BSides DC 2019 - Preparing for Offensive Security Penetration Testing - Kali (PWK) course - OSCP

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
besides DC would like to thank all of our sponsors and a special thank you to all of our speakers volunteers and organizers who am i exactly some of you guys know me online some of you guys know me a person but my name is Toni Pinero also known as TJ Nam I'm the community manager for offense security I'm also the adjunct professor at French community college I like to teach a lot of the ethical hacking courses they're there and I also run the cyber team there I also am the moderator at net tech focus comm we have an online information security community platform where we always communicate and collaborate with one another it's really fun platform if you have a chance go ahead check it out and you see if you want to get into it so I got a couple hobbies right I like to compete in cyber competitions for the past five years ago peatlands a total of 245 favorite ones I gotta say gotta get props to Stan's net wars tournament champions sans how they hack count is not on there sadly sorry Edie MACC DC CyberPatriot and I also enjoyed attending security conferences I think two years ago is my first year attending abbé sieyès DC and actually surprised this my first talk actually to be here so outside of InfoSec because you got to have hobbies outside right hiking traveling play lacrosse and I love to play video games so what are we going to talk about today right so how many you guys are familiar with the fence security you know the osep by showing hands okay pretty much 80% of you guys right you're here for this it makes sense so my other question ask you is how many you have it is it just okay three four okay I'm okay with that that's good so for some of you that are interested in taking it we're going to go over the prerequisites for the course overview of the course lab environment I'm gonna give some tips about how to prepare for those the exam as well too and also tips for taking it and then some resources I want to give you guys to help you guys up a pair for because it's not an easy course and it's also not an easy exam and any questions or feedback you guys have we can if we have any left over time you guys can certainly ask me about it so for those of you that don't know what the LCP is the offense security certified professional is one of the most technical and most challenging certifications in order to become certified you must complete the penetration testing course that they have they offer a 30 60 90 day course right and the hands-on exam is actually a 23 hour 45 minute exam that you have to do and if you get at all seventy points or more then you can be then you also have 24 hours to write the report itself people who usually pass the exam will usually can be able to prove that they have the knowledge and ability to actually identify vulnerabilities and also to successfully execute attacks as well so why did I pursue the osep so when I was a senior in high school I was taking computer classes at the career Technology Center that we had and it was my first security class I was really excited and I knew this is something I wanted to do and during one of those classes my teacher actually dropped the backpack five cookbook that was there and also a CD of backtrack five or three I I just fell in love with it I fell in love with the book I fell in love with going through the tools the resources understanding the tack methods and I wanted to actually like learn more about how to get into pen testing how to actually use backtrack more comfortably and so this is really old background senior high school I found the penetration testing with backtrack off SEC had this as a course I was like sweet I'm gonna go ahead take this this is me 16 years old at the time and unfortunately all-sec doesn't allow you to take the course unless you're 18 so I thought all right I'm gonna go ahead try to take the PWB you know a couple years a couple years later PWB you know decides to get replaced with pwk afterwards and of course when I go through the course itself in that little Valley that I have and try to go ahead and do the try harder stuff right go through the city go through the lab itself in the content just to get to that top of the mountain to get my osep right so in order to prepare for the course right also has already a couple different things that they talked about that they want you to focus on before you start it right tcp/ip networking fundamentals right know how to do subnetting learn how network traffic works identify different types of protocols right know your operating systems windows operating systems Linux also understand how the different architectures work 32-bit and 64-bit as well programming languages now it's recommended to have an understanding of fashion Python some other things I also would recommend is poor Ruby and C++ as well too if you have some time to learn about those and also note-taking documentation is really important when you're going ahead and doing these when you're going through the pwk itself so there's a couple tools that are out there that I like to use cherry tree and OneNote those are my really big tools that I use a lot of things and I know I've seen a lot of people in the up fence security field that taking these courses they also like to use markdown editors type Ora is actually a really cool tool you can actually download for Windows and Mac that you can use to do marked out anything to write your reports and write your lab guides as well so what does the course go through right we go through passive information gathering we go through active as well var ability scanning buffer overflows this is going to be really important and I think that's probably one of the biggest chapters that I went through to really help me with the exam understanding Windows 32 buffer overflow Linux working with different exploits transferring files is another key important thing you know when you have to do a primitive escalation scenario you're gonna have to learn and actually understand how to transfer those specific exploits to escalate your privileges over all right learn about the different tools that are there there actually could be some really interesting things that you'll find as well privitization escalation attacks client-side web app has four attacks you guys get the rest I'm gonna read the rest of the slides so the lab environment this is probably the most fun part about the course and this is what I probably really enjoyed a lot so when you go ahead and register for the course get signed up you go they give you a VPN pack and they give you the course