OSCP Study

Roottoor · 01-07-2016 12:52AM #1

I am currently tackling the OSCP, and finding it quite difficult. Is they anybody interested in working as a group through the labs.

Thanks

syklops · 02-07-2016 05:20PM

Roottoor wrote: »

I am currently tackling the OSCP, and finding it quite difficult. Is they anybody interested in working as a group through the labs.

Thanks

Sure, where are you based?

Roottoor · 02-07-2016 07:38PM

syklops wrote: »

Sure, where are you based?

Hi skylops, I am based in Dublin 15. Are you currently working towards the oscp ??

syklops · 03-07-2016 12:54AM

Roottoor wrote: »

Hi skylops, I am based in Dublin 15. Are you currently working towards the oscp ??

Yeah. I have been reading the material, but I got a bit distracted the last couple of months. My friend sat the exam on Saturday and it has rekindled my motivation to pass it.

Roottoor · 03-07-2016 01:12AM

Its defo one to be tackled over time. I booked ninety days and threw away 10 for holidays. Hoped to tackle it hard for last week or so I was off but I have just decided to tip away at it for the next 60 days. I am not a pentester, but I work in infosec. I wanted to take this on for fun and to learn, although its a lot harder than I thought.

Are you based in Dublin?

syklops · 03-07-2016 07:57PM

Roottoor wrote: »

Are you based in Dublin?

Yep. South Side. Lets take this to PMs.

B00MSTICK · 04-07-2016 09:48AM

I'll be taking a 15 day extension and booking the exam soon after that - I have a good few of the initial lab machines done

t4ff · 04-07-2016 10:44AM

I'll be registering for it in 30 days or so. I currently work freelance so will be able to give a good amount of time to it (borderline full-time hours), but still unsure if I should go for 60 days vs 30?

pah · 04-07-2016 03:09PM

Going to start this myself in about 2 weeks when I'm back from hols. Been meaning to do it for over 18 months now. I think I'm going to go for 90 days of lab access. I'm in Cork.
What about a discussion group on viber/WhatsApp or something similar?

syklops · 04-07-2016 03:16PM

For people who are about to register for Lab Access, make sure you're exploit dev skills are up to speed. If not, you risk wasting lab access time getting up to speed on how to develop exploits for the services you encounter.

Ctrl Alt Del · 05-07-2016 12:08PM

Hi,
Whats the realistic time frame from registering,studying and sitting the exam !?
Thanks

syklops · 05-07-2016 12:59PM

Ctrl Alt Del wrote: »

Hi,
Whats the realistic time frame from registering,studying and sitting the exam !?
Thanks

Depends on your skills before you start, but I would recommend 3 months of pre-study/pre-reading, and then 3 months to register, study the material and go for the exam.

Pre-study would involve, if you arent already familiar:

Linux commands, navigation of a linux system etc(no issue for you Ctrl Alt Del

)
Basic Python
Basic C
Basic Shell scripts
Shell coders Handbook is a worthy read
Be comfortable with Metasploit, but dont rely on it.
Review some Web App pen testing methodologies and try out vulnerable web apps like Damn Vulnerable Web App and Metasploitable.

YMMV depending on your experience, for some people the above can be accomplished in a weekend, for others it'd take 3 months, but either way have the above as a minimum before registering.

t4ff · 05-07-2016 09:33PM

syklops wrote: »

Depends on your skills before you start, but I would recommend 3 months of pre-study/pre-reading, and then 3 months to register, study the material and go for the exam.

Pre-study would involve, if you arent already familiar:

Linux commands, navigation of a linux system etc(no issue for you Ctrl Alt Del )
Basic Python
Basic C
Basic Shell scripts
Shell coders Handbook is a worthy read
Be comfortable with Metasploit, but dont rely on it.
Review some Web App pen testing methodologies and try out vulnerable web apps like Damn Vulnerable Web App and Metasploitable.

YMMV depending on your experience, for some people the above can be accomplished in a weekend, for others it'd take 3 months, but either way have the above as a minimum before registering.

