Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

OSCP Study

  • 30-06-2016 11:52pm
    #1
    Registered Users, Registered Users 2 Posts: 11


    I am currently tackling the OSCP, and finding it quite difficult. Is they anybody interested in working as a group through the labs.

    Thanks


«1

Comments

  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Roottoor wrote: »
    I am currently tackling the OSCP, and finding it quite difficult. Is they anybody interested in working as a group through the labs.

    Thanks

    Sure, where are you based?


  • Registered Users, Registered Users 2 Posts: 11 Roottoor


    syklops wrote: »
    Sure, where are you based?

    Hi skylops, I am based in Dublin 15. Are you currently working towards the oscp ??


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Roottoor wrote: »
    Hi skylops, I am based in Dublin 15. Are you currently working towards the oscp ??

    Yeah. I have been reading the material, but I got a bit distracted the last couple of months. My friend sat the exam on Saturday and it has rekindled my motivation to pass it.


  • Registered Users, Registered Users 2 Posts: 11 Roottoor


    Its defo one to be tackled over time. I booked ninety days and threw away 10 for holidays. Hoped to tackle it hard for last week or so I was off but I have just decided to tip away at it for the next 60 days. I am not a pentester, but I work in infosec. I wanted to take this on for fun and to learn, although its a lot harder than I thought.

    Are you based in Dublin?


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Roottoor wrote: »

    Are you based in Dublin?

    Yep. South Side. Lets take this to PMs.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,917 ✭✭✭B00MSTICK


    I'll be taking a 15 day extension and booking the exam soon after that - I have a good few of the initial lab machines done


  • Registered Users, Registered Users 2 Posts: 17 t4ff


    I'll be registering for it in 30 days or so. I currently work freelance so will be able to give a good amount of time to it (borderline full-time hours), but still unsure if I should go for 60 days vs 30?


  • Registered Users, Registered Users 2 Posts: 3,663 ✭✭✭pah


    Going to start this myself in about 2 weeks when I'm back from hols. Been meaning to do it for over 18 months now. I think I'm going to go for 90 days of lab access. I'm in Cork.
    What about a discussion group on viber/WhatsApp or something similar?


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    For people who are about to register for Lab Access, make sure you're exploit dev skills are up to speed. If not, you risk wasting lab access time getting up to speed on how to develop exploits for the services you encounter.


  • Registered Users, Registered Users 2 Posts: 357 ✭✭Ctrl Alt Del


    Hi,
    Whats the realistic time frame from registering,studying and sitting the exam !?
    Thanks


  • Advertisement
  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Hi,
    Whats the realistic time frame from registering,studying and sitting the exam !?
    Thanks

    Depends on your skills before you start, but I would recommend 3 months of pre-study/pre-reading, and then 3 months to register, study the material and go for the exam.

    Pre-study would involve, if you arent already familiar:

    Linux commands, navigation of a linux system etc(no issue for you Ctrl Alt Del ;))
    Basic Python
    Basic C
    Basic Shell scripts
    Shell coders Handbook is a worthy read
    Be comfortable with Metasploit, but dont rely on it.
    Review some Web App pen testing methodologies and try out vulnerable web apps like Damn Vulnerable Web App and Metasploitable.

    YMMV depending on your experience, for some people the above can be accomplished in a weekend, for others it'd take 3 months, but either way have the above as a minimum before registering.


  • Registered Users, Registered Users 2 Posts: 17 t4ff


    syklops wrote: »
    Depends on your skills before you start, but I would recommend 3 months of pre-study/pre-reading, and then 3 months to register, study the material and go for the exam.

    Pre-study would involve, if you arent already familiar:

    Linux commands, navigation of a linux system etc(no issue for you Ctrl Alt Del ;))
    Basic Python
    Basic C
    Basic Shell scripts
    Shell coders Handbook is a worthy read
    Be comfortable with Metasploit, but dont rely on it.
    Review some Web App pen testing methodologies and try out vulnerable web apps like Damn Vulnerable Web App and Metasploitable.

    YMMV depending on your experience, for some people the above can be accomplished in a weekend, for others it'd take 3 months, but either way have the above as a minimum before registering.

    This is pretty much the exact list of stuff I've been working on recently.

    What about a Slack group or something for Boards.ie guys working on it?


  • Registered Users, Registered Users 2 Posts: 11 Roottoor


    t4ff wrote: »
    This is pretty much the exact list of stuff I've been working on recently.

    What about a Slack group or something for Boards.ie guys working on it?

