Two days ago, I completed the PWK course along with the proper reporting of the challenges. The course was a nice introduction to what it takes to perform a penetration test, and it served as a good base to build on with the experience in the labs.
I started the OSCP labs yesterday. I have put in around four hours so far, and I have been able to root three machines already. I am close to rooting another two, having already compromised them, and I plan on “dealing the killing blow” later today. I actually started off by performing a network-wide intelligence-gathering effort. This expedites my attacks going forward, as I have a good information base with which to proceed.
My plan going into the labs is as follows:
- Write the report as I go along
- Pick the low hanging fruit first
- Take a break whenever I feel a machine is “too hard”
- Avoid using Metasploit
- Build/execute attack tools/exploits that I can reuse
- Identify the attack vectors and determine which is best, before compromising the system; the best being a balance between reliability, speed, and efficiency
- Have fun; take a break when things don’t feel very fun anymore
I will keep you updated on my progress.
hi i am thinking of undertaking the oscp course and i do have knowledge on networking, linux, python so my query is do i need to learn CEH and pentest or can i dive directly into OSCP
LikeLike