Calling all Penetration Testing with BackTrack (PWB)/OSCP students!

dbrink

I believe I have decided that the OSCP is next on my radar. I was thinking of going with the CEH next but I need to utilize my money as well as I can so I think the OSCP is a better choice. I'm going to have to set aside some money over the next few months for this so I believe in the mean time I'm going to brush up on some of the topics mentioned in this thread.....TCP/IP, Linux, Bash, Python mainly.

the_hutch

Tax return in a couple weeks . Then, it begins. I am REALLY excited. I know my personal lab inside and out. Ready for something new. And the thought of being dropped into a hacking play ground of approximately 50 machines makes me twitchy with anticipation

dt3k

REMOVED UNNECESSARY QUOTED REPLY FROM PREVIOUS POST

Can you tell me about your home lab/setup/what you are using?

the_hutch

Pretty much everything is on VMware Workstation (would work just as well on the free VMware Player option, I just prefer to access my VMs remotely). All of my windows stuff is fully licensed with my TechNet subscription.
1. Backtrack 5 R3
2. NodeZero - Another pentesting distro similar to backtrack (NodeZero Linux)
3. NST - Yet another pen-testing / security auditing distro (Network Security Toolkit (NST v2.16.0))
4. Metasploitable 2 (Metasploitable | Free Security & Utilities software downloads at SourceForge.net)
5. Fedora
6. Ubuntu
7. Win7 SP1
8. Win8
9. Win XP SP2
10. Ubuntu Server
11. MS Server 03
12. MS Server 08
13. MS Server 12

technosecurity

Hi All,


i am glad to tell u all that infosec bug has bitten me (LOL) thats why i have decided to go for OSCP.i am a network security engineer who usually use to work on router,switches,firewalls. as a security person i was always thinking how corporate network servers (asterisk,exchange,database etc) got attacked or sniffed.and we use to get to know only when password gets changed or impt directory gets deleted or copied.than i realized that we are good enough to understand our firewall from inside interface but what about outside interface,how a hacker finds vulnerability and what mechanism they uses to attack the servers.when i started my journey than came to know about some terminology like metasploit,payload,etc.


i have never done programming in my life but after doing research i came to know that yes one should know programming for going deep in securty.so these days i am doing python n became member of spse (vivke ramchandran).it is helping me a lot.now i can understand why python is used for (network.tcp/udp port scanner, how to know subnet mask through python,arp reply,buffer overflow etc). all these topics are covered in his study material.


today is 10/feb/13 ill spend this month on studying python. and than in march 1st week ill get registered with PWB/OSCP and ill go for 90 days.friends plz gude me am i in right directon.


Thx

the_hutch

technosecurity wrote: »

today is 10/feb/13 ill spend this month on studying python. and than in march 1st week ill get registered with PWB/OSCP and ill go for 90 days.friends plz gude me am i in right directon.

Sounds like you'll be hitting it about the same time as me. I'm starting in March as well, and going the 90 days. I'm SO excited about this course. I've been wanting to take it for four years now. But I kept telling myself...if I get this cert and study this material...then I'll be ready. To be honest, I still don't know if I'm fully "ready," but I'm done doubting myself. We are doing this!!! Even if it means replacing four or five keyboards that I end up bashing my head against from frustration. I've got about a month and a half of leave time saved up. Feel free to hit me up at any time, justinhutchens@gmail.com, and hopefully I'll see you around the IRC channel.

technosecurity

hey friend,

thx for the reply.i am having some doubts,ill be soon asking u about those doubts.

thx

impelse

You guys are doing good studying python before the OSCP, I lost hours trying to modify exploits and really I did not know what to do with the exploit to modify it, I read a lot and run out 3 times my lab time.

the_hutch

Impelse do you plan to have an active subscription during March, April and May?

impelse

I am not sure yet, I failed one cisco exam and I need to renew the certification, after that I will take Python from Securitytube and go back to OSCP, maybe April

the_hutch

That may work out well. It'll give us time to catch up with you. We currently have 3 people wanting to collaborate throughout the course. Myself, YuckTheFankees and TechnoSecurity.

james17601

Stick me down on that list, I will be starting mine on 03/03

I have been lurking on this thread for some time, I have done the CEH and been using BT as a hobby since BT4. Just brushing up on Python and maybe a bit on BASH although I have used it before. I am going for the 90 days and looking forward to it.

the_hutch

James, I'm going to need your personal email address to add you. But I don't know if you can do PMs as a brand new member.

james17601

Email on its way!

Hypntick

the_hutch wrote: »

Pretty much everything is on VMware Workstation (would work just as well on the free VMware Player option, I just prefer to access my VMs remotely). All of my windows stuff is fully licensed with my TechNet subscription.
1. Backtrack 5 R3
2. NodeZero - Another pentesting distro similar to backtrack (NodeZero Linux)
3. NST - Yet another pen-testing / security auditing distro (Network Security Toolkit (NST v2.16.0))
4. Metasploitable 2 (Metasploitable | Free Security & Utilities software downloads at SourceForge.net)
5. Fedora
6. Ubuntu
7. Win7 SP1
8. Win8
9. Win XP SP2
10. Ubuntu Server
11. MS Server 03
12. MS Server 08
13. MS Server 12

Just out of curiosity what hardware are you running that on?

JDMurray

If a TE member in good standing will vouch for a new member, I can brush that PM restriction aside.

XakEp

I just joined this forum because of this thread. I just signed up for the PWB class and start on the 23rd. I'm definitely open to collaboration, always better to have someone to chat with about it. I'll be posting my experiences as I go along.

the_hutch

Glad to have you onboard with the OSCP team. That aside, you should stick around TE and see how you like it. Its a good group of people. And judging by your credentials, you seem to be a cert junkie like the rest of us. So I'd say you should fit in nicely, lol

james17601

Hey Justin, did you get my email?

the_hutch

James, sorry I must have overlooked it. But I did track it down in my inbox. I will send you an invite as soon as I get home from work today. Thanks for following up.

Killj0y

I just wanted to wish everyone good luck on the course and the OSCP exam. Remember to have fun.

the_hutch

Thanks Killj0y. I assure you, fun will be had. I don't even see this as a troublesome training course. More like a hacking playground with some extra resources provided to point me in the right direction.

InfosecDude

I plan to enroll soon as well. The only negative feedback I've received from a friend is that the course material is not too helpful at all. He said their labs are awesome but course lacks depth. He seems to have used a lot of outside help from websites and other paid courses to suppliment their material.

Is this true?

impelse

The material is good, but yes, you need to dig more to completely understand the subject and begin to master it

By the way that is the mentality of a hacker

Also you suppose to have IT experience and knowledge and you know, you are always looking for more info

the_hutch

Impelse beat me to it. Couldn't have said it better myself. Its not a challenge if they give you all the answers. They give you the framework, and you have to apply it to unique real world scenarios. In the real world, you are going to have to combine academic knowledge, with experience and a whole lot of google queries. I'm looking forward to this aspect of the course.

the_Grinch

Welp, my life is over! I signed up for March 16th!

the_hutch

Lol...yup. March 9th here. So I'll have a week head-start on you.

YuckTheFankees

Did both of you get the 90 day lab?

the_Grinch

Yup 90 day lab. At what point do they ask for you to pay? I found it weird that I could sign up and not enter my payment info?

YuckTheFankees

I believe they will send you a link to pay, it may take a few days.