Other tidbits I forgot to mention: Record your screen during the exam. Backup everything on a cloud location (private Gitlab repository). Use more than one monitor.
@LD Wyze you won't know till you actually try it. Before taking the course I had practically 0 experience. It all depends on how much time you can invest into learning and how dedicated you are to learning. It took me 3 attempts to pass the exam, but I kept at it till I did.
@TaStiCle_S Just jump in thats what I did. I have a background in networking, no cybersecurity experience. The course is designed for you got into the lab and make mistakes. Its honestly a really good place to learn. If you start and feel like your not getting anywhere, buy more lab time. I did 30 days and just extended another 15. It's all on you. If you really want to do it just do it. The worst case scenario, you have to try again.
Congrats! I just received the news that I passed this morning :) You have one of the first cybersec YT channels that I watched when I started playing CTFs.
The best way I have heard "Try Harder" be defined is, "Given enough time and attention, any problem can be solved." With that, I focused on fully rooting one box at a time starting from the lowest point box. Now Im moving on to OSEP.
Congrats and good luck on OSCE. You should be aware that the OSCE doesn't have a lab they let you play around with; it's just machines on which you can replicate what you see in the videos.
Congrats! I just enrolled int the PWK and hope to take the exam by the end of the year. I also noticed that exercises take a long time to complete, mainly due to taking a shit load of screenshots - good to know that your lab/exercise report can be so big.
Thank you! Yeah, the exercises were grueling. A lot of it was things I already felt comfortable with, so yeah, TONS of screenshots and it took a long long time. I had much more fun just doing the lab machines for the sake of actually hacking. My lab report was 240 pages, and exam report was 60 pages (forgot to mention that in the video). Thanks for watching!
I love you man, you just boosted me up. I get depressed easy, and I wallow in it to long. You just made my month bro, thanks. Hehe I left 3 messages, lol.
Congratulations! I am testing in a couple weeks and trying to keep track of my journey. Hope to do one of these soon on my UA-cam channel and Blog site.
Very encouraging, thank you for sharing. I had originally given up because I didn't feel good enough, but I'm going to pick it back up again since I already have all the PWK materials, minus the new stuff which I may purchase. -Thanks!
Yeaaah there was *way* more exercises than I was expecting. They took a lot more time than I was expecting. I have 5 of the nodes hacked just need 5 more! Congrats on your test!
Thanks so much! You can definitely beat up those other 5 boxes -- remember it's fine to use Metasploit and SQLmap and other quick wins in the lab environment. If you want to run through those just to get the lab report done, it is fair game!
@@_JohnHammond Yeah I've resigned to start doing that now. I spent the first month of the lab with the "train like I fight" mentatlity and stubbornly went through without touching metasploit but now I just want to finish. My test is on the 8th so I just need to get 'em done!
What was your study schedule like when you were preparing for OSCP? I am trying to figure out how to practice around my job as well. Did you study during the weekdays and weekends? I am surprised you went with 30 days of lab time unless you felt pretty confident with your current skills; I did not think that would be enough time for a full-time employee. Just wanted to hear your thoughts.
Dang, that's so reassuring to hear you can do it in like 4-12 hours. Ya hear so many horror stories.I start my 30 days of labs day after tomorrow. Only been studying pen-testing for 4-5 months. Never programmed or anything before hand, didn't even have a computer and some of my study buddies have 10+ years in the industry and failed.
@Gordon Smith There's a whole story... but I took the test once, knew I would have failed and did not turn in my report. Then there was an investigation cause I didn't read a single word of the testing policy and thus had pulled some half-baked shenanigans and I got perma-banned. If you're considering doing it.. don't.. JUST DO IT. Nike that shit, Gordon. The value of that personal challenge is incalculable no matter the outcome but I'd imagine it's very personally and financially rewarding to have achieved the certification as well. The people at Offsec are pretty cool as well, including the investigations team even though they kinda ruined me a little bit. Thanks for asking by the way!
