Need a project - Found a project! YFZblu's OSCP Thread
YFZblu
Member Posts: 1,462 ■■■■■■■■□□
Hey all,
I haven't completed an official certification since Last September (I think it was September) when I went through the SANS GCIH track. Anyway, I've been looking at a lot more red team related training/education lately - not because I want to become a 1337 haxor, but because I want context to what I see every day in the SOC and to continue making hard pushes to expand my skillset; what better way to accomplish this than to feel the pressure of an actual red team engagement, and the growing pains that come with learning new topics at a deep level?
I've been doing a lot of Python scripting lately, studying a lot of compsci topics (memory, process, C programming) and think now is the time. I start Offensive Security's 'Penetration Testing With Kali' course this Sunday, 4/20, and I'm pumped.
I'm creating this thread now in an effort to document the end-to-end process of OffSec's registration, payment, lab testing, studying, and the exam itself. I will be posting to this thread daily with any and all progress I make towards accomplishing this task - which includes posting links to the best 3rd party resources I utilize while rolling through the course topics. I purchased the 30-day course, and have absolutely no plans to extend the time frame. I understand 30 days is easier said than done, but I'm focused and have no other projects at the moment.
Waiting the next five days will be rough, I'm super anxious to get my hands on the material.
I haven't completed an official certification since Last September (I think it was September) when I went through the SANS GCIH track. Anyway, I've been looking at a lot more red team related training/education lately - not because I want to become a 1337 haxor, but because I want context to what I see every day in the SOC and to continue making hard pushes to expand my skillset; what better way to accomplish this than to feel the pressure of an actual red team engagement, and the growing pains that come with learning new topics at a deep level?
I've been doing a lot of Python scripting lately, studying a lot of compsci topics (memory, process, C programming) and think now is the time. I start Offensive Security's 'Penetration Testing With Kali' course this Sunday, 4/20, and I'm pumped.
I'm creating this thread now in an effort to document the end-to-end process of OffSec's registration, payment, lab testing, studying, and the exam itself. I will be posting to this thread daily with any and all progress I make towards accomplishing this task - which includes posting links to the best 3rd party resources I utilize while rolling through the course topics. I purchased the 30-day course, and have absolutely no plans to extend the time frame. I understand 30 days is easier said than done, but I'm focused and have no other projects at the moment.
Waiting the next five days will be rough, I'm super anxious to get my hands on the material.
Comments
!pain
!sufferance
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
This is actually a GREAT point. You can enter the name of any host in the IRC channel in this format...
Examples:
!ALICE
!BOB
!PEDRO
!GHOST
!PAIN
Each of these will return hints on how the box can be popped. Some are very helpful. Others are so cryptic that even after you pop the box...you'll wonder what it meant.
That's awesome - I appreciate the tips guys
If you'd like to register for Penetration Testing With Kali (PWK), you will have to provide OffSec with your name and email address; a non-free email address. After doing that I received an email with the following:
-Support hours
-Course information
-PWK Syllabus
-Cost
-Course prerequisites
-Certification information
-Information on how to officially register for the course - This includes a registration link with a TTL of 72 hours. If 72 hours goes by and you still haven't registered, you will have to submit your information again and wait for another email.
Registration (pre payment)
After officially registering for the course, I received yet another email which contained:
-Confirmation of your course and start date
-OffSec ID number
-Instructions to test connectivity to the lab environment before proceeding with payment
-Link to download Kali Linux
-Link to purchase the course
-This email also has a TTL of 72 hours; failure to complete everything in that time frame bumps the student to a later start date
Payment
Payment was as easy as clicking the link in the second email I received, and entering my credit card information. I then received two confirmation emails - One indicating that the payment was successful, and another with an attached invoice
One thing to be aware of though, is that their payment processor is outside the USA, which caused my bank (BOA at the time)to add an extra fee, and my company couldn't pay for the class for me with corporate cards, due to the policy of no outside US charges allowed. My current bank doesn't charge a fee, but I have gotten fraud warning calls when paying for classes. So just a heads up on that for everyone.
And, if you don't have a non free email, you can still register, you just need to send them a copy of ID. The billing department has been good to deal with - quick to respond and always helpful.
SecurityTube didn't charge any VAT but I know eLearnSec collects VAT.
For this we are asked to boot into our Kali Linux boxes, and utilize the OpenVPN utility to connect to the lab network. This involves simply ping'ing a host on our subnet, and keeping the VPN connection up for a while to ensure stability.
I don't think you're supposed to...but I was already guns blazing with Nmap during the 24-hour lab connectivity test window.
That's awesome - About 8 hours until the materials hit my inbox. Looking forward to it.
Random note - Each page of the PDF is watermarked with my OffSec ID number and full name; obviously to identify those those who distribute the material. Never seen that before.
Remember a lot of it requires outside study. I'd read up Windows Escalation for a start try FuzzySecurity | Windows Privilege Escalation Fundamentals
Good resource though. Its easy to get over-confident though when you start exploiting boxes, and forget about the importance of privilege escalation. Trust me...you will need to know how to move from basic access to root or SYSTEM
The g0tm1lk Linux privilege escalation guide is also a MUST.
Right away, it's clear that one must be 'at home' using Linux CLI - not at an admin level, but understanding the meat and potatoes of the OS is essential; opening files, navigating the file system, environment variables, starting/stopping services, configuration changes, etc.
I was happy to see bash scripting early on, it's something I'll have to learn on the fly. As I said in my OP, I have learned a few languages recently and I'm glad I did - the Student is expected to have the ability to whip a script together in multiple high level languages.
I'm definitely pacing myself at the moment. I have Thursday - Saturday off each week, and a slow work day on Sundays. That's when I plan on going deep and hitting the books/lab for 8+ hours per day. At work tomorrow I'll also get myself familiar with the basics of bash scripting; syntax, data types, iteration, etc.
Same - I am much more comfortable reading the material and hashing it out internally. For whatever reason I find myself getting distracted / sleepy during video presentation, unless I'm totally clueless about a topic and absolutely need the hand-holding (which I'm sure will happen many times in the next 28 days).
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
Sidenote: There was a very small piece of regex-fu during the bash section, it's worthwhile to know the most common and basic syntax. For this I like to visit http://www.regexone.com