Category: Oscp blog

I believe every security enthusiast is aware about OSCP Certification and added this in their wish-list. Finally I have decided to go for it and crack one of the most demanding certification of industry.

To ensure that coming aspirants do not face similar challenges, I have started this OSCP Blog Series which will cover the challenges and solutions to avoid these at the every stage of your journey. I will talk about the challenges in planning your path throughout the OSCP as well as to make the decision whether you should go for it or not with your current skill set. So in this series I will help you to clear your doubts with my experience. The reason for being most demanding is thatIt is completely practical oriented certification for any of the security professionals who have keen interest in deeper piece of Penetration Testing.

PWK course is offered with different packages based on the duration which includes below efferings:. I am going to share some basic stuff which will help you to start your OSCP journey or will help you to decide whether you should go for it or wait sometime to acquire the necessary skills.

As per my understanding and after going through blogs of other OSCP holders and experiences they have shared about their Journey, I think below parameters can help you to answer your questions.

Some people may get confused while dealing with this ratio of point 1 and 2. But let me explain to make you clear about this:.

Journey to OSCP – 10 Things You Need to Know

OSCP is not only about learning the content provided in course material. Everyday you will be facing lot of technical challenges where you need to show your research and problem solving skills along with your Pentesting Skills. Even if they have basic Pentesting Skills they feel that they are not ready for it or will not be able to manage the time for OSCP while working. So I would really suggest to just go for it even if you have time constraints, because once you register you will find all the ways to manage your time.

Else you will never feel ready to go for OSCP. This figure will start changing as soon as you start working on OSCP. Once you start working on OSCP, the ratio will be around Again when you go for Lab provided in the course, it will differ. As it will also help you to understand if you are going for OSCP which package you have to choose. But what to do now?

So answer is Yes. If you have practiced on the above platforms you will really have understanding of advanced attacks and scenarios on how to compromise a machine. But again if you have not done this, you need to give more time on OSCP Labs to cover up these skills. This is the tagline of OSCP just not for formality but they have a clear vision about this. Once you move in the wrong direction, you will waste the time on finding something which is impossible to grab.

I hope, this post helps you to make the decision for OSCP registration. I would try to answer all the queries regarding this post. I am from network background and have Linux knowledge, was also thinking about this certification. Your post spacially scenario 1, 2,3 are the best part to know what to do. Keep posting such valuable information.

Your email address will not be published. Share on Facebook Share. Share on Twitter Tweet. Share on Google Plus Share. Share on LinkedIn Share. Reply Nice keep it up Reply I am from network background and have Linux knowledge, was also thinking about this certification.After getting rejected by almost 15 companies I decided to start to increase my skill, and there is no better way than OSCP.

So on the 31st Dec night I talked to my father that I want to spend 1 year on OSCP, after some discussion he eventually agreed, I took the time limit very seriously. So it took me 2 months to figure out where to start because there was no one to guide me at that stage, So before I realised, the sand was slipping from my hands and month of march had begun.

If you are new to Buffer overflow, I recommend to start with Brainpan 1. It took me 2 more months to complete these machines. This is a point where every learner in information security domain hopes for guidance. A guidance on what to learn, a guidance on where am I wrong. During my hard hunt for a mentor, I was lucky enough to meet my mentor KNX. I am very thankful to him for all his support, teachings and resources. After completing all the machines in HTB. I started my OSCP PWK-Lab on 1st oct and due to unfamiliarity with the environment my progress was very slow-going, I signed up for 2 months lab and within 40 days I completed all the machines on all 4 networks.

To be noted, complete videos, course manual and lab exercises before you start rooting lab machines. Hence, It so happened I gave the exam without proper sleep. AtI started scanning the ports for all machines and done the BOF machine within 3 hours and now I have 25 marks in my pocket; Moved to the next big machine and I did that in next 3 hours.

Within 6 hours I had 50 marks. The rest 3 machines was of marks respectively, I completed them in another 9 hours and within 15 hours I rooted all machines and got marks.

Now ,time to make exam report. Because of sleep deprivation for more than 36 hours my mind and body started rusting. I dont advocate for long working without sleep as it can cause serious health issues but I am used to this and I was so excited for OSCP.