@@zezimadude13 Lol sorry to burst your bubble but pentesting for 4-5 months wouldnt get you close to the OSCP skills. You would've been better off practicing HTB boxes
I think the issue most people are having with the BO machine is not who is calling who (I did a reverse shell no prob), people are just forgetting that OffSec isn't trying to make this easy. If your shell code isn't working there is a very obvious reason why, test test test what techniques might be affecting your shell code. I think the most important tip when it comes to the shell code part is: RTFM. It took me one try to get get the "clone" machine to call back, and then one try to get the test machine to call back as long as you follow what you've been taught.
Hi, can you tell if one can pass the exam without trying the BO machine at all? I think I can take on other challenges but I can't wrap my head around BO and couldn’t find a good resource for novices to learn BO from the basics. TIA.
@@fahimahmed7915 each machine is assigned a certain number of points. The BO machine is only worth 10, so technically yes, you can pass without the BO but that's assuming you can get the hardest machine. If you cant get the 25 point machine, then you're really going to need to get all the other machines to pass.
Another amazing video brother, just what I needed. This is so ironic, I just started my PWK on monday. I needed to hear all this. Is there a community you would recommend I get plugged on with for some camaraderie/support? It would be awesome to have some like minded people to bounce ideas off?
Thanks so much! Have you joined the Discord? :P Also monitoring the r/oscp subreddit is great. There is another more formal "OSCP study group" somewhere I think. Thanks for watching!
Great video John, thanks a lot. Which tools do you need to avoid using in OSCP exam? Their documentation only mentions msf, openvas, nessus "or similar tools", but that "similar tools" might be a bigger scope than we think (I.e. Nmap vuln scripts). Can you elaborate on which tools you totally avoided? Thanks.
Damn congrats. I recently (a few months ago) decided that infosec was the path I wanted to go. Still in school as well so there's a long way I need to go and a lot left I need to learn before taking the OSCP but hopefully I'll get there eventually.
Informative, Thanks for sharing John. I have only CCNA and LPI Linux baisc and some basic Python knowledge , is it good stright into the OSCP course with 3 months lab ?
Hi John.. I am a very big fan of your videos... Congratulations on obtaining the OSCP certification, I am preparing myself to take the test but and I want to know what can I do in preparation... I am doing the OverTheWire Challenges... Do you think they work as a preparatioin?
I realize this video is over 2 years old, but I am hoping someone can connect with me on how to approach the OSCP. I am currently finishing my final courses towards my degree in Cybersecurity, I have my CEH along with some other smaller programming certifications. I do spend my free time on HTB and Pentesterlabs to further my understanding of vulnerabilities and what methods are available to me to exploit them. But I'll be honest, this OSCP exam is scary. I don't feel confident enough for it, but want to try anyways. For those that have achieved this milestone and earned the certification, what pointers can you offer me to better set myself up for success?
Hey this was really helpful, quick question though, can we refer to our notes / document or google things? I am planning to take exam soon, currently going through the study material
Hi @John Hammond I'm trying to pass PWK lab but I have stuck for several days in some issue and I don't know how to deal with it. may ask some questions? I really need it, it depends on my job, there is a possibility I lose my job.
Nice video!! I want to start OSCP course but I don't have a lot of money to begin on the official site. Is-it possible to stat with free ressource and just take abonnement for 3 months and passe? I have basic notion on security and i have attempt the UDACITY Nano degree - Security Enginneer. Thanks
@@lampmanjosh Only from what I have heard from co-workers and friends. From what they have said, it's like OSCP on steroids -- crazy hard, tons to do, heavy stuff. But I'm sure you will crush it! Best of luck, let me know how it goes! :D
@@_JohnHammond Will do, man! I will say the same thing as far as the coursework. Very in depth, and addicting. I plan on taking the OSCP after this, so I should be well prepared
Honestly I felt like I learned more from the exam than I did the labs, because I really forced to research. The labs were great for exposure and showing some new things, but I definitely felt the exam was more valuable. Best of luck to you dude! Thanks for watching!
you mentioned that there are alot of exercises on the machines, do they give points per exercise? Or do you get full points for a box as soon as you get root access to the machine? Starting my OSCP in 3 weeks. Little bit nervous already ._.
