+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 26

Thread: OSCP Narrative

  1. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #1

    Smile OSCP Narrative

    (((DISCLAIMER)))This is going to be very long. Sooooooo,


    I'm starting my OSCP journey tomorrow. I signed up for 30 days as that's what I can only afford as of this moment. I know that lab time is not enough considering my background (I'll get to it later on). However, I will make sure that I will get the most out of it. I will dedicate roughly 10 hours of videos/exercises while at work and around 8 hours after work. I work on a 4days ON/OFF schedule so I could get to learn on such basis.


    I made sure though that the missus understands what I will be going through and couldn't be more thankful of her support. However, we have a 2 year old son who won't understand that daddy has to drift away in the labs and succumb to the 'Try Harder' state of life. So, during my days off I can only pull off maybe 4 hours nightly. I hope this schedule works for me. I'll try to be as open as possible on a personal level with these posts (I'm an open book). I am doing this just to document my journey for personal reference so I'm not expecting and replies but hopefully this can help someone just like me out there.


    I believe that there is no such thing as "You've read too much OSCP reviews/experiences". I myself wanted to read alot of tips (except spoilers) as I need all the help I can get.


    MY BACKGROUND


    In 2011, I started out as an ISP tech support (the guys everyone yells at when there's no internet lol) for 1 year. I got into a remote support tech role (much like geek squad) where the company required and paid for my A+ cert. I've done it for 3 years. I have always been interested in Security so a colleague of mine who's kind of a mentor to me, suggested to learn Network/CCNA stuff for starters. Thinking that I could land a NOC/Network job as a pre requisite to Security, I took CCNA only to find out that you still have to have that entry level experience or atleast come from a Service Desk role. I had no luck finding that network nor security job. I, instead, started to look for a service desk role which I found on my second company where I learned mostly web hosting/cloud hosting stuff. During my down time, I would learn Security from the company's 'Skillsoft' platform. Our computers had access where we could install VirtualBox. I took advantage of it and downloaded Backtrack R5 (I heard this distro from my previous colleague that it had tools used to hack wifi passwords lol as well as the CEH) without knowing that Kali was the latest version. Through out my self studying, I read about the OSCP and was amazed that it was the same guys who created Kali/Backtrack LOL I was dumb/noob (still am). Fast forward, I eventually landed a Security role after 9 months in service desk. Thanks to my present company, the only company, who gave me the chance for THAT 1 interview and even paid for my Security+ cert.


    Everything I know is 'Basic' to nothing.


    - no scripting knowledge, did about 36% progress on python through Codeacademy. I forgot them now but can still understand basic python when I see it.


    - linux is basic as well, only used Kali, can do basic service start/stop, cat files, know what ftp is, how web servers work, general web hosting stuff (all them GUI based for administration), still having a hard time understanding the file/directory structure


    - A+ stuff still there (common places for infection, important registry stuff to check), not so good in hardware


    - Confident about my Google Fu though which I learned throughout my remote support tech stint


    Nothing too amazing.


    OSCP Prep


    - I bought my first PC two years ago, asked my colleauges for recommendations, mainly for Virtual lab practice, got distracted with games though, but I learned Metasploit, Nessus, some basic mass scanners during that phase and overall Kali stuff


    - I did alot of reading. Georgia Weidman and her course on cybrary. Metasploit unleashed, some how-tos' books on pentesting that I can't remember anymore.


    - I read walkthroughs of vulnhub machines as I didn't knwo what to do with them at first.


    - I just recently developed sort of a really really basic methodology in doing vulnhub machines, I was able to do kioptrix 1, kioptrix 2, Quaoar, Basic Pentesting 1, Seattle v0.3. I practiced on alot of those 'easy' and 'oscp' like boxes.