materials right in that VPN pack you have the ability to connect it to their lab that they have set up in that lab environment they have a total of sixty machines I believe that may change so they have an IT department they have a development network an administrative network each of them have their own different systems that you're gonna have to try to find ways to pivot into to access those networks so my recommended lab setup for you guys is a VMware Workstation or VMware Player I haven't noticed that people have tried to use VirtualBox in situations and it can work you know Kali Linux is the main operating system used some people try to use parallel s and other different operating systems but I want you guys to keep in mind is that if you try to use these different operating systems or try to use a different hypervisor offense security may not be able to help you with that support may not be able to help you with your troubleshooting your situations that's why we recommend that you have the in one workstation or player or Kali Linux so that we can be able to suit you guys and help you guys when you're going through the course or having any troubleshooting issues with your VPN connection pact or with the tools itself the next thing I also recommend is have a Windows 7 32 bit 64 bit system for on your system itself this is really important and the reason why I say that is because there are going to be some exploits that you try or there's gonna be some applications that you're trying to exploit that may not work in the lab for some reason it's always good to have those on either the Windows 7 system you have or maybe even a fresh Linux system as well too so that you can be able to Reese emulator or try to understand why the exploit that you're using is not working make changes to the code or make edit changes to the file itself so that you can be able to find that attack vector that you need to get onto that system and last thing I also recommend is on those windows 7 system that you have have immunity debugger with you - I really liked reverse engineering and I like trying to understand how programs actually work in their instructions in their processes and also kind of really helped me out during the exam as well so especially the pwk network so how long did it take me to go through this network well it took me 28 days to go through all 60 systems that they had it took me 127 hours to go through this I had an excel sheet and I took this from another offense security student and he tracked his hours in his time of how long he went through each box how long he went through each lab assignment and it really gave me a better understanding of how well I was using my time and how I could actually improve that there were some days where I would be able to poem systems in less than five minutes and then there'd be some systems and some of you guys know about the big four they would take probably about 2 to 3 days for me to actually try to assess and break in those systems so keep in mind that each system that had different types of difficulties some systems you'll have to pivot into them others you have to actually review the course material to run the specific attacks you need to and also use the reverts that they give you it's really important that you actually touch those reverts because a lot of the boxes that people are going into the pwk could also be already broken or some of the exploits might not work so whenever I was trying to do when I was actually whenever I was in the lab we went through the PW Network I would always try to pick a target box that was trying to look at I would always revert that one first so no I have a clean box to be able to test go through and also be able to understand if I was missing some type of concept instead of wasting 30 40 minutes of my time you know troubleshooting some what's issue or what's the thing they did to break that box right which leads to my next part here right please don't be this person please don't be that person right the pwk lab network is there some is there to help everybody learn and understand all the different ways to break in the systems right find out the different type of attack vectors and if you go out and patch which I've seen a few people do it really can frustrate a lot of people right you're taking a course to learn not to make it hard on others so please keep that in mind right so there's a couple tips I want to give you guys enumerate enumerate enumerate you've probably heard this so many times the numeration is key right it's a serious thing and when you're going to numerate check out the different types of services you're looking at do a port scan on everything right if you just do only TCP you may be missing something on the UDP side that's a huge key thing on even some of the exam systems you may see also understand what the system does who uses it why was it created right you're gonna have different users that are on there there have specific roles on why they're using that system not what I wanted track your hours like I said do not skip the lab exercises and use the reverts that are there so the exam as I said before right you're gonna have a total of 23 hours of 45 minutes to do the exam you will be proctored during the exam if some of you've known or realized back a few years ago that offense security decided to do practing on their exams because they saw an effective amount of cheating the reason why the proctoring is place is of course to mark those people and also find those people who do cheat because it's not fair for the others that actually are trying they actually go through the course that actually put their time into it you know so in the exam it consists of five target systems each of those target systems are going to have different points and I'm not going to be able to tell you the point values because a lot of that information is already online but you need a minimum of 70 points are hired to pass the exam and like I said before if you believe you have enough points you then have that 24 hours to write that report an extra five points will also be given to you if you write a lab report so 10 systems that you actually pound in the network and also you go through the entire course exercises I recommend that you do this and reason why is because that five points can either really help you on that exam and if you don't do it you may have lost yourself in the tenant and you may have to go back through that exam again so keep that in mind and I really recommend that you go through the course material itself so during the exam there are some restrictions that are in place you can't use any as following tools spoofing tools commercial