Path to OSCP - FIN

#PathToOSCP - FIN. Recap of the course, how to prepare.

Brief notes I had for myself:

Passed OSCP (YAY!) – Share HOWTO – Many many thanks for everyone who has reached out during and after the exam – Shoutout to @SecWorkX – Your story blew me away, thank you!

Recap:

1st month: – 40 hr/wk work – 7×6 = 42hr/wk studies (total 180h during first 30d)

2nd month: – still 40h/wk work – 7×5 ~35h/wek studies

Exam: – on 68th day – last week before exam only lab…

View On WordPress

Path to OSCP - OSCP.

#PathToOSCP - #OSCP

Dear Jan,

We are happy to inform you that you have successfully completed the Penetration Testing with Kali Linux certification exam and have obtained your Offensive Security Certified Professional (OSCP) certification.

View On WordPress

Path to OSCP - Part 23, Hope

#PathToOSCP - Part 23, Hope. Exam done. Feeling hopeful and definitely relieved & exhausted.

This post is going to be brief.

Exam done. Got 3 hrs of sleep. Sent my reports 30 minutes ago.

Got 60 solid points and then unknown points for a low priv + lab/exercise reports. The latter should max out at 5+5 if I didn’t screw up anything in the reports. I have no idea what a low priv is worth.

But I am very, very, very hopeful that those combined should net me a positive result.

Certain? Nope.…

View On WordPress

Path to OSCP - Part 22, Redo the needful

#PathToOSCP - Part 22, Redo the needful. Wrap up, honing lab+exercise reports, feeling ready!

It’s a wrap

Well… sorta.

I am — no, I did not keep taking the exam from y’all. Nope, not THAT done.

Let me explain …

But as far as aiming to pwn new machines, yeah. I have quenched my thirst for more pwnage and am actually feeling like I want to be done with the course so I can move on to actually apply these skills on projects…

View On WordPress

Path to OSCP - Part 21, some Qs and As

#PathtoOSCP - Part 21, some Qs and As: Time management, PWK prep, tips for tools, CISSP, links

You asked and I ans– ramble-answered!

Show notes

Q Hey do you have any intresting links or guide about pivoting or intresting recon tools to recommend? A Unfortunately most recon tools are already well-known and by themselves are not ‘interesting’ — e.g. nmap, enum4linux etc. I just learned of unicornscan and one-twopunch.sh Pivoting…

View On WordPress

Path to OSCP - Part 20, s02e02

#PathtoOSCP - Part 20, s02e02 - semi-rant about irc help and my own rusty skills

Le sigh

I just reviewed the video I am posting and gosh darn it if it did not turn out to be half-rant even though I did not want to! Sorry. I go on about people asking for (too much) help — a topic which I have already covered in a previous video.

Well some hopefully valuable things I can share with you:

Excellent cheat sheet for…

View On WordPress

Path to OSCP - Part 19, Back in the labs!

Path to OSCP – Part 19, Back in the labs!

I’m back!

Oh boy, it feels good to be back.

I got back home last night (22 hrs ago) and I got my renewed lab access 12 hours later.

So far I have spent my time on:

What is this ‘en map’ you speak of

Dear lord, so many machines!

Okay, I can do this. Let’s start by rechecking all previously owned machines

WHAT DO YOU MEAN YOU CAN’T INSTALL PARALLELS TOOLS!

And what do YOU mean you can’t find CPU0…

View On WordPress

Good security practices from Slack - Distributed security alerting

Good security practices from Slack – Distributed security alerting

In Distributed Security Alerting Ryan Huber describes some pitfalls of common security ‘best practices’ of monitoring systems.

Most of the things he has issues with, I’ve experienced first-hand in security and sysadmin work in general.

He then explains how at Slack they have a reactive system where the automation asks you whether you just ran some sensitive commands or not and then requires two…

View On WordPress

Excellent video on physical red teaming Don't let the sensationalist headline 'WATCH HOW HACKERS BREAK INTO THE US POWER GRID' fool ya.

Link: The Sniper Attack against Tor Network

Link: The Sniper Attack against Tor Network

The Naval Research Labs has a conference paper to a new type of attack against the Tor Network.

an adversary may consume a victim relay’s memory by as much as 2187 KiB/s [903 median] while using at most only 92 KiB/s [46 median] of upstream bandwidth. — a strategic adversary could disable all of the top 20 exit relays in only 29 minutes, thereby reducing Tor’s bandwidth capacity by 35 percent.

View On WordPress

A great article on website bloat - The Website Obesity Crisis

A great article on website bloat – The Website Obesity Crisis

Maciej Cegłowski (the maker of Pinboard) writes on his blog idlewords a longish but to the point article on the causes and effects of big web pages.

It starts off to a bit of a rocky start – in my view – with comparing the web site sizes to the literary works of Russian writers, but I don’t think the physical comparison of web page sizes to big books is solid enough. But the article gets better…

View On WordPress

Path to OSCP - Appendix A, How to ask for help

Path to OSCP - You are all spies! And I love helping you all regardless!

  You are all spies.

There! I said it.

But what I am really saying is that due to real-life stuffs I have learned me some OpSec even though it might not look like it since I do share a lot of myself online.

And what I mean by OpSec in this context is that I expect each and every last single one of you to be a covert operative trying…

View On WordPress

Path to OSCP - Part 18, Self-assessment and next steps

Path to OSCP – Part 18, Self-assessment and next steps

Hello World,

I appreciate your messages. I read them mostly the same day you sent them, but I’ve been just slowly digesting all of the overwhelmingly supportive feedback I’ve gotten.

I’m making this post-exam posting on my thoughts on my exam now with a clear mind and also what are the thoughts going forward. And I am going forward.…

View On WordPress

Path to OSCP - Part 17, Failure is always an option

Path to OSCP – Part 17, Failure is always an option

Did I pass?

*ahem* no O O o o o 。 。 . . . pe

Now if you still want to see me go through the ups and downs of this exam, read on . . .

Things I can say without revealing anything of the exam:

Like in the labs, I had important stuffjust laying around on my hard disk due to lack of diligence. This made me waste several precious hours…

View On WordPress

Path to OSCP - Part 16, The Day Before

Path to OSCP - Part 16: The Day Before.

I managed to finish the lab report. You might think it ain’t exactly a miracleand I would agree with you. BUT. For some reason I had a really hard time trying to get my mind focus on the documentation as I started of with the PWK Lab Report template that had plenty of pre-filled text as boilerplate to show what is expected of a good…

View On WordPress

Path to OSCP - Part 15, Days 26-30

Path to OSCP - Part 15: Labs done. Exam prep begins. Time to make tools! D-DAY minus 3.

LABS DONE. POW!

10 WOOOOO DONE \o/ 20 OHSHI OHSHI OHSHI!!!!! 30 GOTO 10

Final tally:

27 machines rooted with proof

+ 2 machines left in low privileged shell (one of these is still Pain)

2/3 networks opened – to be honest, I don’t feel like I was even close with Admin.

170 hours spent attacking the labs / doing exercises

10 hours…

View On WordPress

Path to OSCP - Part 14, Days 22-25

Path to OSCP - Part 14: Things go better when following plans. The end is nigh!

5 days of labs

1 full weekend

8 days till exam

22 machines done

2/3 network secrets unlocked

Interesting stuff I found during this week:

BackTrack Linux Wiki: Pentesting VOIP

How to use BITS for downloading on command line

Online disassembler for checking your payloads (found previously, forgot to link)

I learnt that you can open…

View On WordPress