    - And I read alot of oscp reviews/tips/guides you name them I've read them (Personal favorite is the #aint_never_scared/Jumping in the ocean without knowing how to swim guy, I hope he passed)


    - Enumeration is the key and I believe that it is true just like with the vulnhub boxes that I've tried. These machines in the lab won't be there if there is no way to get in. So if I can't get into one of those boxes, it just means that I have to enumerate more




    All in all, I feel that the only way to prove that I am ready is to sign up, jump in, bite the bullet and go for it as I don't know what to expect anymore. Sure I have A LOT of things to learn and maybe had to prepare more but until I get the materials and feel the labs I wouldn't know. I'm being optimistic about this course yet I know that I will have to bang my head against the wall A LOT.


    I'm sorry for the messy structure of my post if someone is reading this. Good luck to anyone who's on the same boat.
    Reply With Quote Quote  

  2. SS
  3. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #2
    So I received the link to download the materials, I am currently downloading them and plan to start the materials in 20 minutes. My study should last for 7-8 hours today.
    Reply With Quote Quote  

  4. Member
    Join Date
    Apr 2017
    Posts
    40

    Certifications
    OSCP
    #3
    Very very good luck Sir. I hope to see you OSCP too soon.

    Also if you want to read one more review then read mine also ->
    https://medium.com/@LearnerPentest/o...t-af9ee3335a1c

    Thanks
    Reply With Quote Quote  

  5. Member
    Join Date
    May 2015
    Location
    Moon
    Posts
    32

    Certifications
    A+ 901 N+Ceh-linux only reading
    #4
    it is so hard but good Luck man
    Reply With Quote Quote  

  6. Member
    Join Date
    May 2015
    Location
    Moon
    Posts
    32

    Certifications
    A+ 901 N+Ceh-linux only reading
    #5
    good luck
    Reply With Quote Quote  

  7. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #6
    Alright so 5 hours in with the materials. I can say that of all the BOF tutorials I watched, I finally understood it because of Offsec. I'm still going at it and just took a 15 minute break as my eyes are hurting. I still have 2 more planned hours of sticking to the materials before I eat and sleep.

    Quote Originally Posted by aakashc1 View Post
    Very very good luck Sir. I hope to see you OSCP too soon.

    Also if you want to read one more review then read mine also ->
    https://medium.com/@LearnerPentest/o...t-af9ee3335a1c

    Thanks
    Thank you aakashc1! I've followed your oscp journey as well and glad that you passed. I enjoyed your review too as well as the gifs.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #7
    Quote Originally Posted by aakashc1 View Post
    Very very good luck Sir. I hope to see you OSCP too soon.

    Also if you want to read one more review then read mine also ->
    https://medium.com/@LearnerPentest/o...t-af9ee3335a1c

    Thanks
    Thank you for your well wishes Khal!
    Reply With Quote Quote  

  9. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #8
    Congrats on your pass too aakashc1! I forgot to include it on my previous reply.
    Reply With Quote Quote  

  10. Senior Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    138

    Certifications
    OSCP, OSWP, CISSP, CCNA Cyber Ops, Sec+
    #9
    Yeah, the BOF stuff in the course is just wonderful. It might not have nice animated slides, but you get what's happening.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  11. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #10
    Quote Originally Posted by OS36711 View Post
    Congrats on your pass too aakashc1! I forgot to include it on my previous reply.
    Right on ya LonerVamp, I've been coming across a lot of your posts here as well as on Reddit and I thank you for being very helpful at any medium you have access on.
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #11
    UPDATE


    So 23 days left on my lab time access. I have rooted 8 machines aside from Bob (which I got a low priv shell and will get back to it some time). I won't name the machines (as I cant find the energy to type the names individually but if you have access to the panel it's in ascending order). I felt that this is the time to update since I got to root Pain today. I got off of work and when i got home, I immediately worked on Pain as it was the next on my list. I am doing it in chronological order. I decided to call it a night and write this post while doing a basic enum on the next machine (just to have an idea on what is next tomorrow).


