Higgsx wrote: » Hello all. Last year I passed GCIH exam with 87% score. Since then I dream about taking PWK training and passing OSCP exam. Recently I managed to find money to invest and buy the PWK labs. I read almost every review about OSCP on the internet and my preparation plan was based on that. 1) I read Georgia Weidman's book - Penetration Testing hands-on hacking 2 times2) I downloaded 8 or 9 vulnhub machines(OSCP like machines-all linux) and rooted almost everyone(with a very little bit help of walkthroughs), I learned many things. 3) I did 3 linux machines on the hackthebox. Also did some challenges on root-me.org 4) refreshed my skills in linux by reading LPIC-1 book and playing with Arch linux I also have some more preparation in my mind but I think I'm just starting to over-prepare. I have plan this year: OSCP->SLAE->OSCE My background: I've a job at national CSIRT team and I have almost 2 year web application penetration testing experience, Also 1 year experience in malware analysis.I know basics of python. Coded many things. Also I know C language very well including some linux kernel syscalls. Also coded little bit assembly code. I know basic instructions(mov,add,xch,sub etc) and linux/windows memory layouts. I know what is stack,heap,.data,.bss,.rodata sections and so on. What is your advice? Which is better, start today or wait for a while and prepare more before buying PWK labs?
airzero wrote: » From the sounds of it you'll be pretty prepared for the PWK. I'd say to just go for it, take your time working through the material and then spend as much time in the labs as you can. As long as you learn from your experience in the labs you can be successful in the exam.
GirlyGirl wrote: » I buy e-books like candy. I just go to amazon and do the one click buy, 1 minute later I can read them on my computer. I bought the book from Ms. Weidman and it was very introductory. One thing I personally didn't care for is the heavy Metasploit. The fact of that matter is, a tool is available for everything. With regards to penetration testing, hacking, or whatever name you call it a tool exists. Personally, If I wanted to know how to use Metasploit, I would buy a Metasploit focused book. That is assuming I don't know how. What I will say is that I never finished her book. Maybe it's a great book, I don't know. She got my money and I hope she spends it wisely. You said you downlaoded 8 or 9 vulnhub machines. We should be honest here. Vulnhub has "Easy" machines and "hard" machines. How do we know you didn't download 8 or 9 "easy" machines? I would like the machines names please. Just playing, or am I? No matter what website you name the level of difficulty is going to vary. So, it's hard to give an answer or recommendation on that. You say you did 3 Linux machines. You didn't say how you did on them. That is key information. It is better to over prepare than to under prepare. Why wait for tomorrow when tomorrow is not promised? What is the hold up? People have said that they had no experience and passed the exam. So, I am not sure experience or coding really is the difference between pass or fail. It just might make it semi-easier for some folks. It's enough threads on this site and 100x more on the internet that has enough information to keep you reading for 4 months.
GirlyGirl wrote: » I bought the book from Ms. Weidman and it was very introductory. One thing I personally didn't care for is the heavy Metasploit
Higgsx wrote: » Thank you guys so much for replying me. I'm so so so motivated to buy and start this awesome journey. I'll create a new thread about my journey when I start. I have one question about registration(I don't want to create new thread about that). 1) I have non-free email address from my employer but I don't want to use that(I don't trust their mail server ). I want to use Gmail email and register with my scanned ID. Is this a bad idea? I know it is permitted but I want to be sure this will not make me any problems in future
