Need a project - Found a project! YFZblu's OSCP Thread

Hey all,

I haven't completed an official certification since Last September (I think it was September) when I went through the SANS GCIH track. Anyway, I've been looking at a lot more red team related training/education lately - not because I want to become a 1337 haxor, but because I want context to what I see every day in the SOC and to continue making hard pushes to expand my skillset; what better way to accomplish this than to feel the pressure of an actual red team engagement, and the growing pains that come with learning new topics at a deep level?

I've been doing a lot of Python scripting lately, studying a lot of compsci topics (memory, process, C programming) and think now is the time. I start Offensive Security's 'Penetration Testing With Kali' course this Sunday, 4/20, and I'm pumped.

I'm creating this thread now in an effort to document the end-to-end process of OffSec's registration, payment, lab testing, studying, and the exam itself. I will be posting to this thread daily with any and all progress I make towards accomplishing this task - which includes posting links to the best 3rd party resources I utilize while rolling through the course topics. I purchased the 30-day course, and have absolutely no plans to extend the time frame. I understand 30 days is easier said than done, but I'm focused and have no other projects at the moment.

Waiting the next five days will be rough, I'm super anxious to get my hands on the material.

Find more posts tagged with

Comments

Master Of Puppets

That's awesome news! I'm sure you're gonna enjoy the challenge and learn a great deal. Also, many thanks for your plan to keep us updated throughout this.

Bodanel

I will be watching very closely your progress. I think it will be a good read. Good luck

Zoovash

Good luck! And don't forget to sleep!

wes allen

30 days while working is tough, but good luck for sure. Check out the IRC channel as much as you can as well, I didn't at first and missed a great resource for a couple months.

!pain
!sufferance

JoJoCal19

Looking forward to your posts in this thread. I am thinking of starting the OSCP at the beginning of next year.

cgrimaldo

Subscribed! Good luck!

NovaHax

wes allen wrote: »

30 days while working is tough, but good luck for sure. Check out the IRC channel as much as you can as well, I didn't at first and missed a great resource for a couple months.

!pain
!sufferance

This is actually a GREAT point. You can enter the name of any host in the IRC channel in this format...

Examples:
!ALICE
!BOB
!PEDRO
!GHOST
!PAIN

Each of these will return hints on how the box can be popped. Some are very helpful. Others are so cryptic that even after you pop the box...you'll wonder what it meant.

YFZblu

NovaHax wrote: »

This is actually a GREAT point. You can enter the name of any host in the IRC channel in this format...

Examples:
!ALICE
!BOB
!PEDRO
!GHOST
!PAIN

Each of these will return hints on how the box can be popped. Some are very helpful. Others are so cryptic that even after you pop the box...you'll wonder what it meant.

That's awesome - I appreciate the tips guys

YFZblu

Pre-Registration

If you'd like to register for Penetration Testing With Kali (PWK), you will have to provide OffSec with your name and email address; a non-free email address. After doing that I received an email with the following:

-Support hours
-Course information
-PWK Syllabus
-Cost
-Course prerequisites
-Certification information
-Information on how to officially register for the course - This includes a registration link with a TTL of 72 hours. If 72 hours goes by and you still haven't registered, you will have to submit your information again and wait for another email.

Registration (pre payment)

After officially registering for the course, I received yet another email which contained:

-Confirmation of your course and start date
-OffSec ID number
-Instructions to test connectivity to the lab environment before proceeding with payment
-Link to download Kali Linux
-Link to purchase the course
-This email also has a TTL of 72 hours; failure to complete everything in that time frame bumps the student to a later start date

Payment

Payment was as easy as clicking the link in the second email I received, and entering my credit card information. I then received two confirmation emails - One indicating that the payment was successful, and another with an attached invoice

NovaHax

And so it begins...

wes allen

YFZblu wrote: »

Payment

Payment was as easy as clicking the link in the second email I received, and entering my credit card information. I then received two confirmation emails - One indicating that the payment was successful, and another with an attached invoice

One thing to be aware of though, is that their payment processor is outside the USA, which caused my bank (BOA at the time)to add an extra fee, and my company couldn't pay for the class for me with corporate cards, due to the policy of no outside US charges allowed. My current bank doesn't charge a fee, but I have gotten fraud warning calls when paying for classes. So just a heads up on that for everyone.

And, if you don't have a non free email, you can still register, you just need to send them a copy of ID. The billing department has been good to deal with - quick to respond and always helpful.

