I've not blogged a great deal in the past month or so. This is mainly because I have been focused on my studies.
This blog is just to say, that I have passed the OSCP, which has got to be one of the most challenging and worthwhile IT Security courses and certifications that I know of.
The OSCP
OSCP is a unique 24 hour exam; A live online Pen-test, in which the candidate must complete 5 hacking challenges to break into several computer systems (that you have never seen before), gain root or system-level access, and collect a trophy file to prove it.
You then have a further 24 hours to document and submit your results, explanations, and supporting proof, in a Penetration Test Report.
It's a tough exam. Apparently most people fail at their first attempt, but I passed it first time :o)
What's next
The next part of my study plan is to finish the OSCE (which I already started studying) - Yes, I'm actually looking forward to this 48 hour monster-exam! (Just need to do some more study and 0-day research...)
I now have a ton of letters after my name, but OSCP is probably the one I value the most (as would anyone else who has attempted it) as it demonstrates real capability, rather than knowledge.
Well done Ben!
ReplyDeleteHey Guys !
DeleteUSA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Thanks John ;o)
ReplyDeletewhat exactly do you mean by "as it demonstrates real capability, rather than knowledge." ?
ReplyDeleteHi Anonymous,
ReplyDeleteWhat I meant by that was that I feel it is one thing to know that it may be possible to exploit a vulnerable system with a certain exploit, but a different thing to be able to actually do it, and prove that you can do it.
OSCP proves that you can manually find vulnerabilities, in systems you have not seen before, customise exploits, and use them to gain access to the system. This is a different layer of skills.
Many security experts have knowledge of the tools, exploits, and techniques which are "possible" to use (a CEH course could teach some of that) but much fewer people can actually "do it".
Ben
Well done Ben, I'm beginning the course myself, any tips you can give me? I'm struggling with the report as not sure how I should approach this being new to Security.
ReplyDeleteAny help would be appreciated ;-)
My top tips
ReplyDelete1) Expect to buy more lab time (I found 15-day blocks was good)
2) Start your report early, when you have pwned 5 to 10 systems. It will help you with ideas.
3) The lab is big, and some systems are very hard. Expect it to be hard, but don't give up hope.
4) Don't try to run before you can walk, take your time, and get really familiar with exploits and systems before you move on.
5) Hacking at this level is all about enumeration. Enumerate everything, and when you have done that - enumerate more.
6) There are some good hints and tips on my blog, and elsewhere on the web. For PwB most of the answers are somewhere on the web - some you will have to customize, and a few you will have to invent.
Ben
Ben
ReplyDeleteFor PwB most of the answers are somewhere on the web - some you will have to customize, and a few you will have to invent. -----
Can you please provide a link
Hi tux,
ReplyDeleteI'm not sure I understand what you are asking for (exactly).
But, if you are studying PwB, and are asking me "Where are the answers?" - then I feel you have misunderstood a core purpose of the course.
What you need to do is work out (for yourself) "How to find the answers", not just "find the answers".
That is a massive difference.
There is no link I can provide you to give you that.
Ben
Congrats :) I'm looking over some material for the OSCP myself, will apply for it when I have some spare cash. How long did it take you to complete it? Did you get time to sleep? Anything else worth mentioning?
ReplyDeleteHi Sean,
ReplyDeleteI probably took about 10 hours on the exam to get enough points, but I carried on trying to get the last system - nearly got it but ran out of time...
The course can take you a long time, before you are ready
Mate,
ReplyDeleteCongratulations but don't get too hyped up . From what I can see on the outline, any Unix admin with > 4 years experience will ace this exam. Well done still .
No Anonymous, I really feel you have misunderstood. This is not a course about Unix administration - in fact, nothing like it.
ReplyDeleteMaybe,you misunderstood. How much Unix experience did you actually have going into this course ? See if you did, then you would have realised that a majority of the stuff covered are things that most Unix admins will tackle on a daily basis. The only exception will probably be buffer overflow attacks which in fact anyone with a decent grip on ASM will tackle with ease .Have you read the ART OF EXPLOITATION or SILENCE ON THE WIRE ?
ReplyDeleteOk, if you think you are ready, sign up for the course
ReplyDeleteGood job ben I respect your hard work.
ReplyDeleteI'm now working on my report :/ pain..
hopin to be in your league soon :p
Regards,
Dom
Good stuff Dom, best of luck with the exam.
ReplyDeleteYou will find that there are no leagues ;o) Everyone knows unique things, nobody knows everything, and there is always more to learn.
Have fun.
yea dude, have to agree with that
ReplyDeleteand we all know the above anonymous said abt the course is totally a joke. :p
my test is in two days,
im gettn even more nervous by reading all you guys' review :/
and sadly my system corrupt.. i lost my student report..
which means i need HIGHER score to pass the test now..
Dom
what was your study plan for this exam , what course u toked before taking labs ,do u recommend SANS Wed Pen Test Course .
ReplyDeletePwB was one of the first pentesting courses I took, though I would not recommend that, as it is rather hard.
ReplyDeleteIt is the best course there is though, but you will need lots of time and enthusiasm to get you through.
The SANS web course is a good complement to PwB as these two courses don't cover a lot of the same material, but they are both very important if you want to be a good pentester.
which more important to learn before taking the course python or shellscripting?
ReplyDeletehi ben...just curious im planning to take OSCP as well as soon as i passed CPTE from mile2...im wondering what is the PWB material/course you keep saying?
ReplyDeleteHi ben, I was wondering if I could ask your opinion on something. I am currently studying a msc computer science degree and want to get into pen testing. I am trying to decide whether to do another msc but in ethical hacking at abertay university, msc information security at royal holloway or learn oscp full time. Sorry this is off topic! Many thanks in advance
ReplyDeletedark_knight_baby,
ReplyDeletePWB is the course, and OSCP is the exam.