    I spent 6 hours on Pain as I was looking at a different vector. The lesson here guys is to just stick with the basics and do not overthink, I was thinking of a specific attack which costed me a lot of time had I not stuck to my plan. In the end, what I thought was the vector depended on other factors so I looked at another venue that gave me that much needed shell. Priv Esc is where I am very weak at so go and find ways on how to prepare and practice on priv esc.


    I have learned a lot in those 7 days of which 2 days were dedicated to the materials. The labs will definitely teach you a lot as you go along. Keep on studying guys.
    Reply With Quote Quote  

  13. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #12
    PS: my quotes aren't working or I'm just stupid enough no to know how to quote, lol. I'm quoting the specific posts but it's not producing the right post so I'm sorry for the wrong quotes. LOL
    Reply With Quote Quote  

  14. Member
    Join Date
    Jun 2015
    Posts
    46

    Certifications
    Security+ eJPT
    #13
    Quote Originally Posted by OS36711 View Post
    PS: my quotes aren't working or I'm just stupid enough no to know how to quote, lol. I'm quoting the specific posts but it's not producing the right post so I'm sorry for the wrong quotes. LOL
    How are you studying? Are you reading then trying out the labs?

    Good luck as well!
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    138

    Certifications
    OSCP, OSWP, CISSP, CCNA Cyber Ops, Sec+
    #14
    8 machines + going over the materials in just 7 days is pretty good! That said, rate isn't so important as you understanding your processes and methodically poking at things. I do like your approach with 30 days and doing what you can. I think only experienced testers take only 30 days to do most (if not all) of the lab and pass the exam. But I do think taking an exam attempt before clearing the lab is beneficial to see where you're at and inform the rest of the studies and/or lab usage.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  16. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #15
    Quote Originally Posted by Khohezion View Post
    How are you studying? Are you reading then trying out the labs?

    Good luck as well!
    So the way that I'm studying is that I finished up the materials but skipped the things I am familiar with such as Metasploit, OpenVAS and because they aren't allowed on the exam. I've rooted the machines manually. I skipped the topics Bypassing the AntiVirus, Pivoting as they would not be required for the exam. I will learn them after the exam and would actually extend 15 days of lab just for those.
    Reply With Quote Quote  

  17. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #16
    UPDATE:

    I have rooted 15 machines, still stuck at PrivEsc with Bob (I didn't try to come back yet). Gamma was supposed to be next on the list but some student was working on it and I didn't want to mess up with what he's doing so I skipped to Tophat. I rooted Tophat kinda easy yesterday but am stuck at Dotty for around 4 hours. I called it quits as I have to go to work the next morning. Now, I will continue working on Dotty. I've got 15 days of lab time left.
    Reply With Quote Quote  

  18. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #17
    Quote Originally Posted by LonerVamp View Post
    8 machines + going over the materials in just 7 days is pretty good! That said, rate isn't so important as you understanding your processes and methodically poking at things. I do like your approach with 30 days and doing what you can. I think only experienced testers take only 30 days to do most (if not all) of the lab and pass the exam. But I do think taking an exam attempt before clearing the lab is beneficial to see where you're at and inform the rest of the studies and/or lab usage.
    Hey LonerVamp! Thank you for your kind words. I thank you for your insight about scheduling the exam. I have scheduled my exam on April 8. I thought that since I am extending my labs for 15 days with a free retake (budget is really tight) I might as well take the exam and gauge where I am at so I can prepare for the 2nd attempt (hopefully not). I hope to pass on the first attempt so I can fully concentrate on clearing the lab on my 15 day extension.
    Reply With Quote Quote  

  19. Junior Member Registered Member
    Join Date
    Mar 2011
    Location
    Scotland
    Posts
    5

    Certifications
    CISSP, ITILv3, Security +
    #18
    Good luck man. I too am new to security. I passed CISSP last year, and that made me realise that I could apply myself and learn new things. I now want to solidify my knowledge with some hands-on pentest experience. I am starting off with CEH and then work my way upto OCSP.
    Reply With Quote Quote  

