65 to 80: Passing the OSCP Exam on my 2nd Attempt. OSCP Journey Review.

-

I sat for my OSCP exam again on Tuesday January 26, 2021. I picked this date because I like the 9am timeslot. Waiting until February was too far out. I wanted to pass the exam at 24 years old. My birthday is in February.

It felt like I was failing the exam until 6:23pm when I took control. I reached the Avatar State. Or in Star Wars, after 4 hours of being in a force block, my force power finally won out.

I was running Hurdles and I'd trip up after each one on the last box. It would be a 1 - 2 hour lag. I would clear one hurdle, get to the next hurdle and fall. On a good note, none of them stopped me for long. If I was stuck on something for 1.5 hours and finally figure out why, I'd laugh at myself and shake my head. How could I be stuck for that long on that? The real battle started when 2 boxes are left and I need 1 more.

OSCP Journey

The hardest part of OSCP is the mental endurance. I put at least if not over 400 hours into studying for it. I've been a hermit since August. At the end I would say strange things like "I can't wait to live a multi-tasking life" and "I accidentally met my goal of taking a day off :\ I was gonna wait until next week. So in disappointment, I met my goal." I studied Monday-Friday after work. I would run outside first, then study after. I'd study mornings for Saturday/Sunday. I'd take a day off sporadically when I needed it. Probably once every three weeks. At the end I focused on doing 1 box/writeup a day. That's all I could do without burning out. Once I'm in the zone with studying, I lose track of time.

I broke my Saturday study rituals and went to volunteer instead because I wanted to "live a multi-tasking life". Between OSCP attempt 1 and 2 I completed the entire LAB PACKET and 10 Machine writeups. I kept up what I call a steady 30mph pace in January. Which I KNEW is what I needed to pass. I didn't need to be going 40-60mph.

The situation was: The car has a small fire. I cannot keep up this pace. This pace cannot continue. If I go 30mph and stop January 26, it will be fine. Just need to take a 2 week - 1 month break after.

If I failed a second time, I would've taken a 2 week break. I would've started studying every other day and take it a third time. I was going to change up my routine, pass or fail.

The OSCP was my way of defeating the coronavirus. I wanted to take advantage of it, not the other way around. The coronavirus is the perfect opportunity to become a hermit and study. Studying and passing the exam is one of the hardest things I've ever done.

OSCP Tips

Report Writing: Michael LaSalvia Report Suggestions

Michael LaSalvia's Youtube video was helpful in tweaking my report. Separating the lab and exam report is now required by OffSec.

Buffer Overflow: TCM Buffer Overflow

TCM is the best at teaching Buffer Overflows.

Privilege Escalation: TCM Linux Course and TCM Windows Course.

I made a document of the privilege escalation techniques for Windows and Linux. These were my two most helpful blogs that I revisited over and over again. I'd suggest making a technique document and structuring it from "most likely" to "least likely". When you discover a new priv esc technique, put it in your document.

http://amandaszampias.blogspot.com/2020/11/linux-privilege-escalation-jutsus.html

http://amandaszampias.blogspot.com/2020/11/windows-privilege-escalation-jutsus.html

Take a 2-Day Break before Exam

I highly recommend taking 2-3 days off before the exam. Being able to think for 12-24 hours is more important than studying for the last 2 days.

After the OSCP: What now?

1. My personal Missing Persons Project.

I've been thinking of branching out to Indiana and Illinois this year.

I also wonder if I can use my skills to help other orgs. If you know of any opportunities where an OSCP (or person with OSINT skills) can volunteer, let me know. I already participate in Trace Labs.

2. Capture the Flag / More HTB

I can't get rusty! I will continue doing writeups.

3. Node.js

I'm going to become confident in Node.js since I use it so often.

4. CVE Discovery

I know how to find vulnerabilities. I can take existing vulnerabilities and exploit them. What about being the first person to discover a new vulnerability?

If you published a CVE before, how did you go from OSCP to finding 0-Days? I assume people start off with downloading old web applications and finding XSS or SQL vulnerabilities.

5. Reversing

My favorite part of the OSCP was buffer overflows. I thought the process and different rules were fun and it reminded me of martial arts. I think the term is called "reverse engineering". I just wonder how this would be helpful or what people do with these skills?

Comments

  1. UnknownFebruary 1, 2021 at 2:03 PM

    Can you please suggest what I should study or topics I should cover before registering for the Pwk course?

    I am a 3rd year Com Sci student

    ReplyDelete
    Replies
    1. Amanda SzampiasFebruary 1, 2021 at 7:28 PM

      https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/ . <- John has good tips

      Delete

Post a Comment

Popular posts from this blog

HTB - Jarvis MySQL

-
Image
Brad Traversy MySQL CheatSheet PentestMonkey SQL CheatSheet MySQL Statement Architecture Jarvis Walkthrough Step 1 - Try to make your query. Visualize it. SELECT Id, Name, Rating, Picture, Cost, Description, UNKNOWN7Field FROM Room WHERE Id = 1 Queries don't need a " or ' Keep going up until it works http://10.10.10.143/room.php?cod=3 union select 1,2,3,4 http://10.10.10.143/room.php?cod=3 union select 1,2,3,4,5 http://10.10.10.143/room.php?cod=3 union select 1,2,3,4,5,6 http://10.10.10.143/room.php?cod=3 union select 1,2,3,4,5,6,7 -OR- http://10.10.10.143/room.php?cod=3 order by 1,2,3,4,5,6,7 The union select works when the left and right are equal in column size. If the left has 7 selections, the right needs 7 selections too SELECT Id, Rating, Name, Cost, Description, UNKNOWN6 FROM Room WHERE Id = 1 UNION SELECT 1,2,3,4,5,6 In order to shift to the right side, put in a faulty value for 1 like negative 1 or 9999 SELECT Id, Rating, Name, Co
Read more

Palo Alto for GNS3 CCDC Tutorial

-
Image
Opening Hello fellow CCDC Competitors! Struggling to get a Palo-Alto VM? I know how you can get one! Email me at ASzampiasSWD@gmail.com. I'll tell you the steps to get a PA-VM for GNS3. Why am I giving this info to you? Wouldn't it make sense to hog the info to myself? Wouldn't my team have an advantage? There are have and have not universities when it comes to PaloAltos. I fell into the "have not" group. Our college didn't have access to PA-VMs and still doesn't. Even if PA Cybersecurity Academy is free, there is too much red tape. I can't change the outcome. I can only come up with this one solution. Another reason is Tri-C is a tryout team. I think its pretty unfair as a potential Firewall Admin I'm the only one with access. No one can challenge me unless they spend 2K for a PA-VM. It becomes a rich-person only position. I have a leftover PA-VM from 2018 I promised not to share. I couldn't share that with my challengers. But I f
Read more

Trace Labs Global Missing Persons CTF V

-
Image
Trace Labs CTF V TraceLabs hosted the Global Missing Persons CTF V event on July 11, 2020. My team //synergy got 64th place out of 190 teams. Introduction This was my first Trace Labs CTF. I captained a team. The good thing about being a captain is you can control who is on the team. My rules were: Must have sock puppet accounts ready. Must have a VPN. Writing out this is a competitive team where we work the entire 6 hours. I was worried about a future team member spamming submissions and disqualifying the team. I thought my requirements would eliminate people who weren't serious. The team hit 4 members Friday evening pretty quickly. Notes My laptop was too slow for this event. My virtual machine froze and I had to restart. Restarting means I have to login to my accounts again. I'll use my desktop next time. The team used Slack and Trello. Our strategy was to research a person and rotate every hour. This strategy broke after 1 rotation. Some missin
Read more