Not Another OSCP Blog
ottucsak
Member Posts: 146 ■■■■□□□□□□
I have "officially" started OSCP again. This will be my second attempt, as I tried and failed miserably 4 years ago due to my lack of drive, inexperience and lazyness. This failure made me fear and respect the OSCP, so I have avoided it until now. Due to possible future changes in my work/personal life, I have to accelerate and boost my career a bit. The first step was getting a cloud security certification, the second will be tackling the OSCP and the third will be becoming a CISSP.
My preparation for the OSCP was completing the eLearnSecurity PTP course, which refreshed my pentesting skills and showed me that I can do offensive stuff if I want to. As I said earlier, I failed because I was lazy, so I will try to go all in this time. Read all the chapters, complete all the exercises, root as many machines as I can and try harder. I have no lab time currently, I'm writing the scripts for the exercises 'offline', so I will just need to run them once I renewed and anything that I can do without the labs (DNS or the bash scripting) I do it now.
Currently I finished 50% of the book including both stack overflows and plan to renew my lab right after I finished all the videos. Right now, I have no problems with the materials or the exercises, either I got much more experienced or I'm actually investing time into studying instead of blindly pwning the lab machines. Either way, I'm eager to get back into the labs and gain more experience.
My preparation for the OSCP was completing the eLearnSecurity PTP course, which refreshed my pentesting skills and showed me that I can do offensive stuff if I want to. As I said earlier, I failed because I was lazy, so I will try to go all in this time. Read all the chapters, complete all the exercises, root as many machines as I can and try harder. I have no lab time currently, I'm writing the scripts for the exercises 'offline', so I will just need to run them once I renewed and anything that I can do without the labs (DNS or the bash scripting) I do it now.
Currently I finished 50% of the book including both stack overflows and plan to renew my lab right after I finished all the videos. Right now, I have no problems with the materials or the exercises, either I got much more experienced or I'm actually investing time into studying instead of blindly pwning the lab machines. Either way, I'm eager to get back into the labs and gain more experience.
Comments
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com
Updates:
I had a 90 days lab voucher from 3 years ago, but it expired. I contacted the Offensive Security support and they renewed it for $180, so I don't need to spend $600 for labs again. I plan on starting tomorrow, exercises first.
Meanwhile I also completed Penetration Testing with PowerShell Empire on Udemy and did some hands-on exploitation. Still haven't watched all the videos, but plan to do it today at work.
2019 Goals: CISSP, Splunk certifications (Certified Core, Power User, Admin, and Architect)
Twitter: https://twitter.com/Malware_Mike
Website: https://www.malwaremike.com
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
Progress update: 18 machines down, including Pain and Bethany. These two were hard. Not impossible, but hardened in a funny way that you are forced to go down a path. I especially hate machines that have prerequisites. I already found 3 of them.
Anyways, looking forward to the weekend so I can make some more progress without interruptions.
Name of the fallen:
Alice, Phoenix, Mike, Bob, Bob2, Barry, Payday, Ralph, Pain, Leftturn, Bethany, Alpha, Beta, Gamma, Tophat, Dotty, Sherloc, DJ, Gh0st, FC4, Helpdesk, Susie, Oracle, Kraken, Hotline, Observer, Master, Jeff, Niky, Joe, JD.
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
Goals for 2019 : OSEE
Goals for 2020 : OSWE
securitychops: I have fun during the labs. On the exam my only goal will be to pass.
Do you have a date in mind for your exam?
Update: Fully compromised IT, but Dev gave me a brain meltdown, so moved on from the PWK labs to HackTheBox. I want to get as much exposure as I can get to make the exam a 'walk-in-the-park'. Got 5 machines down so far and everything is a tad harder than the OSCP labs. More CTF like, more up-to-date, BUT unfortunately more guesswork is required, which I really don't like.
I also wrote half of my lab report and it's super long. It's totally not worth the five points, but I will do it just to be on the safe side. Though I must say I will be rather disappointed the pass/fail depends on those five points.
I'm really good at all aspects of Linux/Unix including privilege escalation, but have harder time with maneuvering on Windows without Meterpreter. I can still pwn everything it just takes more time, so this is an area that I plan to focus on now.
Overall I feel ready for the exam, but I have to wait until the end of the month because there are no closer exam spots. I really hope that I will not fail, cause I don't want to wait 1.5 months again.
I feel you on this one, I think mine was around 142 pages ... but if you need those five points then it was time well spent!
Honestly I think the biggest benefit I got from doing the lab/exercise report was learning how to put together a report in the format they were looking for. If I had waited until the final exam to write the first report I would have been in a world of pain, but happily when it came time I had already suffered through the process and was able to roll through the reporting without much issue! So good job on doing those reports!
Good luck on the exam at the end of the month! It is corny I know, but I did find myself listening to their OSCP song ( https://vimeo.com/150495755 ) when I needed a gentle push. You got this!
* Side note, keep checking back on the exam scheduler as sometimes a closer spot will pop up due to a cancellation, etc and you can slide the exam closer.
Goals for 2019 : OSEE
Goals for 2020 : OSWE
Ouch, 142 pages is long. For me most of the value was in completing the exercises, I learned a few things that I would have skipped otherwise.
Thanks! I'm not too worried about the exam, if it's anything like the labs, I don't need to try harder, I just have to make sure that my enumeration is thorough.
Can anyone provide me some link to sample report of any single lab , i want to see how does real report look like .
LIke we have lab walkthrough available on you tube , i am looking for real sample reports as well
Thanks
How many Vulnb labs did u try , I can see there are many labs on vulnhub but mostly blog mention only 15 labs from there
Offensive Security provides report templates at the following location under Suggested Documentation Templates:
https://support.offensive-security.com/#!oscp-exam-guide.md#Suggested_Documentation_Templates
Goals for 2019 : OSEE
Goals for 2020 : OSWE