The "exercises" are standalone questions or tasks to complete. They are "pass or fail" -- you either have all the challenges completed (with 10 lab boxes compromised), and you get five bonus points..... or, if you DIDN'T complete all the exercises, you get nothing. For the lab machines, you do need to get root access and document/write your report with information to solve that machine. Is that what you were asking? Or were you referring to the exam machines? Thanks for watching!
Did you have to do the 24 hours straight through, or can you take it in sections? They dont give you enough information. I have the videos and book and exercises. Just have to get the labs when I'm ready.
Thanks. I was recently looking at path for studying OSCP. Being developer, I have some skills on web. However I am lost trying to understand the broder syllabus. I would be really helpful if you make a video or live interaction. Btw Thank you for creating awesome stuff
Going for my oscp 2.0. Won’t lie the 800 page book + 100 exercises are a bit intimidating. Which is weird because I try to do a ctf as often as I can with no problems. Just hope My efforts are worth it.
Thanks so much! Appreciate all the kind words! From what I understand (and I could be very wrong here), the eLearningSecurity one is like "more" OSCP -- a longer test, more to hack, more in-depth. Honestly though I have only heard of it via word of mouth and have not done my own in-depth research.
@@_JohnHammond there's two levels of eLearning - eJPT is a junior pen test aimed at beginners. Then there's PTP which is pen test professional. I have the eJPT but have heard the same as you - the PTP is generally regarded as harder and more in-depth but more up to date. Paths people seem to take are eJPT - OSCP -PTP. Looking to join the OSCP ranks soon!
This is great. However, one obvious question. Do they "magically" put a debugger on your target machine, or do you have to somehow get a debugger uploaded onto your target machine? (I assume this is to get root from a low priv interface?) I can't even do BO without a bugger, UNLESS I download the same program and run it in a lab environment with a debugger attached to the running program. Then if everything works, launch my exploit at my target machine, cross my fingers, and hope for the best.
I don't think it is any wrongdoing if I explain (I think the BOF is common knowledge for most people now) -- you have a separate machine that includes the binary itself and a debugger, so you can test and troubleshoot your attack script. Once you have your script crafted and ready to go, you point it at the remote machine and ideally you'll have root right away.
@@matthewpahl7516 Thanks! I scheduled OSCE already and should get started with that next month :D I do absolutely want to go through AWAE and OSWE though, for sure. I'll try and keep them coming!
Other tidbits I forgot to mention:
Record your screen during the exam. Backup everything on a cloud location (private Gitlab repository). Use more than one monitor.
You're not the boss of me
John Hammond this. I lost everything during my first exam attempt due to a corrupt cherry tree file.
@LD Wyze you won't know till you actually try it. Before taking the course I had practically 0 experience. It all depends on how much time you can invest into learning and how dedicated you are to learning. It took me 3 attempts to pass the exam, but I kept at it till I did.
@TaStiCle_S check out Pentestin' for N00bs by The Cyber Mentor here on UA-cam. He's basically doing a PWK primer course for free.
@TaStiCle_S Just jump in thats what I did. I have a background in networking, no cybersecurity experience. The course is designed for you got into the lab and make mistakes. Its honestly a really good place to learn. If you start and feel like your not getting anywhere, buy more lab time. I did 30 days and just extended another 15. It's all on you. If you really want to do it just do it. The worst case scenario, you have to try again.
Hammond has a solid radio voice, should think about a podcast brah.
I really liked this video, just breaking it down and keeping it real. Thanks for being an awesome influence in the security community.
Congrats! I just received the news that I passed this morning :) You have one of the first cybersec YT channels that I watched when I started playing CTFs.
Hell yeah! Congratulations man!
Ah thank you so much, I am super grateful!
Helpful 4 years later man the test may have changed but the feedback is still gold! Thank you!!!
Congratulations 🎉🎈! Welcome to OS club!
Your a legend john, you inspire me to go and try for the oscp. Your vids are insightful great all round.