    Sorry guys I started a new job on Monday but I will pick this back up this weekend. I would like to get a group together to tackle this. If any interested parties want to pm me we can take this offline.

    By the way I jumped straight into it with 90 days and flew through the labs and guide book. This was when I was off for nearly two weeks. Once I started tackling the labs I hit a wall. I should have followed something like the advice above but I am knee deep now, so no going back.


  • Posts: 0 [Deleted User]


    Roottoor wrote: »
    Once I started tackling the labs I hit a wall. I should have followed something like the advice above but I am knee deep now, so no going back.

    The materials are more like a guide to the process, there really is a lot of research required before taking on the labs.

    I had the same issue with the labs, I was too busy with work and other things going on that I didn't dedicate enough time :(
    I'll be interested in joining you guys after August just don't have enough time at the moment to dedicate.

    For anybody else thinking of taking this exam, skylops summarised the prep really well above. Also the book "Penetration Testing : A Hands-on Introduction to Hacking" is a good intro on what to expect.


  • Registered Users, Registered Users 2 Posts: 4,331 ✭✭✭Keyzer


    Roottoor wrote: »
    Sorry guys I started a new job on Monday but I will pick this back up this weekend. I would like to get a group together to tackle this. If any interested parties want to pm me we can take this offline.

    By the way I jumped straight into it with 90 days and flew through the labs and guide book. This was when I was off for nearly two weeks. Once I started tackling the labs I hit a wall. I should have followed something like the advice above but I am knee deep now, so no going back.

    What background are you coming from? Do you have prior experience in this stuff beforehand?

    I'm based in D15 also but I wont be going near OSCP for at least two years. Two young kids dominate my free time at the moment. That and my commitments as an international drug smuggler.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    t4ff wrote: »
    This is pretty much the exact list of stuff I've been working on recently.

    What about a Slack group or something for Boards.ie guys working on it?

    +1 for a slack group.

    Maybe define a reading list which everyone should read? It'll prevent us going over old ground. Just a thought.


  • Registered Users, Registered Users 2 Posts: 4,331 ✭✭✭Keyzer


    Does anyone know of any resources that can allow someone to prep for the labs in a practical sense?

    I know vulnhub.com has an incredible amount of virtual machines but I struggle at times to find them relevant. They are more like puzzles where the author finds some obscure web server software with a specific vulnerability and hides clues in the likes of pictures.

    All well and good but I'm looking for more real world examples. I have a domain controller running on my mac along with an instance of Kali and recently pulled all the files required to crack the AD database and own the domain. Very satisfying and something which would be useful in a real world testing scenario.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Keyzer wrote: »
    Does anyone know of any resources that can allow someone to prep for the labs in a practical sense?

    I know vulnhub.com has an incredible amount of virtual machines but I struggle at times to find them relevant. They are more like puzzles where the author finds some obscure web server software with a specific vulnerability and hides clues in the likes of pictures.

    All well and good but I'm looking for more real world examples. I have a domain controller running on my mac along with an instance of Kali and recently pulled all the files required to crack the AD database and own the domain. Very satisfying and something which would be useful in a real world testing scenario.

    I have just what you want right here: lab.pentestit.ru


  • Registered Users, Registered Users 2 Posts: 4,331 ✭✭✭Keyzer


    syklops wrote: »
    I have just what you want right here: lab.pentestit.ru

    Brilliant - I came across that before but lost the link along the way. Nice one...

    I like the idea of this thread, we should put some structure around it i.e. reading materials, practical learning etc.


  • Registered Users, Registered Users 2 Posts: 3,663 ✭✭✭pah


    Keyzer wrote: »
    Roottoor wrote: »
    Sorry guys I started a new job on Monday but I will pick this back up this weekend. I would like to get a group together to tackle this. If any interested parties want to pm me we can take this offline.

    By the way I jumped straight into it with 90 days and flew through the labs and guide book. This was when I was off for nearly two weeks. Once I started tackling the labs I hit a wall. I should have followed something like the advice above but I am knee deep now, so no going back.

    What background are you coming from? Do you have prior experience in this stuff beforehand?

    I'm based in D15 also but I wont be going near OSCP for at least two years. Two young kids dominate my free time at the moment. That and my commitments as an international drug smuggler.

    Meh. I've 5 young kids and I'm going to go for it.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,331 ✭✭✭Keyzer


    pah wrote: »
    Meh. I've 5 young kids and I'm going to go for it.

    Where are you going to find the time to dedicate to studying for this? From research, the recommended amount of time required to study for this exam is 3-4 hours. Daily. Unless you can study in work, I don't know how you could find the time or the right environment to study in with 5 kids.


