Posts

The New OSCP Course & Exam Review

Image
Introduction Obtaining OSCP has been one of my goals in my career. When I first started my InfoSec career as a security analyst, I was confused how attacks actually work and without such knowledge, it is really difficult to set decent detection points. As said I do not have experience doing penetration testing, I decide to do A LOT OF preparations, as I think over-prepared is always better than under-prepared.  My aim would be a 1-take pass in the exam. Preparation before starting OSCP After setting up the goal, there has been a lot of preparations. As stated in the previous posts, I have done Virtual Hacking Labs, eLearnSecurity eCPPTv2, some Hack The Box, etc. I recommend before registering the official OSCP course, at least you should try Hack The Box, along with Ippsec's write-ups, which show how a professional penetration tester deal with boxes and how he comes up with what to do next. TJ_Null has a list of boxes with Ippsec videos: https://www.youtube.com/playlist?list=PLidcs

Course & Exam Review - eLearnSecurity Penetration Testing Professional (eCPPTv2)

Introduction eLearnSecurity has been one of the training providers who offers good quality training courses and exams. I really like the idea that all exams are practical and you need to understand how things work to pass the exams - the beginner friendly exam eJPT is not an exception. In order to well prepare for the OSCP exam, I have chosen to enroll the PTP course. The Course > Check out the syllabus here:   https://www.elearnsecurity.com/course/penetration_testing/ To be honest, the scope of the course is really intensive - it covers all of the basic concepts and skills of penetration testing. If you are a beginner, the course material definitely equips you with the essential skills. You may practice in the Hera Lab, which is quite well-designed. For me, studying the material is too bored and I cannot stop skipping them from time to time. However, when doing the labs, I could always learn something new. If you want to enroll to the course, don't skip l

Hack The Box - Bashe Write Up

Image
HTB - Bashed Basic Difficulty: Easy Tools: nmap python reverse shell script  (http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet) gobus ter LinEnum.sh (https://github.com/rebootuser/LinEnum) Walkthrough Recon nmap scanning for the win! nmap -sC -A -oN nmap-initial 10.10.10.68 -sC:  Default script -A:    Enable OS detection, version detection, script scanning, and traceroute -oN:  Output scan in normal format The result shows only tcp/80 is open. Let's navigate to the web page. It looks like a blog post mentioning a tool phpbash . Cli ck on the page to learn more:   It mentions that : I actually developed it on this exact server! Hence if we find out the location of phpbash, we can actually execute commands on the host! To find the location out, gobuster is a great tools for b rute -forcing directories! # gobuster dir -u http://10.10.10.68 -w /usr/share/wordlist/dirbuster/directory-list-2.3-medium.t

Virtual Hacking Labs Penetration Testing Course Review

Image
Introduction Like many people who want to start learning penetration testing, I guess most of us share the same goal of getting OSCP, which is the most reliable industrial standard on penetration testing.  However, it is quite frustrating to start, simply because OSCP covers a lot of topics and you have to deep dive into each of them. Also, I know from many reviews that the OSCP materials are quite old and boring, and you have to explore more yourself on the topics discussed in the course materials. This is the reason why I want to find a platform or course that is more beginner friendly, more structural and realistic.  Browsing reddit, there are so many people recommend Virtual Hacking Labs (VHL) as a bridge to OSCP. Seeing that the price is quite cheap as a penetration test platform, I decided to purchase a 3-month pass and see how it works. Course Materials There are totally 9 penetration testing related chapters ( https://www.virtualhackinglabs.com