tools right Metasploit Pro burp suite pro auto automatic exploitation tools ADB Auto poem browser out of bone mass vulnerability scanners features and other tools that either utilize either forbidden or restricted exam limitations I have seen a lot of students in the past try to run responder in their labs and some of you know what responder does right when it captures ntlm hashes what is it tool do it's a spoofing tool right and the way you use that tool itself can actually maybe ban you from taking the exam or even ban you from offset courses so keep in mind about what type of tools and what type of programs you are using in the exam and if you have any questions as support they're there for you guys to help you so preparing for the exam when you think you're comfortable schedule it 3 or 4 weeks in advance OPSEC exam slots fill out fill up really quickly and once you've booked the time or the slot for your exam make sure that you think about these things before you start right to complete the lab report class exercises write read the guideline requirements and I mean every little detail about it because there's some things that you may slip or miss that may lose your ability of taking that exam or it may fail you for that attempt have an area your space where you need to work with right don't be in a distracted area being a quiet comfortable space that you're actually going to be taking the exam don't forget to eat or drink that's a huge thing some people really like to try to iron man through the test not take drinks not take breaks not have food and that really really will hurt you so make sure you prepare your time accordingly you know make sure that if you have any issues or you're having frustrations going through the lab going through the exam itself take a step back make sure you have your system set up this is a big thing for me so when I was taking my exam the day of my exam my entire Cali system broke I had all my cheat sheets I had all my scripts I had all my programs I was like ready to go I got this fortunately I took a snapshot right before I actually turn off the system itself we're very my snapshot I had everything back to normal you don't want to go on the exam having no systems ready or not having a backup in place it's very important to have those things when you're doing that also during the time when you schedule your exam start working on the exam report have a little draft ready right if you've already gone through and done the lab report it's kind of almost the same as when you're writing the same type for your exam before it anything that you have to fill in it's during the exam itself this goes ahead it gives you a little bit more time during your 24 hours to go ahead and fill anything in that you were missing and make sure that you get some rest spend some time with family friends go out get your snacks go out get your drinks any caffeine that you need sufficient things that you need to prepare yourself for that exam so there's a quote that I really want to bring up that really helped me there in this exam you're going to run out ideas before you run out of time take breaks walk away for a bit don't be afraid to go to sleep for a few hours especially if you're stuck but don't give up I've seen a lot of people like I said Ironman through the exam and not pass get frustrated and they don't understand what they miss it's always good to take those step backs so that you can have a refreshed mind and also to look at different approaches as well to when you go back into it when you're comfortable and when you're ready you know check your systems and the technical requirements as well too for your exam and also of course never give up try harder right so I get I've also create some resources after I took my exam and this is one of the big resources that I want to give you guys so I've created this really huge guide I studied osep for almost a year and went through different courses to help me prepare and I try to find as much open resources as I could to help those in need who are really want to take the exam but don't want to be able spend the money right you know sans has a lot of crazy amazing courses they had stands 560 si its 542 right but who has the budget to be able to spend $8,000 in a course right he learnt security right they got some good courses too as well who wants to spend $2,000 on the course maybe right oh you know French security right the course itself is 1154 a 90 day lab access with the exam voucher itself but there are a lot of free resources online that you could use to your ability to prepare for it itself you don't have to look at paying for a course or trying out a different course and then you know wasting the time and the effort that you need so if you guys have a chance take a look at this guide and for those of you that fail don't worry about that use that moment when you fail to go ahead and reassess what you missed brush up on the stuff that you need a lot of stuff that I've also provided really help me out kind of brush up on some things that I really need to focus on my biggest weakness going through the course and through the exam which provides escalation I suck at it I really do still and a lot of the guides that were out there really helped me for what I was doing and of course this course itself is not you know your multiple-choice exam kinda like CSS P or you know the stance courses itself with GX certifications this is a full hands-on practical exam so how do you build that skills well there's a lot of places online that have hands-on machines that you can actually prepare for so before hack the box came around I prepared mostly levanta and there's a lot of big different vulnerable systems that were out there that really helped me out prepare for the exam so I've created a list of osep like vm's envelope and hack the box on the bitly link you see up on the screen here that could really help you guys out go through those download them test and play with them and also I've also worked with EPS Tech and for some of you guys that are more of a visual learner and like to watch their sex videos there's a playlist for that what has all a different type of systems that I've seen in the pwk lab Network and also through the exam that could definitely help you out also prepare the process in your methodology and your concept for the course and do the exam other resources that I also include this is going to be a huge list we'll be prepared these are all my guide don't worry but I wanted to also you know give a shout-out to these three people that really helped me out a batch is osep guides grunt door and knee consulting these were really helpful guides on preparing me for