This is pretty much the exact list of stuff I've been working on recently.

What about a Slack group or something for Boards.ie guys working on it?

Roottoor · 05-07-2016 09:42PM

t4ff wrote: »

This is pretty much the exact list of stuff I've been working on recently.

What about a Slack group or something for Boards.ie guys working on it?

Sorry guys I started a new job on Monday but I will pick this back up this weekend. I would like to get a group together to tackle this. If any interested parties want to pm me we can take this offline.

By the way I jumped straight into it with 90 days and flew through the labs and guide book. This was when I was off for nearly two weeks. Once I started tackling the labs I hit a wall. I should have followed something like the advice above but I am knee deep now, so no going back.

06-07-2016 08:00AM

Roottoor wrote: »

Once I started tackling the labs I hit a wall. I should have followed something like the advice above but I am knee deep now, so no going back.

The materials are more like a guide to the process, there really is a lot of research required before taking on the labs.

I had the same issue with the labs, I was too busy with work and other things going on that I didn't dedicate enough time

I'll be interested in joining you guys after August just don't have enough time at the moment to dedicate.

For anybody else thinking of taking this exam, skylops summarised the prep really well above. Also the book "Penetration Testing : A Hands-on Introduction to Hacking" is a good intro on what to expect.

Keyzer · 11-07-2016 11:06AM

Roottoor wrote: »

Sorry guys I started a new job on Monday but I will pick this back up this weekend. I would like to get a group together to tackle this. If any interested parties want to pm me we can take this offline.

By the way I jumped straight into it with 90 days and flew through the labs and guide book. This was when I was off for nearly two weeks. Once I started tackling the labs I hit a wall. I should have followed something like the advice above but I am knee deep now, so no going back.

What background are you coming from? Do you have prior experience in this stuff beforehand?

I'm based in D15 also but I wont be going near OSCP for at least two years. Two young kids dominate my free time at the moment. That and my commitments as an international drug smuggler.

syklops · 11-07-2016 02:03PM

t4ff wrote: »

This is pretty much the exact list of stuff I've been working on recently.

What about a Slack group or something for Boards.ie guys working on it?

+1 for a slack group.

Maybe define a reading list which everyone should read? It'll prevent us going over old ground. Just a thought.

Keyzer · 12-07-2016 09:32AM

Does anyone know of any resources that can allow someone to prep for the labs in a practical sense?

I know vulnhub.com has an incredible amount of virtual machines but I struggle at times to find them relevant. They are more like puzzles where the author finds some obscure web server software with a specific vulnerability and hides clues in the likes of pictures.

All well and good but I'm looking for more real world examples. I have a domain controller running on my mac along with an instance of Kali and recently pulled all the files required to crack the AD database and own the domain. Very satisfying and something which would be useful in a real world testing scenario.

syklops · 12-07-2016 09:35AM

Keyzer wrote: »

Does anyone know of any resources that can allow someone to prep for the labs in a practical sense?

I know vulnhub.com has an incredible amount of virtual machines but I struggle at times to find them relevant. They are more like puzzles where the author finds some obscure web server software with a specific vulnerability and hides clues in the likes of pictures.

All well and good but I'm looking for more real world examples. I have a domain controller running on my mac along with an instance of Kali and recently pulled all the files required to crack the AD database and own the domain. Very satisfying and something which would be useful in a real world testing scenario.

I have just what you want right here: lab.pentestit.ru

Keyzer · 12-07-2016 09:39AM

syklops wrote: »

I have just what you want right here: lab.pentestit.ru

Brilliant - I came across that before but lost the link along the way. Nice one...

I like the idea of this thread, we should put some structure around it i.e. reading materials, practical learning etc.

pah · 12-07-2016 03:11PM

Keyzer wrote: »

Roottoor wrote: »

Sorry guys I started a new job on Monday but I will pick this back up this weekend. I would like to get a group together to tackle this. If any interested parties want to pm me we can take this offline.

