Need a project - Found a project! YFZblu's OSCP Thread

Hey all,

I haven't completed an official certification since Last September (I think it was September) when I went through the SANS GCIH track. Anyway, I've been looking at a lot more red team related training/education lately - not because I want to become a 1337 haxor, but because I want context to what I see every day in the SOC and to continue making hard pushes to expand my skillset; what better way to accomplish this than to feel the pressure of an actual red team engagement, and the growing pains that come with learning new topics at a deep level?

I've been doing a lot of Python scripting lately, studying a lot of compsci topics (memory, process, C programming) and think now is the time. I start Offensive Security's 'Penetration Testing With Kali' course this Sunday, 4/20, and I'm pumped.

I'm creating this thread now in an effort to document the end-to-end process of OffSec's registration, payment, lab testing, studying, and the exam itself. I will be posting to this thread daily with any and all progress I make towards accomplishing this task - which includes posting links to the best 3rd party resources I utilize while rolling through the course topics. I purchased the 30-day course, and have absolutely no plans to extend the time frame. I understand 30 days is easier said than done, but I'm focused and have no other projects at the moment.

Waiting the next five days will be rough, I'm super anxious to get my hands on the material.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

ehnde

This is one of the most inspiring cert pursuit threads I've seen in years on techexams. And I realize the reason for this is because it is so difficult. And you have not quit. There is no guarantee that you will make it either, that is up to you. We're here still watching your progress. Keep it up!

YFZblu

^ I appreciate that, thank you.

Couldn't study yesterday, and tonight is probably a no-go as well. I have the next few days off, so I'll be making another hard push starting tomorrow.

cyberguypr

Heck, after following this thread if he doesn't make it a few of us are gonna go visit him and we won't be nice. LOL!

Seriously now, keep momentum going!

EngRob

Definitely inspires me to sign up once i'm done with WGU. Keep it up!!

JoJoCal19

How long is the PTK PDF? Is it a reasonable size to get printed and binded at Kinko's? While I do read PDF at work, at home I prefer hardcopies. I'm debating between this or the CCNA/CCNA:S after the New Year.

YFZblu

So, yesterday was sort of cray - The ladies in my life (wife and mother) both had medical issues, and my time was spent ensuring they were taken care of. I'm going to re-start password attacks today, and hopefully get further than that. My free time is probably going to be tied up tomorrow with more family-related activities.

At this point I'm reaching the end of the book material. It's basically password attacks, avoiding A/V, and then a good chunk of pages dedicated to metasploit. Then I will spend a couple days exclusively exploiting the lab environment and getting my documentation / scripts in order.

I *might* extend for another 15 days because I would like to become competent with the metasploit framework and have the lab environment to tinker in. Is extending and spending more money an ideal situation? No, it's not; however in my mind security is a do-ocracy, and adding to my skillset long term is much more important than passing the exam by the skin of my teeth and not learning as much.

YFZblu

JoJoCal19 wrote: »

How long is the PTK PDF? Is it a reasonable size to get printed and binded at Kinko's? While I do read PDF at work, at home I prefer hardcopies. I'm debating between this or the CCNA/CCNA:S after the New Year.

I'm the same way, and I did have it printed and bound. It's 360 pages if you use two-sided printing. I think it was like $30 in black and white.

wes allen

YFZblu wrote: »

have the lab environment to tinker in.

The lab is the very best part of the offsec course. Having all those hosts to attack, trying to figure out the initial little seam to get some traction, then figuring out how to get a low priv shell, then getting root, then using something from that host to pivot to another host is what makes it so great. So many little things that don't work as you think they will is what makes it so challenging.

I am working through some outside research on a couple of the areas I am weak on, then plan on another month or so of dedicated time in labs to pop some of the hosts I didn't get yet before giving the test a real attempt.

YFZblu

So, I spent a couple days attempting to crack network service passwords and ended up with a goose egg.

I noticed a response in the Offsec forums that suggested going back to password attack exercises after compromising a few lab machines because I will begin to discover credentials during the post-compormise time frame; then I can begin to form more intelligent word lists myself.

YFZblu

Going to hit the 'pause' button on OSCP studies until Thursday. I have a project at work that I need to focus on, and it should be an excellent learning opportunity. At this point I have decided I'll definitely be purchasing another extension, I haven't decided if it will be 15 days or 30 yet.

MSP-IT

YFZblu wrote: »

I'm the same way, and I did have it printed and bound. It's 360 pages if you use two-sided printing. I think it was like $30 in black and white.

You got a good deal. Mine wasn't nearly as many pages (strange?) and it cost me almost $60.

YFZblu

^ I was being derpy, it's about 360 pages total. Two-sided is ~180 pieces of paper.

YFZblu

I have today through Saturday off, I'd really like to get through the rest of the book. I have a project deadline later this month at work, and mid - late October is the entry-level SANS Windows forensics course. So I need to make another big push this weekend.