the exam and for the course itself because originally when I went through the course I was nervous I was stressed I didn't feel like I was gonna pass on the first time I didn't think I would be able to go through the course but with their mindset with their opinions that they've had really helped me get a better understanding of what I need to prepare for what did I need to focus on books as well to really help me out penetration testing by Georgia Lyman yes it's an old book I know she has she also has a cyber e class as well too but a lot of those concepts that she has in that book really relate to what goes through in the course Kallen that's revealed if you really want to know more about Kyle Enix Raphael try remember the other three maddie and I think maybe Kim really wrote an awesome book and it's free it's open source it's on Callie's website as well too that you can actually download and go through and learn more about Kali Linux and then I have some other books as well to that really kind of helped me out and for those of you that really stuck on Windows privilege escalation or the lake for avid escalation these are the guides that I used to really help me out as well too got milks for Linux and I really have to give him props as well to really really is a awesome resource and I feel like a lot of the automated tools that are out there like Lindy gnu/linux exploit suggester and also some of the limpert checkers out there we're really just based off his guide a lot of stuff that you'll see in the course you go through the course when the Linux side when you're trying to escalate your privileges through those Linux systems will go back to him GTFO beans is another great place LFO I bins I should add that on Windows and I didn't and the buffer overflow part because you will have that in the exam and will tell you what system it is you can probably find that out online itself but cordoning series has a really good guide on how to get a basic introduction of doing a buffer overflow itself and the last thing I want to point out is this the mindset of try harder I know this is a probably a difficult topic to talk about and I know some of you guys probably think that this could be a negative thing but I want to try to reiterate something and what try harder really means to me when I went through this course so try harder really to me means to be persistent when something does not work like for the first or a second or third try and you hit a brick well take it step back remember the mistakes and the failures are part of the process not just the course but in life right we have to go through failure to achieve our accomplishments we have to take time to understand those right having this mindset will really lead you to creating new ideas and new approaches but remember to also have patience being creative we have to go through different types of exploits right we have to go through different types of mindsets and also different approaches on things that we see there's always a second or a third way to go through different things there's always other ways to try different things haven't imagined about it go through different ways on it and being perceptive I hear this model a lot and everyone says oh I don't like try harder I don't want to do try smarter how can you try smarter if you don't put the effort into it how can you try smarter if you actually know what you're really going to go through how are you gonna be able to find it going back with try harder about being perceptive is that we have to go through rigorous different challenges we have to go through rigorous different changes especially what we're doing here in the field itself there's a lot of things that we need to look at and we need to understand not just in the courses that we go through not through the challenges we do but even through general in life so make sure that you kind of have this mindset you want to be able to build this mindset and also the one thing is - is that this doesn't come naturally so it's not gonna happen tomorrow it's not gonna happen the next day or next week this is something that's going to just take time for you to build and grow I just want you guys to keep that in mind when you're going through the course itself or through the material or anything you do so with that I have in place that's really all I have does anybody have any questions and this is going to be a lot of questions going through probably so for the guy in the back she had so to reiterate the gentleman's question the back you were talking about the penetration state standards report you think it's going to model the actual pen test report you do the pwk or are you trying to model to that so often security actually gives a report template and that report template goes ahead and gives you step-by-step instructions on how a pen test report should look now everybody's different report is going to be different and make sure it is make sure if you're going through the course itself as well too that you have the ability to work with others but make sure that your writing is totally different from others you can go ahead and try to follow that method you can follow the standards but I'd say go through the pwk course just to start and just understand that report itself and there's also a variety different online pen testing reports that you can actually look at online to help you out try to get a better understanding of how your report should be ready any other questions over here good question I'm gonna post them on Fed Security website so they will be there any other questions that anybody has going once going twice is everybody just here for the callee stickers I have that is great well one more question in the back that's a very good question so online and in the past it really depends huh-oh to repeat the question the gentleman the back just ask how many lab or pwk systems should a user go through that they think they're comfortable for the exam honestly that depends on you people recommend online that you should at least go through 30 systems I say go through as many as you can they're there for you right there's different networks that you need to go through to understand the lab environment self you're paying to go ahead and actually go through that lab network take the time in the effort and the patience to go through all of them and when you feel comfortable and ready to take the exam try it see how you do in the exam and if you fail don't worry I've seen a lot of people fail more than once and I've seen people pass on their fifth or sixth time seriously it's really interesting to see how everybody has their different mindset and different approaches through the