By the way I jumped straight into it with 90 days and flew through the labs and guide book. This was when I was off for nearly two weeks. Once I started tackling the labs I hit a wall. I should have followed something like the advice above but I am knee deep now, so no going back.

What background are you coming from? Do you have prior experience in this stuff beforehand?

I'm based in D15 also but I wont be going near OSCP for at least two years. Two young kids dominate my free time at the moment. That and my commitments as an international drug smuggler.

Meh. I've 5 young kids and I'm going to go for it.

Keyzer · 12-07-2016 03:24PM

pah wrote: »

Meh. I've 5 young kids and I'm going to go for it.

Where are you going to find the time to dedicate to studying for this? From research, the recommended amount of time required to study for this exam is 3-4 hours. Daily. Unless you can study in work, I don't know how you could find the time or the right environment to study in with 5 kids.

t4ff · 12-07-2016 04:06PM

syklops wrote: »

I have just what you want right here: lab.pentestit.ru

CTF365.com is also also a good resource. Similar setup to the PWK labs. Option for free or pay monthly, but you get a free 30 days when you first sign up (I think they're still doing that).

They've also had a new update that gives paid users boxes to harden and defend, while attacking other team's servers.

syklops · 12-07-2016 04:32PM

t4ff wrote: »

CTF365.com is also also a good resource. Similar setup to the PWK labs. Option for free or pay monthly, but you get a free 30 days when you first sign up (I think they're still doing that).

They've also had a new update that gives paid users boxes to harden and defend, while attacking other team's servers.

And then CTF365 spams you morning noon and night until you setup a filter to delete messages from them or actually pay for "platinum access" or whatever it is they call it. Pentestit.ru is totally free and amazingly similar to the real OSCP lab.

t4ff · 12-07-2016 04:53PM

syklops wrote: »

And then CTF365 spams you morning noon and night until you setup a filter to delete messages from them or actually pay for "platinum access" or whatever it is they call it. Pentestit.ru is totally free and amazingly similar to the real OSCP lab.

Just took a look and seems like all my CTF365 e-mails go to spam by default. Not a problem I ever noticed!

I took full advantage of the free 30 days, but there's not quite enough there to convince me to shell out for the monthly fee.

pah · 13-07-2016 03:38PM

Keyzer wrote: »

pah wrote: »

Meh. I've 5 young kids and I'm going to go for it.

Where are you going to find the time to dedicate to studying for this? From research, the recommended amount of time required to study for this exam is 3-4 hours. Daily. Unless you can study in work, I don't know how you could find the time or the right environment to study in with 5 kids.

Finished my masters last Dec, 2 yrs part time and #5 arrived right in the middle. I just get on with it, great support from OH. I work shifts and I'm pretty busy most of the time in work but sometimes I can do a bit when I'm on nights, not very often though. I might be underestimating OSCP I've been thinking 12-15hrs PW should do it. I'm coming off the back of lots of linux, python, and bash from my masters so hope to keep that rolling into this.

Once I get the lab access I'll be going all out for the 90 days. I'll try and take the exam then within 2 weeks of finishing the labs.

Keyzer · 16-07-2016 11:09AM

Created a slack group for this. If anyone is interested in joining then DM me your email address.

t4ff · 16-07-2016 11:36AM

Keyzer wrote: »

Created a slack group for this. If anyone is interested in joining then DM me your email address.

DM sent!

pah · 16-07-2016 12:30PM

Keyzer wrote: »

Created a slack group for this. If anyone is interested in joining then DM me your email address.

DM sent also. Great idea.

calmness · 28-07-2016 03:04PM

Keyzer wrote: »

Created a slack group for this. If anyone is interested in joining then DM me your email address.

Hi, I'm also preparing for OSCP. Can you please add me to the group? Sent DM.

rreimao · 30-08-2016 12:35AM

I'm also preparing for OSCP. I will DM you guys.

I'm currently doing the lab.pentestit.ru, does anyone know if it's harder/easier than the OCSP?
Some of the labs on the pentestit.ru are insane. Not for being hard, but for being things that I would never imagine (like port knocking).

OSCP Study

Comments