After spending next 6 hours on my lab report, I still had few hours left for the exam to end. So I went to sleep, after waking up in the evening I reviewed the exam report and mailed to Offsec as per the exam guide. After Spending almost a year, without stepping out from my house for months, without meeting any friends, all my hard work paid off when that final day come I got the email that I cleared OSCP.

Wink - Wink. MIT License. OSCP lab Overview In any pentesting the first step is to scan for open ports where we cannot afford to be wrong, because by default Nmap only scan top ports and sometime vulnerability lies in the top ports, so first scan for default ports and start working on it and then perform a full port scan in the background as a backup.

In this phase you may find some passwords or some hints to some other machines which might be helpful to get user level access in certain systems. Thanks to my Family for supporting me throughout this journey.

Thanks to my mentor KNX for guiding me on the right path.Those are pretty expensive courses. If you say you didn't have prior cybersec understanding, what convinced you that it is worth it? I had actually joined a bootcamp starting in October and the bootcamp provides the PWK voucher, however I do think even without the bootcamp I think it would've been worth it.

I will say though, having a bit of basic knowledge on using linux, and some networking skills is extremely helpful before starting PWK. Post a Comment. March 08, Just like every OSCP experience blog posting, I'm going to start off with a bit of background and dive into the actual experience of the exam.

Before starting the PWK course, I was working at a fitness facility, with no idea what the words Kali Linux even entailed. I had some computer knowledge; the basic IT guy for my parents who could barely get Copy-Paste working.

But the thought of hacking, kali, and even linux never crossed my mind. However over the summer of I decided to join a bootcamp based on cybersecurity, and I got accepted and started my first day in October. We learned about basic networking, some linux bash scripting and even some windows terminal commands. Everything changed however when we got our day voucher for PWK.

We started our PWK course material which to me was exhilarating; learning different tools ranging from BurpSuite to Nmap, it became an addiction to me. I began researching endlessly different vectors of attack, different tools, and before I knew it I had spent nearly 70 hours within my first week saving cheat sheets, creating notes, and documenting everything I can find. I found it fun, new and exciting. At the start of my second week of the PWK course, I began looking into cracking boxes.

My first box within the lab environment was named AlphaI was told this was a good starter box to learn an abundance of everything from web server enumeration and exploit modification. Thinking about it now, the box would be a piece of cake, but from the initial enumeration to root privileges it took me nearly 10 hours. That might seem like a long time, but to me it was the greatest feeling ever.

When you crack your first box, all the time spent means nothing; all you can think about is the trophy, the root flag. The feeling is like no other, and after that first day when I rooted Alpha, all I thought about was which would be my next box, which ended up being Hotline.

oscp blog

This box took a bit less time than alpha, although im a bit ashamed to say it took me around 6 hours. Again though, the feeling was like no ever and I just wanted more and more. I then went from Payday to Boband then to Mike and Kevin. Within the second week of the course and lab, I had rooted about 9 boxes. It was a great feeling and the absolute grind of it was thrilling. The tool was called AutoRecon. I still use it to this day, and one thing I will mention is before using this tool try to have a good understanding of Nmap and other recon tools as reading the output before actually using Nmap, SmbMap, enum4linux and others will look quite confusing and hard to understand.Before taking the exam I already had years of work work experience as a penetration tester at Fluid Attacks.

So, I already had the knew how to perform a penetration test and how to build a technical report of my findings. The most important phase on a penetration test is scanning. Here you will use tools to get information about your target, such as its operating system, open ports, the services running on those ports and their versions, whether they have public vulnerabilities or not, and whether there is a public exploit for those vulnerabilities.

Since metasploit is restricted to only ONE machine this includes the auxiliary modules too you need to be familiar with tools such as:. The only way to do this is by using them continuously until you develop a solid enumeration strategy.

To help with this there are services like hackthebox and vulnhubwhere you can find vulnerable machines on which to test your skills. Once there you can also practice the gaining access phase and your privilege escalation strategies with multiple operating systems and vulnerabilities that resemble the ones in real-life scenarios.