Thanks for the kind words, I really appreciate it! You should absolutely go for it, I'm sure you can do it! Thanks for watching!
Watching this video gives me more motivation to take the OSCP exam. Thank you John!
The best way I have heard "Try Harder" be defined is, "Given enough time and attention, any problem can be solved." With that, I focused on fully rooting one box at a time starting from the lowest point box. Now Im moving on to OSEP.
Congrats and good luck on OSCE. You should be aware that the OSCE doesn't have a lab they let you play around with; it's just machines on which you can replicate what you see in the videos.
This is great information to have! Thank you
Congrats! I just enrolled int the PWK and hope to take the exam by the end of the year. I also noticed that exercises take a long time to complete, mainly due to taking a shit load of screenshots - good to know that your lab/exercise report can be so big.
Thank you! Yeah, the exercises were grueling. A lot of it was things I already felt comfortable with, so yeah, TONS of screenshots and it took a long long time. I had much more fun just doing the lab machines for the sake of actually hacking.
My lab report was 240 pages, and exam report was 60 pages (forgot to mention that in the video). Thanks for watching!
Thank you for the tips John! I have started the Lab Sunday :)
CRUSH IT! YOU GOT THIS
Did you get it?
Thank you for setting the bar, I look forward to seeing more content from you.
I love you man, you just boosted me up. I get depressed easy, and I wallow in it to long. You just made my month bro, thanks. Hehe I left 3 messages, lol.
Hell yeah, that is excellent to hear! Love you too dude!
@@_JohnHammond Get a room!!!!! lololol
Keep Working Brazil is watching you!
I wish you success .. Your followers from Saudi Arabia 💚💚💚
Hello John,
Thank you very much for this advice and encouragement, you still give me the strength not to give up. Thank you!
Thanks for emphasizing note taking, my favorite way of doing things.
Love your website bruh😅😅
Thank you for the candid talk, appreciated!
Ty for the informative video on the oscp. This was pure gold!
Congratulations! I am testing in a couple weeks and trying to keep track of my journey. Hope to do one of these soon on my UA-cam channel and Blog site.
Thank you so much! Appreciate it! You should absolutely do it -- it is like an obligation once you finish hahaha. Thanks for watching!
Congrats man !! I know you are excited 👍
Thanks for tips, I like too to understand different expressions like "try harder" with another sense and its help me to make out the "big picture".
Very encouraging, thank you for sharing.
I had originally given up because I didn't feel good enough, but I'm going to pick it back up again since I already have all the PWK materials, minus the new stuff which I may purchase.
-Thanks!
Happy to hear that! I'm sure you'll breeze through it. Thanks so much for watching!
@vmn512 can u help me with the oscp?
Congrats John. Great Video. Thank you for sharing your experience.
Excellent video. Thanks so much for sharing.
I could watch this over and over again, very inspirational and looking to take this Cert soon
your work is just incredible
Yeaaah there was *way* more exercises than I was expecting. They took a lot more time than I was expecting. I have 5 of the nodes hacked just need 5 more!
Congrats on your test!
Thanks so much!
You can definitely beat up those other 5 boxes -- remember it's fine to use Metasploit and SQLmap and other quick wins in the lab environment. If you want to run through those just to get the lab report done, it is fair game!
@@_JohnHammond Yeah I've resigned to start doing that now. I spent the first month of the lab with the "train like I fight" mentatlity and stubbornly went through without touching metasploit but now I just want to finish. My test is on the 8th so I just need to get 'em done!
Congrats John !
Thank you so much, and thanks for watching!
Very helpful, Gonna prepare for OSCP
Wish you good luck and great success
What was your study schedule like when you were preparing for OSCP? I am trying to figure out how to practice around my job as well. Did you study during the weekdays and weekends? I am surprised you went with 30 days of lab time unless you felt pretty confident with your current skills; I did not think that would be enough time for a full-time employee. Just wanted to hear your thoughts.
Great review. Very encouraging. Thanks.