I have some unrelated C programming stuff to do on my own today, I'll do that for a few hours and then post my experience with OffSec's egress filtering evasion modules.

I also found some really cool resources that I'd like to share, and I'll make sure to get those into a post today as well.

YFZblu

Sharing:

I want to learn C and how it works under the hood because I have come to realize one very important thing. If you learn C, you learn computing. Ultimately, 'hacking' and technical infosec as a whole is about either making computers and things running on computers operate in unexpected/unintended ways - or defending against that. Either way, one side must think like the other to be moderately successful and understanding is key. I'm a big proponent of seeking understanding because most people do not. And that hurts us.

Here are some resources on C, you should consider them. Not only do they teach C, but they also demonstrate the belief system that C represents. And that's important.

-For the utter n00b: Amazon.com: C Programming Absolute Beginner's Guide (3rd Edition) (9780789751980): Greg Perry, Dean Miller: Books
-Gentle(ish) introduction: The Descent to C
-More terse summarization: Essential C
-Pointers and memory (Good for anyone, not just those learning C): Pointers and Memory

**Note: Regarding the first link I posted to the Amazon book; I suggested it earlier in this thread, and I want to update my recommendation. If you have experience in any other language, do not read this book. IMO, it initially abstracts the reader from too many under-the-hood structures and as I'm finding out now, stunted my grown in terms of learning C. In fact there are a few generalizations in that book that are flat-out wrong. Start with one of the other links instead. That being said, if you're a complete beginner to programming/scripting this will provide just enough to help you get serious and move on to more complete works.

Also, go through this: https://trailofbits.github.io/ctf/index.html It's one of the best resources I've seen for this field. Even if much of it is too advanced, it should shed some light on where to get started and provide goals to work towards.

veritas_libertas

Thanks for book recommendations. I'm currently trying to work my way through Python. I wish I had paid more attention in my college C++ course. I honestly don't remember much of what happened in that class.

YFZblu

veritas_libertas wrote: »

I wish I paid more attention in college college C++ course. I honestly don't remember much of what happened in that class.

Not uncommon. I kind of despise that most colleges only teach C++ and/or Java in their primary curriculum as far as compiled languages is concerned. Personally, I think C should still be widely taught and then a high-level scripting language like Perl or Python on top of that. I feel like once you have the nitty-gritty of C down, and are then introduced to the convenience and elegance of a high-level scripting language, everything else in between just makes sense and comes naturally.

Python is a great choice, though - Interestingly, learning C has made me a significantly better Python programmer. It has cleared up some inherent misunderstandings of computing and I make far fewer fundamental errors.

azmatt

Loving the thread YFZblu. Keep up the awesome work.

I recently sped through a c basics book and then through the security tube x86 assembly and shellcoding for linux vids which were great. I really need to go back and get a better understanding of c before I make a go at the OSCP early next year.

YFZblu

Thanks for the kind words! SecurityTube is awesome, specifically Vivek and his x86 stuff.

Today I'm pushing onward with port redirection and tunneling; more topics I have zero experience with. I may or may not complete it all tonight...this little chunk of material seems important and I don't want to gloss over it.

In other news, next week I have to pay an Offsec lab extension fee and front $1,200 for the SANS Work Study + SIFT Kit. Bleh.

JoJoCal19

YFZblu wrote: »

Thanks for the kind words! SecurityTube is awesome, specifically Vivek and his x86 stuff.

Today I'm pushing onward with port redirection and tunneling; more topics I have zero experience with. I may or may not complete it all tonight...this little chunk of material seems important and I don't want to gloss over it.

In other news, next week I have to pay an Offsec lab extension fee and front $1,200 for the SANS Work Study + SIFT Kit. Bleh.

I had looked at SecurityTubes stuff as a possible precursor to the OSCP. Do you think it would be worth it, or should I just self study to get a basic understanding of C/Python/Scripting before attempting OSCP?

Off-topic question, how far in advance of the SANS event you are chosen to do work study for do you have to pay the facilitator fee?

azmatt

They usually pick the work study people a month or so before the event and your supposed to pay as soon as possible. It's a lot of hard work (especially at a large event like Las Vegas) but if you're paying for SANS courses out of pocket it's a great program. I've done it multiple times and always found it worthwhile.

JoJoCal19

Thanks azmatt.

YFZblu

Update: As of now I'm going through my notes, but I think I'm going to wait another two weeks to extend my lab time. As mentioned earlier, I have a semi large project taking place at work, and I have to deliver it in about 10 days. So I'm focusing on that right now.

I'm still 100% committed to finishing this thing however, my goal is to be done by the time I leave for SANS Las Vegas on 10/19

YFZblu

Update: My semi-large project was slated to be finished last week, but due to time constraints out of my control, I'll be finishing up a presentation next week. Lame.