  • Registered Users, Registered Users 2 Posts: 17 t4ff


    syklops wrote: »
    I have just what you want right here: lab.pentestit.ru

    CTF365.com is also also a good resource. Similar setup to the PWK labs. Option for free or pay monthly, but you get a free 30 days when you first sign up (I think they're still doing that).

    They've also had a new update that gives paid users boxes to harden and defend, while attacking other team's servers.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    t4ff wrote: »
    CTF365.com is also also a good resource. Similar setup to the PWK labs. Option for free or pay monthly, but you get a free 30 days when you first sign up (I think they're still doing that).

    They've also had a new update that gives paid users boxes to harden and defend, while attacking other team's servers.

    And then CTF365 spams you morning noon and night until you setup a filter to delete messages from them or actually pay for "platinum access" or whatever it is they call it. Pentestit.ru is totally free and amazingly similar to the real OSCP lab.


  • Registered Users, Registered Users 2 Posts: 17 t4ff


    syklops wrote: »
    And then CTF365 spams you morning noon and night until you setup a filter to delete messages from them or actually pay for "platinum access" or whatever it is they call it. Pentestit.ru is totally free and amazingly similar to the real OSCP lab.

    Just took a look and seems like all my CTF365 e-mails go to spam by default. Not a problem I ever noticed!

    I took full advantage of the free 30 days, but there's not quite enough there to convince me to shell out for the monthly fee.


  • Registered Users, Registered Users 2 Posts: 3,663 ✭✭✭pah


    Keyzer wrote: »
    pah wrote: »
    Meh. I've 5 young kids and I'm going to go for it.

    Where are you going to find the time to dedicate to studying for this? From research, the recommended amount of time required to study for this exam is 3-4 hours. Daily. Unless you can study in work, I don't know how you could find the time or the right environment to study in with 5 kids.
    Finished my masters last Dec, 2 yrs part time and #5 arrived right in the middle. I just get on with it, great support from OH. I work shifts and I'm pretty busy most of the time in work but sometimes I can do a bit when I'm on nights, not very often though. I might be underestimating OSCP I've been thinking 12-15hrs PW should do it. I'm coming off the back of lots of linux, python, and bash from my masters so hope to keep that rolling into this.

    Once I get the lab access I'll be going all out for the 90 days. I'll try and take the exam then within 2 weeks of finishing the labs.


  • Registered Users, Registered Users 2 Posts: 4,331 ✭✭✭Keyzer


    Created a slack group for this. If anyone is interested in joining then DM me your email address.


  • Registered Users, Registered Users 2 Posts: 17 t4ff


    Keyzer wrote: »
    Created a slack group for this. If anyone is interested in joining then DM me your email address.

    DM sent!


  • Registered Users, Registered Users 2 Posts: 3,663 ✭✭✭pah


    Keyzer wrote: »
    Created a slack group for this. If anyone is interested in joining then DM me your email address.

    DM sent also. Great idea.


  • Registered Users, Registered Users 2 Posts: 12 calmness


    Keyzer wrote: »
    Created a slack group for this. If anyone is interested in joining then DM me your email address.

    Hi, I'm also preparing for OSCP. Can you please add me to the group? Sent DM.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1 rreimao


    I'm also preparing for OSCP. I will DM you guys.

    I'm currently doing the lab.pentestit.ru, does anyone know if it's harder/easier than the OCSP?
    Some of the labs on the pentestit.ru are insane. Not for being hard, but for being things that I would never imagine (like port knocking).


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    rreimao wrote: »
    I'm also preparing for OSCP. I will DM you guys.

    I'm currently doing the lab.pentestit.ru, does anyone know if it's harder/easier than the OCSP?
    Some of the labs on the pentestit.ru are insane. Not for being hard, but for being things that I would never imagine (like port knocking).

    A pentester I hold in the highest regard spent 3 months on pentestit.ru and then failed the OSCP exam. The OSCP mantra is "Try Harder". With that kind of mentality behind it, I suppose it can't be difficult enough. Hopefully its a bit harder than the OSCP test environment.


  • Registered Users, Registered Users 2 Posts: 11 Roottoor


    I am also tackling the OSCP, wondering can I get added to the group. Thanks


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Anyone one of you take the exam yet?
    I've started my studying today.


  • Registered Users, Registered Users 2 Posts: 4,331 ✭✭✭Keyzer


    I'm binning the Slack group next Monday due to lack of activity - anyone else wants to become Admin let me know.