Congratulations! That's an awesome achievement. I'm on the journey to OSCP and hope I can do the same. :)
Thank you so much! I'm sure you can do it! Keep after it. :D
Thanks for this video. Love from India🇮🇳🇮🇳🇮🇳
Congratulations ❤️
Congratulations and thanks for the tips.
Thanks for a great video full of excellent advice, John.
Dang, that's so reassuring to hear you can do it in like 4-12 hours. Ya hear so many horror stories.I start my 30 days of labs day after tomorrow. Only been studying pen-testing for 4-5 months. Never programmed or anything before hand, didn't even have a computer and some of my study buddies have 10+ years in the industry and failed.
@Gordon Smith There's a whole story... but I took the test once, knew I would have failed and did not turn in my report. Then there was an investigation cause I didn't read a single word of the testing policy and thus had pulled some half-baked shenanigans and I got perma-banned.
If you're considering doing it.. don't.. JUST DO IT. Nike that shit, Gordon. The value of that personal challenge is incalculable no matter the outcome but I'd imagine it's very personally and financially rewarding to have achieved the certification as well. The people at Offsec are pretty cool as well, including the investigations team even though they kinda ruined me a little bit. Thanks for asking by the way!
@@zezimadude13 Lol sorry to burst your bubble but pentesting for 4-5 months wouldnt get you close to the OSCP skills. You would've been better off practicing HTB boxes
Great one! I would love to hear your opinion and tips for OSWE course and exam
Congrats John
Thank you so much, and thank you for watching!
Also please post the ctf boxes that you think its same with oscp box based on your feedback and exam (htb and vuln )
Here's a good list from a HTB member docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/htmlview#gid=1839402159
Love that hoodie. Sucks that DerbyCon is no longer.
I think the issue most people are having with the BO machine is not who is calling who (I did a reverse shell no prob), people are just forgetting that OffSec isn't trying to make this easy. If your shell code isn't working there is a very obvious reason why, test test test what techniques might be affecting your shell code. I think the most important tip when it comes to the shell code part is: RTFM. It took me one try to get get the "clone" machine to call back, and then one try to get the test machine to call back as long as you follow what you've been taught.
Hi, can you tell if one can pass the exam without trying the BO machine at all? I think I can take on other challenges but I can't wrap my head around BO and couldn’t find a good resource for novices to learn BO from the basics. TIA.
@@fahimahmed7915 each machine is assigned a certain number of points. The BO machine is only worth 10, so technically yes, you can pass without the BO but that's assuming you can get the hardest machine. If you cant get the 25 point machine, then you're really going to need to get all the other machines to pass.
@@sh3lbst3r Thanks for the info! I'm trying my best to learn the BO. Hopefully I'll be able to crack it!
Another amazing video brother, just what I needed. This is so ironic, I just started my PWK on monday. I needed to hear all this.
Is there a community you would recommend I get plugged on with for some camaraderie/support? It would be awesome to have some like minded people to bounce ideas off?
Thanks so much! Have you joined the Discord? :P Also monitoring the r/oscp subreddit is great. There is another more formal "OSCP study group" somewhere I think. Thanks for watching!
Great video. I started my journey. I am also making videos of the boxes that I am cracking from hack the box
Congratulations!
Thank you so much, and thanks for watching!
Thank Your for elaborating on not using MSF because It said you want to focus on manual exploit not auto.
Now I know its possible.
Thanks John.
Great video John, thanks a lot. Which tools do you need to avoid using in OSCP exam? Their documentation only mentions msf, openvas, nessus "or similar tools", but that "similar tools" might be a bigger scope than we think (I.e. Nmap vuln scripts). Can you elaborate on which tools you totally avoided? Thanks.
Damn congrats. I recently (a few months ago) decided that infosec was the path I wanted to go. Still in school as well so there's a long way I need to go and a lot left I need to learn before taking the OSCP but hopefully I'll get there eventually.
Thank you! That is awesome news, I am glad you are starting the climb! Don't hold yourself back, you should definitely go for it soon!
"take breaks" and an add comes in :D
Congratulations🎉, having great wrightups is always great for refering back to, nailed it👍🏾 -TheGlitchKing
Thank you so much! And thanks for watching!