Anonymous,
I would steer away from the academic courses, as academia doesn't tend to be up to speed with the cutting-edge of the real-world. OSCP is a good option, but you will learn the most by practical application of the techniques, working for a company that does pentesting (as their main line of work).
I did it "the wrong way round" - i.e. doing OSWP, OSCP, OSCE - and then getting a job as a pentest - but there is no "right way" - and I did have the advantage of already having around 10 years experience in the IT Security industry.
So, do OSCP, or find a company that will start you off as a junior pentester/consultant (or preferably both).
i signup in pwb course and i am certified CEHv7 & ecsa-lpt .and watching videos and practice it in my laptop kindly tell me that what type of exploits we can use in 24 hrs exam. on exam is points are divided into different servers and minimum points to pass this exam is 70 points . i started from basic level not have knowledge of bash. in exam buffer over flow method is used i am facing difficulty in it. kindly suggest me . i have little very basic knowledge linux but i am developing it as course go on i can easily understand what is going on course. i am too depressed abut this exam.
ReplyDeletehello guys, any one is having oscp material including guide and vedios....please share please....
ReplyDeleteHey Guys !
ReplyDeleteUSA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
****Contact Me****
ReplyDelete*ICQ :748957107
*Gmail :taimoorh944@gmail.com
*Telegram :@James307
*Skype : Jamesvince$
SPAMMED&VALID FULLZ WITH ALL PERSONAL DATA+DL NUMBER
-->FULLZ FOR UNEMPLOYMENT BENEFITS
-->FULLZ FOR PUA & SUA
-->FULLZ FOR TAX REFUND
+High quality and connectivity
+If you have any trust issue before any deal you may get few to test
(As legit Vendor)
+Every leads are well checked and available 24 hours
+Fully cooperate with clients
+Any invalid info found will be replaced
+Credit score above 700 every fullz
+Payment Method(BTC,USDT,ETH,LTC & PAYPAL)
+Fullz available according to demand too i.e (format,specific state,specific zip code & specifc name etc..)
*Format of Fullz/leads/profiles
°First & last Name
°SSN
°DOB
°(DRIVING LICENSE NUMBER)
°ADDRESS
(ZIP CODE,ANY STATE,CITY)
°DL State+RESIDENTIAL State
°PHONE NUMBER
°EMAIL ADDRESS
°Relative Details
°Employment status
°Previous Address
°Income Details
°Husband/Wife info
°Mortgage Info
$2 for each fullz/lead with DL num
$1 for each SSN+DOB
$5 for each with Premium info
ID's Photos For any state (back & front)
(Price can be negotiable if order in bulk)
OTHER SERVICES
+(Dead Fullz)
+(Email leads with Password)
+(Dumps track 1 & 2 with pin and without pin)
+Hacking Tutorials
+Smtp Linux
+Safe Sock
+Server I.P's
+HQ Emails with passwords
*Let's do a long business and good profit
Hi Guy's
ReplyDeleteFresh & valid spammed USA SSN+Dob Leads with DL available in bulk.
>>1$ each SSN+DOB
>>2$ each with SSN+DOB+DL
>>5$ each for premium (also included relative info)
Prices are negotiable in bulk order
Serious buyer contact me no time wasters please
Bulk order will be preferable
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
OTHER STUFF YOU CAN GET
SSN+DOB Fullz
CC's with CVV's (vbv & non-vbv)
USA Photo ID'S (Front & back)
All type of tutorials available
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
SMTP Linux Root
DUMPS with pins track 1 and 2
Socks, rdp's, vpn's
Server I.P's
HQ Emails with passwords
Looking for long term business
For trust full vendor, feel free to contact
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
spongebob kyrie 5
ReplyDeletenike sb dunk low
off-white
hermes birkin bag
russell westbrook shoes
yeezy 500 blush
kd12
moncler outlet
moncler
off white
Your article is very informative. I have read it and like it very much. thanks for sharing I'll come to your website again, it's great.
ReplyDelete룰렛사이트탑
article Dolabuy Bottega Veneta cliquez ici pour en savoir plus sacs de répliques notre site Web sacs de répliques
ReplyDeleteFRESH&VALID SPAMMED USA DATABASE/FULLZ/LEADS
ReplyDeleteSSN PROS
****Contact****
*ICQ :748957107
*Telegram : @James307
<><><><><><><>
USA SSN FULLZ WITH ALL PERSONAL DATA+DL NUMBER
-FULLZ FOR PUA-SBA-UBER-DOORDASH
-FULLZ FOR TAX REFUND
$2 for each fullz/lead with DL num discount for bulk order
$1 for each SSN+DOB--discount for bulk order
$5 for each with Premium info--(income detail,employment detail,Good credit score)
ID's Photos For any state (back,front,selfie & ssn )
Young age data
Any age range data available
UK data-Canada data
(Price can be negotiable if order in bulk)
<><><><><><><><><><><>
+High quality and connectivity
+If you have any trust issue before any deal you may get few to test
+Every leads are well checked and available 24 hours
+Fully cooperate with clients
+Any invalid info found will be replaced
+Payment Method(BTC,USDT,ETH,LTC & PAYPAL)
+Fullz available according to demand too i.e (format,specific state,specific zip code & specifc name etc..)
<><><><><><><><><><>
+US cc Fullz
+(Dead Fullz)
+(Email leads with Password)
+(Dumps track 1 & 2 with pin and without pin)
+Hacking & Carding Tutorials
+Smtp Linux
+Safe Sock
+Server I.P's
+HQ Emails with passwords
<><><><><><><><>
*Let's do a long term business with good profit
*Contact for more details & deal
****Contact****
*ICQ :748957107
*Telegram :@James307