TechExams.net IT Certification Forums http://rejsy-morskie.com/?page= TechExams.net is home for an active and helpful community with forums for CCNA, MCTS, Network+, Security+ and many other IT certifications en Wed, 21 Feb 2018 19:35:03 GMT vBulletin 60 http://rejsy-morskie.com/?page=images/misc/rss.png TechExams.net IT Certification Forums http://rejsy-morskie.com/?page= Failed 210-260 http://rejsy-morskie.com/?page=forums/ccna-security/131263-failed-210-260-a.html Wed, 21 Feb 2018 18:19:36 GMT I blew it. Given all the negative feedback about this exam though I really can't complain. There were a lot of complaints about the exam expanding beyond the blueprint but it seemed to be in line with it to me so maybe Cisco has addressed the issue. My problem was I tried to rush my studies once I found out I was heading overseas again for work. I'll give it another 45 days or so and try to take it again. ]]> CCNA Security Fulcrum45 http://rejsy-morskie.com/?page=forums/ccna-security/131263-failed-210-260-a.html HELP!!!!!! Im trying to Relocate to Atlanta http://rejsy-morskie.com/?page=forums/jobs-degrees/131262-help-im-trying-relocate-atlanta.html Wed, 21 Feb 2018 15:59:53 GMT Hey guys, my name is Devon im looking to relocate to Atlanta Ga. I have about 1.5 years experience with a ccna. I live about 1.5 hours away from atl... Hey guys, my name is Devon im looking to relocate to Atlanta Ga. I have about 1.5 years experience with a ccna. I live about 1.5 hours away from atl and, looking to move are there any it jobs around that will acctually hire me? And not waist my time ...thanks ]]> IT Jobs / Degrees loqmeo http://rejsy-morskie.com/?page=forums/jobs-degrees/131262-help-im-trying-relocate-atlanta.html Working on OSCP http://rejsy-morskie.com/?page=forums/security-certifications/131261-working-oscp.html Wed, 21 Feb 2018 15:32:42 GMT Wanted to say Hi. I've been lurking for a while and just registered. I'm presently working on the OSCP. I failed my first exam pretty terribly (mostly I choked, I don't work well under pressure and have always tested badly)

That said, I know what the exam is like now and feel good going into my next one. I've rooted 50+ systems in the lab. Another 8 on Hack The Box, a number of vulnhub systems. My weakness though is webapps and finding entry points. If anyone has recommendations in that regard I could surely use them. SQL is definitely hard for me.

Thanks everyone and thanks for such a great forum, it's been great reading through the posts, very helpful! ]]>
Security Certifications datakan http://rejsy-morskie.com/?page=forums/security-certifications/131261-working-oscp.html
Spousal Interview? http://rejsy-morskie.com/?page=forums/jobs-degrees/131260-spousal-interview.html Wed, 21 Feb 2018 15:22:24 GMT Looking at this IT Position at a Financial Company and one of the steps is an interview with your spouse? Is this standard in the corporate world? Looking at this IT Position at a Financial Company and one of the steps is an interview with your spouse?
Is this standard in the corporate world? ]]>
IT Jobs / Degrees Daneil3144 http://rejsy-morskie.com/?page=forums/jobs-degrees/131260-spousal-interview.html
My journey to OSCP - Part 2: I did it!! http://rejsy-morskie.com/?page=forums/security-certifications/131259-my-journey-oscp-part-2-i-did.html Wed, 21 Feb 2018 14:49:56 GMT After the joys of completing the eCPPT I changed focus to the OSCP. I decided to spend a bit of time going through the material prior to starting... After the joys of completing the eCPPT I changed focus to the OSCP. I decided to spend a bit of time going through the material prior to starting the labs, this went on for a little longer then anticipated as I ended up starting my 30 day of labs in mid-November.