course itself and through the exam but just make sure not to give up and keep putting the effort into it question in the back do you repeat that again please okay to reiterate the question that the lady asked should you reiterate the same exact lab report going through the tent systems and through the exercises you need to be able to turn in both and the best way of doing the lab report itself those 10 systems is copying the same exact report that offset gives you that report will really help you out go through the exam are sorry go through the actual lab report that you can actually use them to help apply that knowledge and methodologies and the writing that you do to your exam as well any other questions anybody has ok I wanted to make this more time for questions yes one more you could use other skinning tools like sparta sparta is allowed in this dam to repeat the question from the gentleman the back he said that you can only use Metasploit once in the exam are there any other tools that you can use any GUI tools like sparta that really depends sparta is a network scanning tool right as far as it's okay to use but any type of like Auto Pony tools any type of Auto exploitation tools they are illegal in the exam the only type of options that you can use a Metasploit is MSM venom to create your shellcode I also recommend to stay away from those tools stay away from the automated ones are out there all seconds trying to teach you how to do these things manually because we rely so much on the tools that we use for our daily lives and for the work that we do with them it's always good to have a different perspective of how to use different tools on how to go through things manually than just jumping into a tool and trusting and relying on that tool itself yes you know you should not use it for the handles for the question that the gentleman just asked can you be able to use the auxiliary modules and medically no you cannot you can only use most plate X plate once you can only use meta Tripler once during that process of that stage the only tool that's liable that you can use automatically and that option is MSM venom question good very good question so the gentleman asks over here if you can be able to write your own scripts to do any type of scanning and enumeration I totally recommend it it's really fun because also the other thing too is that you get to understand all the different types of programming languages and also how to write your own tools how to script your own tools to do that and also you could be able to try to improve some of the actual tools that common people really use I would use that as a learning way and also I would also test that in the lab network that you have depending on how many days you schedule for it itself question here I'm sorry can you repeat that please so the gentleman asked he prepare scripts ahead of time you can try to you can definitely prepare scripts ahead of time depending on what you're using but I would really focus on your methodology and your concept understanding what approach you are gonna take for the exam itself that's what I would really focus on preparing you know I did also when I was preparing for my exam I did already craft some of the exploits and also some of the binaries that I needed but when I was going through the exam I actually really didn't have to use those for what I needed any other questions yes in the back the gentleman asks who what person or who person I guess was be able to complete the fastest course I don't have an answer for that I can't answer that question I apologize any other questions that anybody has yes I can definitely talk about that so the gentleman asked in the back what is the difference between OS CP and OSCE so over CP is a fundamental course to prepare you for pen testing OSCE is different it's different OS CPL SCE focuses on exploit development that will actually give you a better understand of assembly and also some advanced attacks in network pen testing as well - so for some of you guys are just starting out which I believe most of you are that want to get an OS CP that's the first course I would go through for understanding pen testing fundamentals how to do it everything manually and then when you're ready to start learning more about the expert development side I would definitely consider pursuing osce if you want to get into the web app section as well - oh SWE has just been released that's also part of the AWA e course and it's a full web app pen testing course that actually focuses on white box R sorry white app pen testing itself any other questions that anybody has I can definitely answer that one and I expected that question to come up so the lady asks is there gonna be any type of proctoring or a person watching you during the exam yes there will be offence security has their own proctoring system that they use and they will have a person to monitor you you will need to have a screen connect program and also a webcam to be able to display what you are doing where you are as a person the screenconnect program is supposed to display and understand what you are doing on your system now please keep in mind as well too that you need to be able to pass the technical requirements that they have before you take your exam otherwise when you go through the exam itself you don't meet any of those technical requirements or you can't get your systems up all sexual then it will revoke your exam attempt that you have and you have to reschedule for another one the other thing too that I also recommend is that if you're going to be using more than one screen make sure you tell the proctor how many screens you are using otherwise if you have three screens and you're using two other screens you can only use that one screen for the exam I have seen many students try to take the exam say that they have one screen even though they're using three the proctor can see you moving your mouse and detecting you doing that and if they do they can suspect you're cheating so please be honest with them right any other questions that anybody has yes yes I final questions anybody going once okay one more all right going once going twice sold well anyways if you guys want to find me you guys can find me on Twitter I have a github page that has some of my tools on there that I used in osep or you can also chat with me on net SiC focus thank you guys for coming out I really do appreciate this a lot I hope you guys enjoyed it
Info
Channel: BSides DC
Views: 34,047
Rating: undefined out of 5
Keywords: BSides, DC
Id: V5sL0KQ0Usk
Channel Id: undefined
Length: 32min 24sec (1944 seconds)
Published: Wed Oct 30 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.