Can you share your Sublime Text Markdown reporting workflow please.
Absolutely. I can get that video up for the weekend! Thanks for watching!
5:00 are you saying to make it a bind shell instead of a reverse?
He didn't want to point it out but yeah it's clear
Informative,
Thanks for sharing John.
I have only CCNA and LPI Linux baisc and some basic Python knowledge ,
is it good stright into the OSCP course with 3 months lab ?
Congrats man! My lab time just started!
Also, what song is that at the end of your video?
Thank you! Hell yeah, you'll crush it!
The ending song is TULE - Fearless. It's bumpin! Thanks for watching!
Great video as always thanks
I wish I could like this video multiple times! Oh wait, *logging into my other accounts *
Is it allowed to use the enumeration scripts like linpeas or the windows one?
great job
This was REALLY good advice
Congratulations
Thank you so much! Thanks for watching!
Hi John.. I am a very big fan of your videos...
Congratulations on obtaining the OSCP certification, I am preparing myself to take the test but and I want to know what can I do in preparation... I am doing the OverTheWire Challenges... Do you think they work as a preparatioin?
Thanks for the review!
Great job man ! Thanks
how did you get to the point in your career where you were ready to start the oscp? Whats your IT background?
Congrats bro! :)
I realize this video is over 2 years old, but I am hoping someone can connect with me on how to approach the OSCP. I am currently finishing my final courses towards my degree in Cybersecurity, I have my CEH along with some other smaller programming certifications. I do spend my free time on HTB and Pentesterlabs to further my understanding of vulnerabilities and what methods are available to me to exploit them. But I'll be honest, this OSCP exam is scary. I don't feel confident enough for it, but want to try anyways. For those that have achieved this milestone and earned the certification, what pointers can you offer me to better set myself up for success?
Hey this was really helpful, quick question though, can we refer to our notes / document or google things? I am planning to take exam soon, currently going through the study material
Awesome brother!
Thank you! And thanks for watching!
what is good source to learn manual exploiting because as we know that we are not allowed to use metasploit in oscp exam?
Hi @John Hammond I'm trying to pass PWK lab but I have stuck for several days in some issue and I don't know how to deal with it. may ask some questions? I really need it, it depends on my job, there is a possibility I lose my job.
What prerequisite knowledge is recommended to start the lab time?
Can u please suggest good books for pen testing or tutorials
Nice video!! I want to start OSCP course but I don't have a lot of money to begin on the official site. Is-it possible to stat with free ressource and just take abonnement for 3 months and passe? I have basic notion on security and i have attempt the UDACITY Nano degree - Security Enginneer. Thanks
can you suggest anybox (ctf image) to practice dealing with rabbit hole?
Great bro
Jurassic Park... obscure reference
congratulation
Thank you so much!
Thanks for the video!!! Great tips!! I was wondering if you could share some of the enumeration tools you used on the test other than NMAP?
Thanks for watching! I used basically used nmapAutomater, nikto, DirBuster, and enum4linux -- that worked well enough for my needs.
You are really awesome
Hey thank you, you are awesome too! :D
Awesome video
Thanks for watching!
Congrats!
Thank you! And thanks for watching! :D
@@_JohnHammond No problem! I'm gearing up to take the ECPPT next month. Do you have any experience with that course/certification?
@@lampmanjosh Only from what I have heard from co-workers and friends. From what they have said, it's like OSCP on steroids -- crazy hard, tons to do, heavy stuff. But I'm sure you will crush it! Best of luck, let me know how it goes! :D
@@_JohnHammond Will do, man!
I will say the same thing as far as the coursework. Very in depth, and addicting.
I plan on taking the OSCP after this, so I should be well prepared
Duuuude, sat next to you on the plane to Derbycon, glad you passed, congrats!
Hell yeah Justin! Thanks for dropping a comment, I'm flattered you are checking in with the videos! Hope all is well where you are!
John Hammond yeah! Hit me up on Twitter, will be at bsides dc too
Congrats! I'll soon follow your steps!