The material surprisingly hadn't changed that much from 2011, I started off documenting all the commands in Excel and creating my mindmaps based on the material I had access too. After the eCPPT, I definitely felt better prepared and more confident. In all honesty, probably due to feeling like I couldn't take much more, I didn't watch any of the video content and only briefly went through the pdf. I would not recommend this to others, it would be an idea to go through everything so your familiar with it all.
My goal for the labs were to at a minimum tackle one machine a day so by the end I would have close to 30 machines compromised. As we all know, nothing goes to plan and knowing myself I seem to get bored fairly quickly for some reason! Anyway, I started off fairly well as in the first few days I was ahead of my target and sitting on approx 5 machines utilising some of the basic enumeration and exploitation. Metasploit was very helpful, I decided after each metasploit exploit I would look to do compromise the machine manually, this worked well and I would advise doing the same.

I seemed to be ahead of my target for compromising machines and half-way through my 30 days I had compromised approx 18 machines. I felt at this point, and considering the exam was fairly cheap, to have my first attempt at the exam. I booked in my exam on around day 22 of the labs so it gave me some time after the exam in the labs in the event I failed, I had compromised approx 24 machines by the time I started the exam.

Exam

On this occasion, I was feeling very anxious as I knew I had a lot less time then eCPPT. I had decided beforehand that I would spend approximately 3 hours per machine and then utilise the remaining time to focus on the machines I had not exploited. I started on the first machine which was a BO, considering I found it fairly straight forward on the eCPPT and the concepts were the same, I was making very good process until I git a brick wall after approx an hour when my exploit was not working. After going back through the pdf I realised a silly mistake as I did not read all the material especially on what to look for when testing exploits (sorry can't say anymore but probably obvious). Even though I felt I was doing this right my code was still giving me errors, after a little while I discovered the silly mistake I had made!!!! Python v2 and v3 have some slight differences such as brackets! Well, I changed the code and run the exploit and it worked like a charm, machine 1 down in approx 2.5 hours (should've been a lot quicker if it wasn't for my stupidity).

I quickly obtained a shell to machine 2 which was fairly basic but after spending another 4 hours or so I could not get root. I decided to move onto the remaining machine and also held the one metasploit attempt in my pocket. I found another machine which I was able to compromise with a limited shell fairly quickly and using a public exploit I obtained root within a couple of hours. I was feeling fairly confident now as I was approx 7 hours in and I had 2 full compromises and one partial shell.
I then looked at the remaining targets and realised one of them was a good candidate for metasploit, I found the correct module and ran the exploit and managed to obtain root SYSTEM privileges straight away, perfect!

At this point I had done approx 8-9 hours straight and had 3 roots and 1 limited shell. I began to focus on the last machine, I managed to get a limited shell (not 'limited' as I would've liked which I discovered later) and then hit a brick wall. I felt I may have had enough points but was too tired to carry on so decided to focus on some reporting and then hit the sack.
I woke up in the morning with an hour left before my exam lab was going to close and discovered I needed to get an actual limited shell to one of the machines, luckily I did this in time before the lab closed. I did feel like I may have not done enough as wasn't sure how the points would be allocated but decided to focus on the report.

My report took approx 6 hours as I had started it the day before. I submitted the report not knowing if I had done enough or not, especially as I did not try and go for the extra 5 points from exercises and lab report.

And then finally, the dreaded email came.....I HAD PASSED!!! I was over the moon, more ecstatic then I had been from passing any other course (that goes for CISSP too) but then felt a little underwhelmed. I had started this journey over 6 years earlier and finally I had completed my goal!

I still had some lab time left but decided I had enough and owed myself some sleep considering the weeks running up to the exam I probably slept no more than 4-5 hours a day! I then slept for the next week or so pretty much and finished 2017 with my OSCP as per my target early in the year.

Please remember, no matter how big or small your goal, always stay focussed as you will succeed but sometimes you need to demonstrate more patience then you are generally able too.

Some pointers:

I think its definitely a good idea to go through all the forum posts for the different lab machines and read up on others exam reviews as there is plenty of helpful information out there.

Don't let the exam scare you, it's definitely possible to overcome it, you need to stay calm, relax and plan how you want to break your time down.

I would recommend, if its possible to do so, having an exam attempt before your lab time expires so to better prepare you for the actual attempt. This seemed to calm me down more so as I was expecting not too pass which probably helped me pass first time round. ]]>
Security Certifications t17hha http://rejsy-morskie.com/?page=forums/security-certifications/131259-my-journey-oscp-part-2-i-did.html
My journey to OSCP - Part 1: eCPPT http://rejsy-morskie.com/?page=forums/security-certifications/131258-my-journey-oscp-part-1-ecppt.html Wed, 21 Feb 2018 14:14:00 GMT Pre-amble So I finally managed to get a chance to write my review of the eCPPT. Just for information my journey started many years ago, around... Pre-amble

So I finally managed to get a chance to write my review of the eCPPT. Just for information my journey started many years ago, around 2011, when I purchased PWB (before PWK) as I wanted to improve my skills within pentesting. However, considering I had little knowledge of Linux and programming and the birth of my son, my lab time went out the window and I decided to leave it at the time.

Over the years it was eating at me to do my OSCP, especially as I purchased the upgrade to the PWK and kept paying for my labs being renewed, so last year I opted to purchase the PTP and gave myself the goal of completing the OSCP by December 2017. As part of the PTP I obtained access to PTS which I sat and managed to complete within a short period of time, I found the course interesting and a good prep for the PTP.

PTP

I began studying for the PTP as I did previously with the PWB noting down every command within an excel spreadsheet and also creating mindmaps of all the commands and different areas. I found the course insightful and really enjoyed the learning considering the effort the instructors had put into the material. I decided to skip the Wireless and Ruby modules as I had read these were not relevant for the exam. I found the labs very fast and straight forward considering they were dedicated to you. I ended up using approx 30 hours of the 120 hours which were purchased so I would say the Full version would be sufficient for most people.

Where I feel eLearnSecurity excel is the depth of knowledge they put into the material, they definitely hand hold you more but I like that element as due to having a full-time children, a few children and juggling with other responsibilities I don't have that much time to dig around for lots of information. After going through all the material and all the labs I was at a point that I did not want to go through the labs again and just wanted to sit the exam. Considering I had started approx February-March 2017 it took me until June before I was in a position to book the exam, I had spent most evenings and weekends studying as a lot of effort was required.

Exam

I recall anxiously waiting for my login credentials and for the exam lab to start, once this was provided I began to scope out my attack vectors and wanted to capture as much information as possible to assist with the exam report. I don't want to go too much into the exam considering all the material available across numerous sites. But I felt 1 week was definitely enough and this was with me going down numerous black holes and being a little narrow minded with my attempt. I seem to focus on the exam objectives and then took a back seat and realised closer to lab expiring that there were additional machines which I did not pick up due to not continuously scanning for new machines after compromising. I spent long hours in the initial days with very little sleep.
I moved onto the report which I was able to complete in a few days and had approx 100 pages of the main content and another 100+ pages for supplementary data (e.g. scan report).

I really feel eLearnSecurity are very generous but the exam is representative of a pentest which is exactly as it should be if you want to move into pentesting as the onus is on the quality of the report and your abilitiy to apply your technical skills.
The next step was the worst, waiting for weeks to find out if I had passed, finally I received an email which felt like eternity to say I had passed! :D

I was over the moon and happy to have passed but the blatantly obvious was awaiting me!! It was now September and I had 3 months to complete the OSCP!! ]]>
Security Certifications t17hha http://rejsy-morskie.com/?page=forums/security-certifications/131258-my-journey-oscp-part-1-ecppt.html
Physical Security Technology Resources http://rejsy-morskie.com/?page=forums/off-topic/131257-physical-security-technology-resources.html Wed, 21 Feb 2018 13:09:20 GMT I recently landed a job in a physical security space (cameras, salient completeview, etc) in a large enterprise. I have a background in app support,... I recently landed a job in a physical security space (cameras, salient completeview, etc) in a large enterprise. I have a background in app support, but this is my first gig in a security-related area. I'm wondering if anyone has any good resources (books, sites) for newbies in the physical security tech area? ]]> Off-Topic oltombon http://rejsy-morskie.com/?page=forums/off-topic/131257-physical-security-technology-resources.html Offer to buy OSCP notes...... http://rejsy-morskie.com/?page=forums/security-certifications/131256-offer-buy-oscp-notes.html Wed, 21 Feb 2018 12:48:00 GMT So I logged into my account on here this morning and had received a message from a member here by the name of SecurityNoob. In his message he asked... So I logged into my account on here this morning and had received a message from a member here by the name of SecurityNoob. In his message he asked if I would be willing to sell my OSCP notes...... I think we all know the answer to that question. The OSCP is one of the very few certs in this industry that is highly respected and I refuse to let people like SecurityNoob dilute the value of a cert that I for one poured my heart and soul into in order to pass.

Is there anything that the admins of this site can do to prevent this? Such as banning this member? ]]>
Security Certifications McxRisley http://rejsy-morskie.com/?page=forums/security-certifications/131256-offer-buy-oscp-notes.html
Which MS Cert to go for http://rejsy-morskie.com/?page=forums/general-certification/131255-ms-cert-go.html Wed, 21 Feb 2018 12:07:35 GMT Hi guys,

Yesterday I got a large pay rise and promotion (Wooo, go me!), I've been promoted from 2nd/3rd line support to Installations, I've been doing install jobs to help out the installs team (Server installed, firewall replacements, SAN implementations, 365 migrations etc) for the past year or so but finally got the promotion.

My manager who gave me the promotion and pay rise said that if I'm to excel in this team I should be going down the cloud route, learning everything possible about Azure, 365 apps (Flow, Teams etc not MS office package stuff), Sharepoint and Azure as these are the areas where the current installs team don't have much knowledge.

I've done a fair bit with azure, a few of our customers use it and I use it myself for some personal stuff. I've always stayed away from Sharepoint as much as possible so this is an area I'll need to learn from scratch almost. As for the 365 apps side of things I already use Flow to manage my site visits and logging expenses from my phone but other than that I don't use it for much else.

My current certifications:
Microsoft:
MCSE: Messaging, Productivity
MCSA: Windows Server 2012
MCITP: Windows 7
MCP: Virtualisation & System Centre
MCSA: Windows 8

CompTia
Network+
Security+

Cisco:
CCENT

What cert would you recomend sitting next? I was thinking about going for the Sharepoint 2016 exam but I'm unsure. I'll base my study around what my next exam choice is (this has always been the best way to learn for me).

Thanks for your help. ]]>
General Certification brkyfl http://rejsy-morskie.com/?page=forums/general-certification/131255-ms-cert-go.html
IT audit or IT security Specialist - Career Advice http://rejsy-morskie.com/?page=forums/jobs-degrees/131253-audit-security-specialist-career-advice.html Wed, 21 Feb 2018 06:50:05 GMT Hello all, Need some career advice here... So I have been involved in IT for the past 8 years and in Infosec for the past 2 years. earlier I used... Hello all, Need some career advice here...

So I have been involved in IT for the past 8 years and in Infosec for the past 2 years. earlier I used to be a VoIP Test engineer. Gradually moved into VoIP security and now doing IT audit related activities(remediation, controls testing) for the past 2 years.My concern with IT auditing is this is more of taking screenshots, reading documents updating excel sheets and less of Hands-0n work.

I am interested in becoming a security Specialist but not sure if I can transition into that after nearly 8-10 years of experience.
I am also not sure if I have the required skillset. My technical skill is limited to basic linux usage, basic pen testing skills, QA skills.I do not have any security product experience.I hold certifications in CCNA, CEH, ISO 27001 Lead Auditor and ISO 27001 Lead implementer.I wrote the CISSP but failed -668 and now preparing for the CISA as I am currenty working in IT audit.

I want to return to a more hands-on work and want to be a specialist rather than a IT sec generalist/ IT auditor.My future goal at least in the next 3-5 years is to work as a Security Program Manager in core Tech companies like MIcrosoft, Google,Amazon etc..
or in IT Security Business development in companies like PwC, Deloitte etc..

could you please let me know
  • if its better for me to stick to IT audit /IT sec management or can I move into some specialist role (like Red team/ Blue Team)after these many years of experience.I feel rather shallow after doing IT audit.
  • Should I continue doing CISA- CISSP - CISM or should I now focus on GCIH, GCIA, GPEN, OSCP kind of certifications

Any advice would be appreciated. ]]>
IT Jobs / Degrees shreenag http://rejsy-morskie.com/?page=forums/jobs-degrees/131253-audit-security-specialist-career-advice.html