The tools and resources that I got the most from for privilege escalation were:. I recommend hacking all the live machines that you can without any help and get some points on the platform. Doing this helps you get used to the tools and increases your confidence in using them when you take the exam. You can learn stuff from these videos even for machines you did root.

Do this for at least one month or, if you have no work experience whatsoever, two months.

The Offsec Blog

When you are working on the machines, also work on your time management skills. Do not spend too much time on one machine when you can try another one. Time management becomes very important when you are taking your exam.

Before your lab access ends, be sure that you fully understand how to do a buffer overflow. Take notes of every step, copy all the commands that you need, and also how to get the return address. Here you want to gather the most information about the last two steps. We are going back to hackthebox but instead of doing the active machines we are going to do the ones from this list there are also some from vulnhub.

Try to conquer those machines listed without the aid of walkthroughs. When you finish one, look at these walkthroughs to check whether there is another way in, if so then also practice it. The day before the exam, I did nothing. Your body and mind need to rest and you should not try to cram before the test. Eat your favourite foods whatever they may be. Treat yourself to a well-deserved dessert, watch movies, and series that you perhaps ignored when you focused on your studies.

The task is to gain administrative access to the machines in the network. There are 5 machines, each is worth a certain number of points if you complete it and you need at least 70 points to pass the exam. The machine points are distributed as:. I started with the 25 points BoF machine while I scanned all the other ones. I did this because I knew that I could follow the guide step-by-step and get the BoF points. My scanning strategy was to run nmap with these options:.

Also, I pinged the machine in order to view its operative system. When the port scan finished I checked every web service and used a web crawler like dirbuster or dirsearch.

After finishing the BoF machine, I started hacking the machines with all the information that I had collected. I ended up going down rabbit holes trying to gain admin privileges on the pointer machine.

Pata hai sab la rahe hain mp3 download

Because of the time the point machine was taking, I quickly decided to switch to both the point and finally, the pointer machine. For privilege escalation I first checked the operative system version and kernel, this can be done by running:.

If it was WindowsI checked for the Groups. When it comes to Windowsmost of the time the way of escalating privileges is through a vulnerability in the OS version or in an installed program version.I will also share some resources that I found useful during my preparation. Here I will not be explaining the technical concepts. Those should be figured out by you on your own. OSCP preparation, lab, and the exam is an awesome journey where you will experience lots of excitement, pain, suffering, frustration, confidence, and motivation where learning will be constant throughout the journey.

The OSCP certification will be awarded on successfully cracking 5 machines in Where one machine will be for exploit writing and which holds maximum points, while the others will be for enumeration, exploitation, and post-exploitation.

To practice various attacks and approaches, you will be given access to an online lab which has 55 machines of different versions of both Windows and Linux. Once you are confident in your pentest skills after practicing in labs, you can take the exam. If you are not a newbie in Pen testing and aware of buffer overflow exploitation, you can skip this section and start enrolling. Check out various videos on YouTube on basic concepts such as port-scanning, web application testing, etc.

Sometimes research on simple concepts will give good ideas on enumeration, for e. Metasploit is a very powerful tool and it is necessary for all the pen testers to know how to use it. Especially the Metasploit post-exploitation modules.

OSCP Blog Series – Decision Making to Register for OSCP

Refer to the following links:. Usage of Metasploit in the exam is limited to only one machine, but still, you can practice it in labs to know about the tool in depth. Buffer overflow is a very important concept you should practice.

oscp blog

Because, if you are good at exploiting buffer overflows, you are sure to get the maximum point machine in the practical exam. The following steps will make you not only understand the concept of a buffer overflow, but you can also do it by yourself. What is Buffer Overflow? After watching this video, you will get an idea on the concept behind buffer overflow.

Also, will increase your urge on learning buffer overflow. Assembly language primer by Vivek Ramachandran. Just go through the first 2 videos in this video series. That is enough for understanding the memory layout. Buffer Overflow Megaprimer by Vivek Ramachandran. In-depth video of buffer overflow where its explained in a very detailed way. Exploit Research Megaprimer by Vivek Ramachandran.