Zoovash

Is there a VAT fee added for EU countries ?
SecurityTube didn't charge any VAT but I know eLearnSec collects VAT.

bobloblaw

Good luck. Looking forward to your write-ups.

MSP-IT

I'll be watching this thread diligently.

YFZblu

Lab connectivity test

For this we are asked to boot into our Kali Linux boxes, and utilize the OpenVPN utility to connect to the lab network. This involves simply ping'ing a host on our subnet, and keeping the VPN connection up for a while to ensure stability.

NovaHax

YFZblu wrote: »

Lab connectivity test

For this we are asked to boot into our Kali Linux boxes, and utilize the OpenVPN utility to connect to the lab network. This involves simply ping'ing a host on our subnet, and keeping the VPN connection up for a while to ensure stability.

I don't think you're supposed to...but I was already guns blazing with Nmap during the 24-hour lab connectivity test window.

ramrunner800

I just started in the labs today. Good luck to you!

YFZblu

NovaHax wrote: »

I don't think you're supposed to...but I was already guns blazing with Nmap during the 24-hour lab connectivity test window.

That's awesome - About 8 hours until the materials hit my inbox. Looking forward to it.

YFZblu

Downloaded my course materials tonight! A 361 page PDF, and ~8 hours of instructional video. I also logged into the IRC channel, and poked around the forums reading the FAQ's. Going to start reading the PDF tonight.

Random note - Each page of the PDF is watermarked with my OffSec ID number and full name; obviously to identify those those who distribute the material. Never seen that before.

NovaHax

Yup...they've been doing that for a minute. Mine was watermarked back when I took PWB in 2012.

BlackBeret

I'd suggest watching the videos before reading the guide, module by module. The videos cover what's in the guide, then the guide goes in to a few more details. I was rapidly deployed in 2010 and unable to make use of the labs or attempt the exam so I decided to pay to upgrade my materials to PWK and am going through it all now, in a few weeks I'll add the lab time and attempt the test hopefully around July 4th holiday time. Good luck to you as well.

Remember a lot of it requires outside study. I'd read up Windows Escalation for a start try FuzzySecurity | Windows Privilege Escalation Fundamentals

YFZblu

Excellent fuzzysecurity link, I appreciate that

NovaHax

I personally disagree with BlackBeret's approach. It worked better for me to read through the PDFs at the same time as watching the videos (since they pretty much follow the same track). But to each his own. Everyone learns in different ways.

Good resource though. Its easy to get over-confident though when you start exploiting boxes, and forget about the importance of privilege escalation. Trust me...you will need to know how to move from basic access to root or SYSTEM

.

The g0tm1lk Linux privilege escalation guide is also a MUST.

YFZblu

The first two days have been pretty easy going, it has basically been an intro to the course itself, the basics of navigating Kali linux, and an intro to bash scripting.

Right away, it's clear that one must be 'at home' using Linux CLI - not at an admin level, but understanding the meat and potatoes of the OS is essential; opening files, navigating the file system, environment variables, starting/stopping services, configuration changes, etc.

I was happy to see bash scripting early on, it's something I'll have to learn on the fly. As I said in my OP, I have learned a few languages recently and I'm glad I did - the Student is expected to have the ability to whip a script together in multiple high level languages.

I'm definitely pacing myself at the moment. I have Thursday - Saturday off each week, and a slow work day on Sundays. That's when I plan on going deep and hitting the books/lab for 8+ hours per day. At work tomorrow I'll also get myself familiar with the basics of bash scripting; syntax, data types, iteration, etc.

YFZblu

NovaHax wrote: »

It worked better for me to read through the PDFs at the same time as watching the videos (since they pretty much follow the same track).

Same - I am much more comfortable reading the material and hashing it out internally. For whatever reason I find myself getting distracted / sleepy during video presentation, unless I'm totally clueless about a topic and absolutely need the hand-holding (which I'm sure will happen many times in the next 28 days).

YFZblu

Woke up a bit early to get some bash scripting done

JoJoCal19

I wish I could do this course/cert sooner than later but I'm pretty booked for certs this year. I will definitely be starting it January next year.

Master Of Puppets

Check out tldp.org for some bash. I liked it when I was learning it.

YFZblu

Nice - Browsing it now, thanks!

Sidenote: There was a very small piece of regex-fu during the bash section, it's worthwhile to know the most common and basic syntax. For this I like to visit http://www.regexone.com

veritas_libertas

Good stuff. I'll be following this thread...