In any event, I'll be starting this up again soon, and have a goal of 10/18 for my completion date - which may or may not hold up.

YFZblu

So, I didn't want to revive this thread until it became 'real' again. A week ago I purchased (yet another) OSCP lab extension, and basically started the material over. I am at the halfway point in the material (180 out of 361 pages) and I'm feeling really good. I'm in this for too much money not to conquer it! Between SANS and getting a new job, things got sort of crazy at the end of 2014...so I'm back to Try Harder. I just completed the 'buffer overflow' and 'working with public exploits' portion. I'm happy to be done looking at C source code for at least a few days...

I'm not sure if I mentioned it before, but during my first run through of the material a few months back I wasn't really watching the videos as I went, and did most (but not all) of the exercises. I made the decision to complete some of the exercises after the fact. Do not do this. This time around, I am watching the topic's video, then reading, then performing all of the exercises. Doing it this way, things are going much smoother. I have come to find that the videos actually fill in a lot of gap information that the book leaves you with - Not just in courseware knowledge, but also how to operate in the labs; changing the font in the debugger, restarting an unfamiliar service via the GUI rather than killing the process, etc etc. Little things that make life much easier.

...long story short, I learn things the hard way. Next up is file transfers.

Sidenote: Offsec experienced a power outage yesterday, and the lab environment was unavailable. For those taking the course, if you haven't hit them up to get a day added to your lab time, you should. I'm not sure if they're doing it automatically for all Students, or just those that complained about the outage.

Second sidenote: I went back through this thread, and realized this is like the third time I started the material over. I have become the poster child for not trying OSCP unless you can neglect the rest of your life for 60 days. The one caveat being if you are already familiar with the material / pentest for a living.

EngRob

You're hanging in there and 'trying harder', that's the main thing. Enjoying reading about your progress and looking forward to the exam and pass updates.

JoJoCal19

Good luck with the continued pursuit YFZblu. I'll be following your thread again for sure. It is encouraging to hear about the videos filling in a lot of the perceived gap from the course material. I've traditionally done reading then watched corresponding videos. Do you think that may be better from the standpoint of reading the material and getting a good base and then watching the videos to fill in the gaps?

YFZblu

JoJoCal19 wrote: »

Do you think that may be better from the standpoint of reading the material and getting a good base and then watching the videos to fill in the gaps?

The thing is, it's not like Cisco or another large certification provider per se where everything is self-contained in the book and videos. In fact, much of the videos are direct quotes of what's in the book and that makes it difficult to watch (for me at least)...it just might have that one little snippet that makes all the difference in terms of making life easier from a lab standpoint. It's difficult for me to explain.

The book itself doesn't really drill down super deep - for example, the entirety of the Windows buffer overflow, Linux buffer overflow, and working with public exploits sections were < 50 pages in length combined. Considering the large font and photos, it's not a lot of material. it really is up to the reader to make it happen. As others have stated in other threads, much of the course is designed to make you feed yourself and seek outside resources when you encounter roadblocks. The workflow would be more like this:

Watch videos >>> Read material >>> Start exercises and get stumped >>> Seek 3rd party resources >>> Complete exercises

...so I guess that's the long way of saying the videos do in fact contain extra information you need, but not all of it technical in nature; and the book + videos still isn't enough for those without experience in whatever the given activity is.

JoJoCal19

Thanks for the info YFZblu. That's very helpful to know for when I go for it. I've taken your thread and others (especially what you put about material not drilling down deep), along with the syllabus, and used that info to decide to do the PTPv3/eCPPT first. I used their gift card to save some money on it. The modules outline on buffer overflows, shellcode, and stuff like that look amazing and should definitely help. Now if I can just get past this CCENT/CCNA:S I'd be good to start.

dookdook

YFZblu

AMAZING thread. Thanks so much for the effort and persistence you've put into it all, and good working on not giving up with OSCP and working to finish it.

I plan todo my OSCP sometime this year, and am currently learning Python in preparation of it.

I've got HEAPS of info from your thread on good sources of info to study/follow.

Keep it up, i'll be watching

si20

Best of luck with the OSCP. I meant to add an update to my thread... I've had a very bad breakup with my long-term girlfriend since I did my OSCP. I did my OSCP from Oct-Dec 2014 and in October, my relationship needed work, but I had committed 90 days to the OSCP and thought I could sort things out with my girlfriend after I did the exam. Nah....she left me. I'd made alot of mistakes in the relationship and not fixing issues for 3 months made even more issues crop up. I'm trying to get my mind back in order. It has completely killed me inside.

So a word of warning to other people taking on this behemoth challenge: Ensure you can do this 30/60/90 days without any issues. Take care of other business before you set off on this journey. Alot can change in 30/60/90 days as I found out.