  20. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #19
    Quote Originally Posted by chapter View Post
    Good luck man. I too am new to security. I passed CISSP last year, and that made me realise that I could apply myself and learn new things. I now want to solidify my knowledge with some hands-on pentest experience. I am starting off with CEH and then work my way upto OCSP.
    Nice! I know sometimes we lose motivation but just don't lol, I suggest when you're done with CEH. Go and start learning Metasploit so you'd have an idea on how the process of port scan -> vulnerability detection -> exploitation -> post exploitation. That was what helped me at least. Then you go and tinker with vulnhub VM's. I think the most basic preparation that helped me is to know what you will do when you are presented with a vulnerable VM. If you can't successfully exploit the machine, at least you got the basics of finding that vulnerability. OSCP comes in helping you learn step by step from the basics. I have learned a lot in this course and I'm not even done yet. So good luck to us and happy learning!
    Reply With Quote Quote  

  21. Junior Member Registered Member
    Join Date
    Mar 2011
    Location
    Scotland
    Posts
    5

    Certifications
    CISSP, ITILv3, Security +
    #20
    Quote Originally Posted by OS36711 View Post
    Nice! I know sometimes we lose motivation but just don't lol, I suggest when you're done with CEH. Go and start learning Metasploit so you'd have an idea on how the process of port scan -> vulnerability detection -> exploitation -> post exploitation. That was what helped me at least. Then you go and tinker with vulnhub VM's. I think the most basic preparation that helped me is to know what you will do when you are presented with a vulnerable VM. If you can't successfully exploit the machine, at least you got the basics of finding that vulnerability. OSCP comes in helping you learn step by step from the basics. I have learned a lot in this course and I'm not even done yet. So good luck to us and happy learning!
    Thanks! I bought a bunch of the recommended books 2 weeks ago and downloaded Kali Linux onto a USB. All jargon at present lol...but should get my head around it with time.
    Reply With Quote Quote  

  22. Junior Member
    Join Date
    Mar 2018
    Posts
    14
    #21
    Alright, so It has been a long time since my last update. I did pass the exam last week and received the confirmation 48 hours after submitting my final exam report. It was the best certification I have taken, I have learned more than I can imagine in my lifetime, it has just opened up a lot of things that I know I can now learn because of this experience. It has been a week and it is still not sinking in. Best of luck to anyone in the same boat. Always remember that If I can pass this, then you shall too. That is what at least I wanted to think. If you are struggling, always ask yourself "How bad do I want this?", pick yourself up and go at it again.
    Reply With Quote Quote  

  23. Senior Member Mooseboost's Avatar
    Join Date
    Jan 2015
    Location
    North Carolina
    Posts
    702

    Certifications
    CEH, CCNA: R&S, eJPT, JNCIS-SEC, CompTIA CSA+, CompTIA Security+, CompTIA Network+
    #22
    Congrats man! You did an awesome job with the lab and the exam.
    Reply With Quote Quote  

  24. Member
    Join Date
    Oct 2016
    Location
    North Carolina
    Posts
    33

    Certifications
    CISSP, GPEN, CEHv7, Sec+, ITILv3
    #23
    Congratulations on the pass!!
    Reply With Quote Quote  

  25. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,543

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, AWS CCP, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #24
    Congrats on the pass!!! You moving on to more advanced PT certs?
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, AWS CCP, CEHv8, CHFIv8, ITIL-F, BSBA - UF, MSISA - WGU
    Currently Working On: MS Cybersecurity, AWS Certified Security - Specialty, Learning Linux & Python
    Next Up:​ AWS Certified Solutions Architect - Associate
    Reading:​ A Cloud Guru, Code Academy
    Reply With Quote Quote  

  26. Member Naruto985's Avatar
    Join Date
    Mar 2018
    Posts
    44
    #25
    Congrats on passing the exam
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks