+ Reply to Thread
Page 1 of 3 1 23 Last
Results 1 to 25 of 69
  1. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #1

    Default OSCP--Jumping in the ocean without knowing how to swim (#Ain't_Never_Scared)

    Thats the motto I personally follow. so i signed up for the OSCP (90) days.

    What did i do for prep? NOTHING, i tried my best to read books(after couple pages i stopped), watch the Georgia series from Cybrary (her voice is annoying so i stopped), practice on VMs (since i am paying for this course to give me the knowledge that i need to comprise VMs, Machines in the future, this didnt go that well, since i dont have that knowledge yet....,) I don't see a reason for me to prepare for a course that is supposed to prepare me.

    so i plan on reading the PDF, watch the videos and do all the exercises within the first 2 weeks and then attack the lab.

    there are about 376 pages (i am planning on reading about 27 pages per day) and about 8 hours of videos( i plan to watch the videos while at work)

    so i plan to do majority of this while at work (about 8 hours a day)
    so during the week i will dedicate about 8 hours a day and on the weekends about 10 on sat and 10 on Sunday.

    This is how i quickly finished WGU (CCNA RS (2 parts) CCNA Sec, A+ and so on)

    i will try to update this on a daily bases.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Aug 2016
    Posts
    134

    Certifications
    C|EH, Security+, CCENT, CCNA R&S
    #2
    Good luck... you'll need it
    Reply With Quote Quote  

  4. Junior Member Registered Member
    Join Date
    Jan 2013
    Location
    NOVA
    Posts
    2

    Certifications
    CISSP, CEH, CCNP, Linux+, Security+, Net+, A+
    #3
    Hey 22306,

    I just enrolled in PWK myself 90 days will be starting 4 Mar, the book by Georgia Weidman is a very good resource for preparation I am using it, I don't have any experience in Pen-testing but I figured I could at least "Try Harder" and get the PWK course and OSCP Cert done. I am also in the NOVA area 22314 if you wanted to collaborate on getting it done let me know. Good luck
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #4
    Quote Originally Posted by tcundiff View Post
    Hey 22306,

    I just enrolled in PWK myself 90 days will be starting 4 Mar, the book by Georgia Weidman is a very good resource for preparation I am using it, I don't have any experience in Pen-testing but I figured I could at least "Try Harder" and get the PWK course and OSCP Cert done. I am also in the NOVA area 22314 if you wanted to collaborate on getting it done let me know. Good luck
    sure PM me
    Reply With Quote Quote  

  6. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,569

    Certifications
    SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #5
    Quote Originally Posted by 22306 View Post
    What did i do for prep? NOTHING, i tried my best to read books(after couple pages i stopped), watch the Georgia series from Cybrary (her voice is annoying so i stopped), practice on VMs (since i am paying for this course to give me the knowledge that i need to comprise VMs, Machines in the future, this didnt go that well, since i dont have that knowledge yet....,) I don't see a reason for me to prepare for a course that is supposed to prepare me.
    I guess you will be upset that the whole concept of "try harder" is geared towards doing your own research and filling in the gaps that was purposely left out in the material. Every OSCP reviewer/blogger stated that in one way or another, they had to research elsewhere using other materials.

    Good luck!
    Last edited by chrisone; 02-16-2017 at 08:17 PM.
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), eCPPT (in progress), LFCS (in progress), OSCP (Ah next year...)
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #6
    Quote Originally Posted by chrisone View Post
    I guess you will be upset that the whole concept of "try harder" is geared towards doing your own research and filling in the gaps that was purposely left out in the material. Every OSCP reviewer/blogger stated that in one way or another, they had to research elsewhere using other materials.

    Good luck!
    researching is part of learning.
    Reply With Quote Quote  

  8. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    67

    Certifications
    OSCP, CISSP, Sec+
    #7
    Quote Originally Posted by 22306 View Post
    researching is part of learning.
    And it's also a huge part of pen testing.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #8
    i finally received the materials. i downloaded everything and i made back up copies. URL stays alive for 72 hours and if you lose the material, youll have to pay them 100 bucks for them to send you the material again. so what i did is i backed up all the files to different places. of course keeping them secure.

    i will be using vmware workstation 12 pro (thanks to wgu got it for free)
    once i downloaded the VM they provided me. i powered it on (created a shared folder between host and guest, makes it easy to share files) and once i had everything configured, i created a snapshot (for you all who are using the player, you can just create a backup of the vm folder and when you need to revert back. just delete the current vm folder and use the back up)

    they provide all the instructions that you need to follow.

    i started reading the pdf and watching the videos that correspond. reading the PDF itself might not make sense or it might be boring. so i am doing both at the same time. also having more than one monitor helps! trust me. i have 3 monitors and one is running the video and the other is running the PDF and the third one has word open for note taking.

    so far the PDF has been nice. they get right to the point. No fluff and also the dudes voice isnt as annoying as Georgia's. his tone shows that he enjoys teaching.

    page 61
    Reply With Quote Quote  

  10. cdx
    cdx is offline
    Sanji cdx's Avatar
    Join Date
    Feb 2014
    Posts
    180

    Certifications
    GSEC, CCNA Security, CCNA R&S, CCENT, A+, Network+, Security+, Project+, Linux+, LPIC-1, MTA
    #9
    *eats popcorn waiting for updates from OP*
    Bachelor of Science - Information Technology - Security
    Associate of Science - Computer Information Systems
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #10
    yesterday i continued reading the PDF and watching the videos at the same time. Advice, READ AND WATCH at the SAME TIME. trust me itll make it easy for you. where the PDF lacks, the Videos come in handy and where the Video lacks, the PDF comes in handy. Even tho i just started. I already have picked up couple tricks. I cant wait to touch the Labs and see what i can do. One thing i learned from growing up and having a rough life.. NEVER BE SCARED to try. Even if you have tried and failed, Guess what? you sit back and see why you failed, plan a new way to attack and attack again.

    PS: a trick that always pushes me to try harder is that i schedule the exam before i start studying. so i already scheduled my exam date. Hopefully this will push me to learn and try even harder. i paid for 90 days so when exam day comes and if i feel that i am not ready, i might reschedule but i normally would take the exam (so far this has worked for me and i never rescheduled any exam and always passed)

    PDF page 107
    Last edited by 22306; 02-22-2017 at 04:54 PM.
    Reply With Quote Quote  

  12. Senior Member supasecuritybro's Avatar
    Join Date
    Jul 2015
    Location
    Miami, FL
    Posts
    165

    Certifications
    CISSP, GPEN, eJPT, CSA+
    #11
    Quote Originally Posted by 22306 View Post
    yesterday i continued reading the PDF and watching the videos at the same time. Advice, READ AND WATCH at the SAME TIME. trust me itll make it easy for you. where the PDF lacks, the Videos come in handy and where the Video lacks, the PDF comes in handy. Even tho i just started. I already have picked up couple tricks. I cant wait to touch the Labs and see what i can do. One thing i learned from growing up and having a rough life.. NEVER BE SCARED to try. Even if you have tried and failed, Guess what? you sit back and see why you failed, plan a new way to attack and attack again.

    PS: a trick that always pushes me to try harder is that i schedule the exam before i start studying. so i already scheduled my exam date. Hopefully this will push me to learn and try even harder. i paid for 90 days so when exam day comes and if i feel that i am not ready, i might reschedule but i normally would take the exam (so far this has worked for me and i never rescheduled any exam and always passed)

    PDF page 107

    I like your style!
    Completed: CISSP, GPEN, eJPT, CSA+, M.S. Information Security
    Current Goal: eCPPT
    Five Year Plan:​ RHCSA, CISM, OSCP, more SANS as they come
    Book/CBT/Study Material:​ Python for Security Professional (Cybrary)
    Reply With Quote Quote  

  13. Completely Clueless TechGromit's Avatar
    Join Date
    Oct 2015
    Location
    Galloway, NJ
    Posts
    1,330

    Certifications
    A+, Network +, GSEC, GCIH, Lunatic+
    #12
    You braver than me, I will not even considering attempting this certification until I master a Linux certification and get some Python knowledge first. I'm sure even without proper prep work, it's a very educational and beneficial course. However for me, I would like to try to ensure the greatest chance of success. On the bright note, it's really not that all expensive security training and certification. For $1,300 it's dirt cheap in my opinion when compared to some of the SANS security courses. Wish you the best of luck, I see you have a Linux certification, that will certainly help.
    Still searching for the corner in a round room.
    Reply With Quote Quote  

  14. Senior Member E Double U's Avatar
    Join Date
    Apr 2014
    Location
    The Netherlands
    Posts
    1,158

    Certifications
    CISSP, CISM, GCIA, GCIH, C|EH, and more.
    #13
    @ 22306

    You might have more balls than brains...just like me! Good luck
    "You tried your best and you failed miserably. The lesson is, never try." - Homer Simpson
    Reply With Quote Quote  

  15. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    67

    Certifications
    OSCP, CISSP, Sec+
    #14
    Just 2 tips... be sure to do (now or later) the exercises in the PDF. Doing them and turning them in will give you some bonus points for the exam. Depending on how you do things, you'll watch the videos, read the PDF, do the exercises while watching and reading a second time, and then re-watch and re-read sections several times as you do the lab. It'll be ok to not get 100% understanding of everything in there on the first go around.

    Second, stick to your first exam date. When you re-up for more lab time, you get another exam take along with it. You'll want to read the FAQ or forums to verify that, but I'm pretty certain that's how it works. With every re-up, an exam take should be spent. Good luck!

    And bonus...probably 20% of this course is about finding and honing your own style of note-taking, system attacking, and report-building. Start honing that early before going too wild in the labs. A good, thorough student, imo, will end up pwning many boxes several times, either to do better post-root looting, to do it more manually (as opposed to using only Metasploit), or to discover multiple ways in.
    Last edited by LonerVamp; 02-22-2017 at 09:38 PM.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #15
    I did not read as many pages as i planned. Thats fine tho, i will make it up tonight. I will also do some of the exercises tonight and practice what i have learned so far. I am creating a bank of commands as i go. Maybe a cheat sheet organized by tool (or i might change this depending on what methodology i follow to attack the labs.) and i am not sure if ill also make my own scripts or just use what i find. still VERY exited and Every single word i read, it makes me feel like this is achievable and it wont be as hard as it seems! Hopefully this weekend i will attack the section that is loved by everyone 'Win/Lin BoF'.

    PS: its very very hard fighting the urge to just attack the lab! but Everyone advises to fight the urge and finish the PDF and videos first and that is what i will do.

    PS PS: if you are planning on taking the course and you want to prepare, i think the best thing for you to do is download this PDF and read it and learn the basics from every sections mentioned. DON'T WASTE YOUR TIME LEARNING PYTHON AND other languages. Yes python is good but it is not needed for this course. YES it will be a plus but IT IS NOT NEEDED. so far the course went over a very simple python script and he explained it. even tho this course is hard but it is still considered an entry level cert. BTW this is my opinion so please don't try to argue with me about it.
    https://www.offensive-security.com/d...-with-kali.pdf

    page 132
    Reply With Quote Quote  

  17. Member
    Join Date
    Jan 2017
    Posts
    96
    #16
    Quote Originally Posted by TechGromit View Post
    You braver than me, I will not even considering attempting this certification until I master a Linux certification and get some Python knowledge first. I'm sure even without proper prep work, it's a very educational and beneficial course. However for me, I would like to try to ensure the greatest chance of success. On the bright note, it's really not that all expensive security training and certification. For $1,300 it's dirt cheap in my opinion when compared to some of the SANS security courses. Wish you the best of luck, I see you have a Linux certification, that will certainly help.
    Right there with you buddy.
    No way in hell im going to do that.
    Once i complete my pre studies, of which im having alot of fun with learning btw, python, metaspoit, Georgia W book, Vulnhubs and a few other books, forgot to mention brushing up on my bash scripting, then ill go for it.
    I dont want to set myself up for failure.
    But then again, we dont know what the OPs prior experience (IT/proffesional) is.

    BTW, Linux + is a cakewalk. As in too easy. But, is a bulletpoint I suppose.

    BTW OP, how did you like WGU?
    Online Schools sort of scare me (ITT Technical Institute anyone?) unless its your standard type University Of Georgia/UCLA etc.

    This actually might be the wrong place to ask that question tho lol
    Last edited by Dr. Fluxx; 02-24-2017 at 02:52 PM.
    Reply With Quote Quote  

  18. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #17
    So i been gone for about 4 days now. this weekend, i worked on doing some of the exercises and also finished up windows BoF. OffSec does an amazing job explaining everything but of course its up to the reader to actually spend time in reading the PDF and also watching the video and doing the exercises. I read this section maybe 3 times and watched the videos and actually did the work. it doesn't really sound as hard as people make it sound. Since the exam has a windows BoF machine and its the one thats worth a lot of points. i will be spending time in really understanding what they are teaching me concerning this subject. I googled around and also found other resources but honestly i didnt really need to. now for Python, Offsec gives you a basic script that anyone can understand and they also explain what every line does. seriously they are literally holding my hands and walking me through this. It has been about a week now and i am in the midway point with the PDF. so this week i will finish up the remaining half and then attack the labs. ADVICE: fight the urges to attack the labs. seriously i get tempted at times but i got people who keep reminding me to finish the materials!

    PS: yes having basic understanding on how to use linux is good and will help you (things like LS, PWD,CD ./, CHMOD and so on)

    lol i hope i dont get slapped on the face once i start attacking the labs.

    PS PS: WGU and ITT Tech dont compare. one is non profit and the other is for profit one is regionally accredited and the other is nationally. you can save money and do BS with WGU and then do masters with a known school like penn state, GMU, ..etc

    Page 160ish
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #18
    Finally finished the materials yesterday and i rooted one of the easiest machines in the lab (Alice). next is PayDay. hopefully ill get to work on it today.. One thing ill need to work on is Priv Esc! loving the lab so far.

    PS: hopefully once i conquer the test. i will post a detailed post with resources and tons of info!
    Reply With Quote Quote  

  20. Senior Member xxxkaliboyxxx's Avatar
    Join Date
    Dec 2013
    Location
    Austin, Texas
    Posts
    423

    Certifications
    GCIH, C|EH, Sec+, eJPT, SCCC
    #19
    Awesome broski, just like the gym, hardest part is showing up! I like your style, no reason for all the ass grabbing like me and the C|EH exam. Good luck!
    Studying: LFCS
    Reading
    : Python Crash Course
    Upcoming Exam: GWAPT

    https://realworlditsecurity.wordpress.com
    Reply With Quote Quote  

  21. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,569

    Certifications
    SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #20
    Good stuff! Keep up the hard work! With your attitude its not a matter of IF but a matter of WHEN.
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), eCPPT (in progress), LFCS (in progress), OSCP (Ah next year...)
    Reply With Quote Quote  

  22. Senior Member kMastaFlash's Avatar
    Join Date
    Aug 2012
    Posts
    897

    Certifications
    A+, Network+,Security+, EMCISA v2, MCP, MTAx2 , CCENT, CCNA R&S,C|EH,C|HFI,Linux+,LPIC-1,E|CSS,E|CES,GPEN,OSWP,Server+,LPT,GCIH,E|CIH
    #21
    I'm also studying for OSCP as well. Started back in Nov 2016 and still going! I may want to attempt the exam soon. Anyone with OSCP care to share any pointers or thought about how hard the exam is and things to focus on?
    2017:E|CSA E|CSP,eLearnSecurity Courses 2018: C|ND,ICND2,CCSK,CISSP,CCNA-Security,CSA+,GWAPT 2019: CWNA 2020: LPIC-2
    Reply With Quote Quote  

  23. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    184

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #22
    How have you been "studying"? Is it hands on in your own home lab? or have you just been reading and not practicing? Have you registered for the course yet? You can't just take the exam, you have to register for the course and compromise a minimum of 10 lab systems before attempting the exam. The exam is 24 hours long, you will be given 5 boxes to compromise and each has a different point value. You can only use metasploit on ONE BOX ONLY. Also keep in mind that this course requires an enormous amount of time and dedication, it is attempted by many and passed by very few. I'm not trying to discourage you but just giving you a heads-up and making you aware of the commitment you need to make.
    Reply With Quote Quote  

  24. Senior Member
    Join Date
    Mar 2014
    Posts
    619

    Certifications
    Alphabet-soup
    #23
    "you have to register for the course and compromise a minimum of 10 lab systems before attempting the exam."

    You have to have registered for the course at some point in time in the past. I personally did it when it was still PWBv3. Otherwise, there is no requirement to compromise any boxes in the lab. The lab report is completely optional. It's only the exam report that is mandatory.
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #24
    its been about 9 days and so far i rooted alice, phoenix,bob, ralph, mike and i think i am forgetting another one. so far what i learned is to carefully read your results. and DONT assume. ALSO, at times with RFI, you have to pay attention to it being case sensitive. i spent whole Sunday trying to figure out why my RFI attack wasn't working and thanks to MrAgent who reminded me about case sensitivity and boom went down the machine. i know i am still going after the low hanging fruits. but it still feels good. BTW having the discord group chat is helping me ALOT! without these cool people in the group chat, i would be lost.
    Reply With Quote Quote  

  26. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #25
    Quote Originally Posted by redworld View Post
    Is the OSCP Discord channel open or private? Last link I saw was no longer active.

    https://discord.gg/AQwaeGf
    its set on private but pm and i will send you the url
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 3 1 23 Last

Social Networking & Bookmarks