing/
Status: IN-PROGRESS, currently on video 14/113
Books
Nmap: Network Exploration and Security Auditing by Paulino Calderon
Status: COMPLETED (read)
Nmap Network Scanning by Gordon “Fyodor” Lyon
Status: IN-PROGRESS, currently on page 59
Penetration Testing: A Hands-on Introduction to Hacking by Georgia Weidman
Status: IN-PROGRESS, currently on page 180
Lab/Vulnerable VMs
Kali
Metasploitable2 – learning platform for the tools.
Windows XP, Windows 7, Ubuntu – loaded with various vulnerable software from exploit-db as I’ve followed along in courses and books.
VyOS virtual router – test nmap scans behind router configurations
This was not a decision I made lightly and it only came after a few months of consideration and pondering during my wife’s imposed "summer vacation of NO STUDYING". Because I am goal driven, I tend to need a “big goal” to work towards in order to move forward. Without an overall goal or purpose, I tend to start lots of projects and then move on to something else without ever completing anything.
My overall plan is this:
1 – general focused study on “the basics” for 2017 Q4
2 – focused study on eCCPT during 2018 Q1
3 – focused study on OSCP during 2018 Q2
I’ve combed the forums and read the majority of OSCP threads for help in developing a plan. I’ve also read many blogs and articles from people who passed the exam (as well as those who have unsuccessfully attempted it and stopped). Below are the steps and progress I have made since October 1 (almost one month in). I’m not publishing the resources I have not started yet because that list is quite long…
Courses
Cybrary.it Course: Penetration Testing and Ethical Hacking by Leo Dregier
Source: https://www.cybrary.it/course/ethical-hacking/
Status: COMPLETED
Cybrary.it Course: Advanced Penetration Testing by Georgia Weidman
Source: https://www.cybrary.it/course/advanced-penetration-testing/
Status: COMPLETED
Zercool Wireless Penetration Series
Source: https://www.youtube.com/channel/UCX-K9aANFs6FLNNFP176nCg
Status: COMPLETED
LearnPython.org
Source: https://www.learnpython.org/
Status: COMPLETED
CodeAcademy Course: Learn Python
Source: https://www.codecademy.com/learn/learn-python
Status: COMPLETED
PentesterAcademy: Network Pentesting
Source: Network Pentesting
Status: IN-PROGRESS, currently on video 13/83
Udemy Course: The Complete Ethical Hacking Course: Beginner to Advanced
Source: https://www.udemy.com/penetration-testing/
Status: IN-PROGRESS, currently on video 14/113
Books
Nmap: Network Exploration and Security Auditing by Paulino Calderon
Status: COMPLETED (read)
Nmap Network Scanning by Gordon “Fyodor” Lyon
Status: IN-PROGRESS, currently on page 59
Penetration Testing: A Hands-on Introduction to Hacking by Georgia Weidman
Status: IN-PROGRESS, currently on page 180
Lab/Vulnerable VMs
Kali
Metasploitable2 – learning platform for the tools.
Windows XP, Windows 7, Ubuntu – loaded with various vulnerable software from exploit-db as I’ve followed along in courses and books.
VyOS virtual router – test nmap scans behind router configurations
Give a hacker an exploit, and they will have access for a day, BUT teach them to phish, and they will have access for the rest of their lives!
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
Comments
My Advice:
- I don't honestly think you can "read" the Nmap book by Fyodor. You can scan it, reference it, flick through it to get an idea of functionality, but honestly, there's only so much syntax and output you can look at before you just lose track. I'd shelve it until you actively start to use nmap.
- Prioritise the Georgie Weidman book, it's virtually identical to the OSCP PDF and Syllabus. I read about 60+% of it before OSCP and had a great base knowledge when i started the OSCP itself.
- I watched some of the Cybrary Videos. Personally I enjoyed the Leo Dregier ones more than the Georgia Weidman ones.
- Do you know any python or shell at all? If so get a good base knowledge but don't go mental with it... a lot of whta you need to know is basic and is more about taking something and tweaking it a bit.