  • Posts: 11,614 ✭✭✭✭ [Deleted User]


    Keyzer wrote: »
    I'm binning the Slack group next Monday due to lack of activity - anyone else wants to become Admin let me know.

    To be honest the boards thread is probably enough if people have questions. Slack and IRC for things like this can serve as more of a distraction than anything.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    I'm signing up this Monday for the 90 days lab access, course starts FEB 12th.
    I came across a very good thread on techexams called oscp-jollyfrogs-tale.


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Dear ######,

    We are happy to inform you that you have reserved a seat for the Offensive Security Penetration Testing with Kali Linux (PWK) online course starting on Sun, 29 Jan 2017, 00:00 (Europe/Dublin). Your seat will be confirmed and scheduled after payment has been received.

    I'm really looking forward to this challenge.


  • Posts: 0 [Deleted User]


    Best of luck moneymad, I need to get back to doing this myself. Working a full time job in forensics doesn't make it easy :(


  • Registered Users, Registered Users 2 Posts: 2,216 ✭✭✭Kur4mA


    So did anyone actually get their OSCP certification yet?

    I'm going to brush up on my coding/scripting at the moment reading Automate the Boring Stuff with Python and doing all of the exercises, then creating a few handy scripts based on what I learn. After that, I plan to get back to doing some VM's from VulnHub and reading as much of the recommended reading material given by jollyfrogs on techexams. His path to the OSCP was linked above and has lots of great detail. His reading material is fairly exhaustive as he says and might have been insanely over the top but I've already read a fair few of them on my travels.

    I spent the most interesting part of my degree in college using Kali and learning a ton, but never stuck to my plan of going after the OSCP. I plan to get cracking on it later in the year, all going to plan. :)


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Best of luck moneymad, I need to get back to doing this myself. Working a full time job in forensics doesn't make it easy :(
    Thanks Niall. I know the feeling very well. Forensics would be very interesting.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Kur4mA, Ya, scripting is a massive part of it. The amount of reading material is sickening. Jollyfrogs approach to obtaining the cert was brilliant.


  • Registered Users, Registered Users 2 Posts: 2,216 ✭✭✭Kur4mA


    moneymad wrote: »
    Kur4mA, Ya, scripting is a massive part of it. The amount of reading material is sickening. Jollyfrogs approach to obtaining the cert was brilliant.

    Very clever approach but just that reading material alone is a massive undertaking, lol. Hopefully the missus doesn't disown me!


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Nearly one week into the course and I spent the whole week learning bash scripting.
    So far I've automated the creation of a folder structure for each live host along with nmap scan results copied into each hosts folder.
    150 lines of bash , christ
    Next onto service enumeration. Another week of that id say.


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Hi, took the exam yesterday at 3pm and finished today at 3pm. I managed to only get 25 points out of 100.

    This cert is deadly lads. I've added more lab time and i'm going for it again in a few weeks.
    Anyone thinking of doing this cert I would say go for it. It's very enjoyable and you learn so much cool stuff.


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Took the exam again last week and failed with around 45%.
    I have to wait 2 weeks before i can book it again.


  • Registered Users, Registered Users 2 Posts: 2,626 ✭✭✭timmywex


    Keep trucking, identify what you're missing or areas that you need to brush up on and really concentrate on them. Sometimes a bit of luck helps you along the way too!


  • Posts: 11,614 ✭✭✭✭ [Deleted User]


    moneymad wrote: »
    Took the exam again last week and failed with around 45%.
    I have to wait 2 weeks before i can book it again.

    I wouldnt rush into another attempt. Identify the areas you didn't do well in and brush up on them. Maybe your technique needs streamlining.

    Chin up. Theres a reason its one of the most difficult exams out there, and theres a reason for the respect it commands once you get it.

    Edit: I've said this before but one of my friends who I reckon is one of the best hackers in Ireland did the OSCP and failed on the first attempt.


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Rock solid advice lads. I held off on the quick retake and waited till last week - I was 10 points off a pass.
    Nearly there.


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Failed at my fourth attempt. I'm 2 weeks into a 6 week cooling off period. I'm sitting it again at the beginning of October. My methodology is not working at all.
    Moving onto doing vulnhub and metasoloitable VMS as the labs are costing me a fortune since February.


  • Registered Users, Registered Users 2 Posts: 882 ✭✭✭moneymad


    Great news. After not giving up I passed it on my sixth attempt on Wednesday. With 20 minutes left I got the last machine to pass.


  • Advertisement
Advertisement