Real-time Exploitation of buffer overflow which will be very interesting, where exploitation is explained in stepwise clearly. You can even try it yourself as mentioned in the video for your practice. Many people shy away from preparing for buffer overflows because it helps to exploit only one machine in the exam. I have seen many people failing because of improper preparation on buffer overflows. Moreover, OSCP is not the target.

All the things you learn here is for the real world. OSCP is difficult — have no doubts about that! There is no spoon-feeding here. Refer to all the above references and do your own research on topics like service enumeration, penetration testing approaches, post exploitation, privilege escalation, etc.

Remember, always take notes as text with a separate note. They must be worked upon.Hello everyone! It has been a solid 2 months of learning, head-aches, sleepless nights, head-banging, and root dances. I will surely miss those hacking marathons starting around late afternoon and ending before the break of dawn. Disclaimer: This blog post is not intended to show you techniques that I learned from doing the course, but rather it will describe the path that I went through before successfully achieving this certification.

Ultimately, this blog post is meant to inspire and help others prepare for their own OSCP journey. I started to really learn about computers 9 years ago when I went to college about the age of Maybe I can become a game developer someday? This was my initial motivation for taking up Computer Science.

To build a kick-ass game like Ragnarok Online. During my second year in college, I decided to pursue Network Engineering as my specialization instead of Software Engineering. I realized that I wanted to know more about the inner workings of computer networks and the Internet instead of developing software or games. As part of the Network Engineering curriculum on our University, I took an introductory class to ethical hacking.

But somehow, I was very excited about this class. After successfully opening the lock, he then started to talk about the hacker culture and what it takes to become a hacker.

He told us some of his stories when he was still a student and how he managed to break some of the school systems while curiously experimenting with it. I was stunned. This guy is the real deal. Little did I know that my fate was about to change that day.

As the class went on, Vader discussed some basic concepts, taught us some technical stuff, and told us that we will start hacking computers on the first day. Just some basic stuff, nothing that difficult. If I remember right, we got a free pass for every other exams including the finals because of those little hacking exercises designed by Vader during our classes.

That was it.

Gchem solubility rules

I was totally hooked.I began my OSCP journey in the late fall of I want to give a brief description of what the OSCP is and how it is different than other certifications.

I also want to provide some advice that may help you along the way if you choose to pursue it. The quote above says it all. Lab time is bought in in one- to three-month increments, which gives you VPN access to a shared lab. You are also able to buy lab extensions at very affordable rates. These prices include the exam itself.

As far as certification and training goes, the OSCP is very affordable. Much more affordable than just about any other training program or certification.

Hormonal response and root architecture in

Where the OSCP is very expensive is in terms of time. It takes most people hundreds of hours of time, but the good news is the labs are actually quite fun well, at least most of the time. At times, it is a bit like playing a video game.

oscp blog

In terms of value for both your time and money, really nothing beats the return that the OSCP provides. The exam itself is just a smaller version of the labs. You are given 23 hours and 45 minutes to root as many machines as you can, and there are just a few in the exam.

Luomo e la città. verso uno sviluppo umano e sostenibile

Partial credit is given for low privilege shells. The best part about the labs is that nothing is off limits, so you can use any tools you want and any methods you want with very few limitations.

However, there are some restrictions on the actual exam. Those exceptions can be found on their website and basically boil down to not using commercial automated tools for vulnerability scanning and for exploitation.

There are no restrictions for nmap. I would recommend jumping in right away no matter where you are with your knowledge, your career or your experience level. I began this with pretty weak web hacking skills and procrastinating hacking machines where I knew that was the way in, but after a while, I took the time to develop those skills.

The books and classes never really stuck until I had to actually do the website hacking. Kali breaks and is unreliable. The software running on Kali breaks. One very common problem immediately after running updates on a Kali image is an infinite login loop, but this is easily solved.

Save yourself some trouble and back up at least once a week and have at least two good Kali images at any given time. For example, if you want to run nosqlmap. The command dos2unix usually works, too. It can be really frustrating to have a reverse shell or think you have onerun a command and not see anything come back and not even know if it ran or not.

Garmin autopilot for twin outboards

There are many other things you can do to clean up your shell and tty.

thoughts on “Oscp blog

Leave a Reply

Your email address will not be published. Required fields are marked *