Don't be afraid to dive into the OSCP as it's an amazing course and I think if you delay it for the sake of doing others as preperation you'll end up wondering why you waited so long. Only delay it for other courses... IF you want to do those other courses first.
...
Vulnhub is definitely a brilliant resource. I wish I'd done more that before starting OSCP.
Good Luck!
2017: OSCP - COMPLETED
2018: CISSP - COMPLETED
2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting - COMPLETED
GIAC GREM - Reverse Engineering of Malware - COMPLETED
2021: CCSP
2022: OSWE (hopefully)
That sounds like a good plan, and it's a good idea to build a strong foundation. Good luck!
dr-fsmo - I started a list of vulhub VMs as I read the different threads and blogs. I started with this list and added to it: abatchy's blog | OSCP-like Vulnhub VMs
However, I'm not at the point of starting those - I'm focusing on metasploitable2 just to learn the basics.
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
A couple quick tips:
- It sounds like you have a good networking grasp, but if you don't, take a day or two to freshen up. I've seen a few people around here struggle with the basic idea of ports and such, or the idea of a dual homed system
- Georgia's stuff is good, and the book is even better than Cybrary. Make sure to read that one
- Add the Hacker Playbook (2) to the list .. It gives some good examples of various codes and stuff
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
I may change my study plan. I was looking at eCCPT for the purpose of helping me learn before attempting the OSCP. I've been looking at virtualhackinglabs.com and for the price, that seems like a viable option. It's only been out for awhile, so I know I'd be part of the "live beta launch crowd" but it might be worth it - you can't argue with the price...
I'll work on the Georgie Weidman book this week, Pentester Academy lessons (practicing along with my lab machines), and (maybe) test drive the virtualhackinglabs.com labs... I have The Hacker Playbook2 to switch between as I read and practice.
Courses
PentesterAcademy: Network Pentesting
Source: Network Pentesting
Status: IN-PROGRESS, currently on video 17/83
Udemy Course: The Complete Ethical Hacking Course: Beginner to Advanced
Source: https://www.udemy.com/penetration-testing/
Status: IN-PROGRESS, currently on video 40/113
Udemy Course: Burpsuite
Source: https://www.udemy.com/burpsuite
Status: COMPLETED
Books
Nmap Network Scanning by Gordon “Fyodor” Lyon
Status: COMPLETED (skimmed a few chapters like compiling nmap, deep magic on how nmap scripting works, and the reference guide)
Penetration Testing: A Hands-on Introduction to Hacking by Georgia Weidman
Status: IN-PROGRESS, currently on page 180
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
I also took the challenge and gained access to hackthebox. I haven’t done much there except poke around. I focused on the paid time I have with VHL.
I’ve read more from the Georgia’s book and completed some more of the Pentester Academy course.
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
So far, I've been impressed with VHL. It has given me a methodology to fit what I've been learning into. The course ware is built so they teach you a principal and then its up to you to research how to apply it. They have hints for the easier servers to help you along but I'm not planning on using those unless I'm really stuck. They could really benefit from having an IRC or forums or something.
I've put most of my free time this week into this course, and have gotten further than I thought I would. I will not make much progress this weekend.
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
I need more Mt. Dew.
VHL Rooted: steven, mantis
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
This is very much a research your own way through course. They added another server to the lab, so it's up to 33 boxes now.
VHL Rooted: steven, mantis, john
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
I upgraded the Kali distro yesterday as well. I didn't have this high on my list of to-do's, but after some unrelated research, it seemed like the easiest way to see if some latent issues would be resolved. Way easier than Windows...
I also found out what the /bin/bash^M: bad interpreter error message means (thanks Windows...). Sed came to my rescue and cleaned up Windows character return: sed -i -e 's/\r$//' enum-linux.sh
Enumeration, Enumeration, Enumeration... that seems to be my biggest repeating lesson...
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
One good thing is I (think) I finally have a method to keep my notes. I'm using OneNote and I've gone slowly from complete chaos to starting to get things organized.
I've learned more in the last two weeks in the labs than I have previously. Tomorrow is a new day!
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
Security+, eJPT, CySA+, PenTest+,
Cisco CyberOps, GCIH, VHL,
In progress: OSCP
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F