Calling all Penetration Testing with BackTrack (PWB)/OSCP students!

ipchain

NS21 wrote: »

I just took the OSCP exam on Thursday (the 29th - 30th) and I got word on Saturday that I passed!

We must have been typing at the same time as I don't know how I could have missed your post. Anyways, congratulations on the pass and thanks for sharing your experience. I will certainly check some of the links you provided.

Great job!

chrisone

NS21 wrote: »

I just took the OSCP exam on Thursday (the 29th - 30th) and I got word on Saturday that I passed!

To sum it up.... snip.....
....

Thanks! this was pretty much the area (Programming) where this exam was sort of turning me off. I totally 100% understand the programming part of this course and I am willing to study for it. However it was getting a little frustrating with all the sites and books people on here were reference as a necessity to study for this exam. I am glad to know the course covers enough for one to understand the programming concepts. I am somewhat familiar with programing myself only from writing small code on course projects when i was in college, however it was never my passion so i never went hardcore study sessions on programming, however i can understand more or less what its doing if i buckle down and trace it out.

Thanks for the review, i wil be looking further into this towards the end of 2012, but i will be picking at the topics throughout the year , learning little by little as i go.

SephStorm

I am severely tempted to try this, and sooner rather than later. I could take the time off work but obviously not enough to get through a full 30 day attempt... And the price is restrictive, since I am trying to save this year...

YuckTheFankees

How is everyone doing with the OSCP so far? I'm starting in about 2 weeks!

rogue2shadow

Can't believe I haven't responded to this thread in a while lol. I'm "rogue2shadow" in #offsec. The course has definitely been a reality check and I've gained tons of new strats and tidbits as a result of being forced to fend for myself in their arena. My schedule is not the greatest but when I get the time to lab, I'm all in and intensely focused. Like everyone else, I highly recommend the 60 days or more because life happens and believe me it will happen again and again and again...

YuckTheFankees

I'm going to buy the 60 day lab and maybe add on the additional 15 or 30 days if needed. I'm pretty pumped.

ipchain

YuckTheFankees wrote: »

I'm going to buy the 60 day lab and maybe add on the additional 15 or 30 days if needed. I'm pretty pumped.

That's excellent news! We look forward to hearing about your experience. I've been in contact with r2s through IRC and I know he is lovin' it.

YuckTheFankees

I'm starting March 4th..wha wha! lol

Ill probably review buffer overflows and python over the next 2 weeks before I start.

ipchain

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

March 4th? That's almost here! I'm sure you will have lots of fun. If you do connect to IRC, feel free to PM me at any time. I may be away from the keyboard at times, but my psyBNC logs all the messages.

ipchain

I figured I would share this with you guys - I just extended my lab time tonight for (60) days. This is the last time I will be extending it, so I will definitely try my very best for the next two months or so. Hope to see you on IRC!

YuckTheFankees

How many days did you buy at first?

ipchain

I bought (30) days initially, but I would strongly recommend going for at least (90) days.

impelse

Where are you guys? How is the course?

I am waiting for my inscription, how long did you wait for the email to set the payment? I am still waiting for that email in my job email, I set 90 days...... I am very excited.

YuckTheFankees

I decided to study for the CCNA before I start OSCP...which has definitely helped my networking knowledge SO much. I can't wait until I can start.

I almost signed up one day and it took about a couple of hours for me to received the registration email.

impelse

I already registered and payed, I will begin March 17, the fun will begin....

lister

How does this course compare with Certified Ethical Hacker from EC Council?

And - how much perl do you have to know for this to be confident? I struggle with perl -

impelse

I took the CEH with ISSA, it teach you a lot but we never go deep and never know where to go. I read a lot of OSCP and everybody talk about the lab, lab and lab, that you try to hack the machines and the exam is more difficult. So when you mix the CEH theory plus the OSCP practice you see a pritty good picture.....

ipchain

Figured it's time for an update - How is everyone progressing? As for me, I have been successful at infiltrating Offensive-Security's lab environment and have compromised all of their servers. I am currently working on documenting my work and plan on taking the exam very, very soon.

This course has been a blessing in disguise and has forced me to give up quite a bit of sleep. I recommend documenting everything the first time around so that you do not have to come back to it. Again, I recommend getting at least 60, 90 days to start if not longer.

I shall keep everyone posted once my ego gets crushed by the OSCP exam.

impelse

For me I am stuck with a script to enumerate the users in a smtp service (VRFY), I've been trying to make it work and I will not move until I make it. I am glad I took the 90 days because it is taking a lot of time but it is good.....

I like to do all the exercises and the extra mile, slow but secure.

Psyco32

Got my course materials yesterday APR08 . Does anyone have a set schedule as how they are studying/going through the modules ?

impelse

In my case I read one module in the lab manual, then I watch the video, after those I do the exercises. It is a little slow but the video and the lab manual have some differences between them.

Psyco32

I noticed that also. Was wondering about it hence my question, if there was a certain order to the madness.

impelse

I think the order they set up is the right one. Yesterday I could make the smtp exercise, it took me 4 days, around 12 hours to complete it, but I did, good...... Try Harder.

ipchain

@impelse: There's quite a bit to be done in the labs, so I recommend not spending too much time on the scripts. The lab exercises are 'supplemental', but they are not required.

@Psyco32: I went through the entire lab guide, took notes and then watched all videos. I did this 2-3 times to ensure I had all concepts down before jumping into the lab network. I've seen other people doing it module by module, but you'll soon notice chapters 1-6 are not that advanced and should be sort of a 'review' to experienced InfoSec Pros.

On a different note, I shall be posting my exam review by the end of the week

impelse

Maybe I am doing something wrong. Yes in my case I am doing module by module. My question at what moment you begin to really attack all the machines, at the end of the lab manual or the manual begin to tell what to begin to attack?

ipchain

@impelse: I would recommend going over the entire lab manual and then watching the videos. Make sure you are comfortable with all modules starting from Module 6 onwards. Also, make sure you are comfortable doing enumeration, using netcat and writing bash scripts.

There is quite a bit of material not covered by the lab guide / videos, so additional research is required. You'll often find yourself with unprivileged access, so you need to be comfortable escalating on both, Windows and Linux.

Are you on IRC? If so, what is your nick / handle?

ipchain

Quick Update: I passed the OSCP exam, so I am now OSCP certified! I shall be posting a review of the course / exam later on today.

YuckTheFankees

Awesome job! How long did it take you to complete the course?

impelse

Congrats, come on. I am slow, I begin today the exploit module....

the_hutch

IPchain, I noticed that you have both OSWP and OSCP. First off...congratulations. Some serious ninja skills sir. I am planning on starting the offensive security series after I knock out CISSP (scheduled for bootcamp review and test in August). Which would you recommend taking first? I realize they address completely different security topics. But if OSWP is less demanding then OSCP, I'd probably prefer to start there. Thanks for the insight.