Did you learn a lot with lab and exam ?
Honestly I felt like I learned more from the exam than I did the labs, because I really forced to research. The labs were great for exposure and showing some new things, but I definitely felt the exam was more valuable. Best of luck to you dude! Thanks for watching!
John what is your path? Please can you tell me? I wanna be like you
you mentioned that there are alot of exercises on the machines, do they give points per exercise? Or do you get full points for a box as soon as you get root access to the machine? Starting my OSCP in 3 weeks. Little bit nervous already ._.
The "exercises" are standalone questions or tasks to complete. They are "pass or fail" -- you either have all the challenges completed (with 10 lab boxes compromised), and you get five bonus points..... or, if you DIDN'T complete all the exercises, you get nothing. For the lab machines, you do need to get root access and document/write your report with information to solve that machine.
Is that what you were asking? Or were you referring to the exam machines? Thanks for watching!
@@_JohnHammond Thanks for sharing those valueable experiences. Yeah that was what i was asking for, thanks for the fast Response. :)
Can we use web_delivery module more time?
Did you have to do the 24 hours straight through, or can you take it in sections? They dont give you enough information. I have the videos and book and exercises. Just have to get the labs when I'm ready.
You have 23 hours and 45 minutes allotted-- whatever you do in that time is all up to you.
@@_JohnHammond Ahha, ok. I get it now. So something I should definitely plan out well, hehe.
Thanks. I was recently looking at path for studying OSCP. Being developer, I have some skills on web. However I am lost trying to understand the broder syllabus. I would be really helpful if you make a video or live interaction.
Btw Thank you for creating awesome stuff
Thanks for the kind words and thanks for watching!
hey, love your vids. Just a quick question, how do we easily guess which is the buffer overflow machine and do they give immunity debugger ?
It will be made clear which is the buffer overflow machine, and they do provide the debugging tools you need. :)
You make it sounds so easy but that can't be all.
He's an experienced pentester. Of course it'll be somewhat easier for him.
Going for my oscp 2.0. Won’t lie the 800 page book + 100 exercises are a bit intimidating. Which is weird because I try to do a ctf as often as I can with no problems. Just hope My efforts are worth it.
2 years later did you nailed it ? :D
Thanks, great review. Can you give me any advice about elearningsecurity ejpt? Do you think it's a good starting point before OCSP?
Thanks so much! Appreciate all the kind words!
From what I understand (and I could be very wrong here), the eLearningSecurity one is like "more" OSCP -- a longer test, more to hack, more in-depth. Honestly though I have only heard of it via word of mouth and have not done my own in-depth research.
@@_JohnHammond there's two levels of eLearning - eJPT is a junior pen test aimed at beginners. Then there's PTP which is pen test professional. I have the eJPT but have heard the same as you - the PTP is generally regarded as harder and more in-depth but more up to date. Paths people seem to take are eJPT - OSCP -PTP.
Looking to join the OSCP ranks soon!
Fozz E. Bearrrr!
Could you do one on elearnsecurity PTS and PTP courses?
Absolutely! I just finished up PTS so I could help show you guys. I hope to have a video out for it soon!
NEXT OSCE :)
Scheduled to start it next week! :D
This is great. However, one obvious question. Do they "magically" put a debugger on your target machine, or do you have to somehow get a debugger uploaded onto your target machine? (I assume this is to get root from a low priv interface?)
I can't even do BO without a bugger, UNLESS I download the same program and run it in a lab environment with a debugger attached to the running program. Then if everything works, launch my exploit at my target machine, cross my fingers, and hope for the best.
I don't think it is any wrongdoing if I explain (I think the BOF is common knowledge for most people now) -- you have a separate machine that includes the binary itself and a debugger, so you can test and troubleshoot your attack script. Once you have your script crafted and ready to go, you point it at the remote machine and ideally you'll have root right away.
@@matthewpahl7516 Thanks! I scheduled OSCE already and should get started with that next month :D I do absolutely want to go through AWAE and OSWE though, for sure. I'll try and keep them coming!