OSCP Passed! Preparation Ideas in Raw Discussion

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

I've been asked and I want to do a review of the ocp and this is going to be a very impromptu not planned out I'm just going to just going to talk um so I passed the ocp on my second attempt was 70 points um the 80 this time was a lot harder than the first time because I I passed the 80 in my first attempt as well um and I had a lot of issues with my VPN I thought uh things some things weren't working I wasn't able to use um the python HTTP server to transfer files even though it should have when RM was working so that was important um but and then also when I was fuzzing one of the machines I thought the machine kept on breaking I had to reset it in reality looking back it was because it was a VPN that was very unstable and the traffic probably dropped all the packets probably dropped um but so just be very aware of those things if you look at where you sign the openvpn and you see it reconnecting like every 2 minutes that's a very unstable VPN I I would tell them about that so how I prepared um I did um there was I used proven grounds which is the off sex labs um for example try to show you real quick um good I'm still so you'll come over to labs and get practice play is free so you can go to play anytime uh that practice has if it loads um so it currently has 152 Labs 10 of those are from the CTF this weekend actually any of the CTF ones are on there um I found these boxes to be the most realistic to what you're going to experience on ocp for a CTF box and that's another thing I should draw out because when I was getting into this people talk about these tests not being a CTF and I thought they just meant you're not looking for Flags although technically you are on the ocp uh but like PJP and pmpt there is no Flags you're just trying to prove that you're getting domain admin compromise of the domain um with CTF boxes they are just kind of in unrealistic there's going to be some hint somewhere um and the web web app the web server which maybe leads you somewhere sometimes um other times there'll be some files that shouldn't be left open on SMB 445 but that's actually kind of realistic and and from what I hear so um but proing grass is the closest thing to the oscp and I think the closest thing to reality um I'm not being paid by the way and then hack the box so the thing about hack the box boxes is there the rating is kind of off compared to other ones and also they really want to test specific misconfiguration a different one on each box they might have a software vulnerability but it's going to be on a service that is kind of like rare they I think the I think that the focus that they have is each box they want somebody to have to learn a new thing so the way that I use hack the box is uh the easy easy boxes so there's two like kinds of easy boxes to me there are like blue grandma grandpa those are actually easy boxes and then there are the harder easy boxes um I think it's acceptable especially when you're first start studying to use walkthroughs um I think when you're first starting the best thing to do is to do either an IPC uh YouTube video for these cuz he talks about things but he can move kind of quick but check out off sex YouTube page and especially if siren is doing uh the walkthroughs she explains things in detail and she tries to go really slow to help help you develop that methodology and getting used to like setting certain things I'm not big on setting like environment variables as like the IP environment variable and then using that um but she does that and it becomes a good habit for when you start using Powershell as well um lastly try hacking is a good beginner as well and then they have a couple networks that you can attack like certain configurations you have to do if you're using your Cali box but if I mean if you don't need that practice I would just try to use the attack box because it's already inside the network you don't have to do any changes you don't have to mess up your Cali um but doing Holo and there's another wreath wreath is an easy level try hackme Network um but it teaches you how to use all the pivoting tools like s shuttle chisel proxy chains all that's in there um so that's a good way to learn that stuff um so my my focus was to a lot of hack the Box try hacking at the beginning then I added in The Proving Grounds boxes and then I suggest practical ethical hacking by TCM security uh Heath is a great instructor who like breaks things down at different levels and it really helps you understand um through that course you'll do a couple you'll do single boxes and get exposed to different vulnerabilities um he'll talk about buff rub flows and he he creates a a base by introducing networking talking about python um bash and then you go through some capstones where you just do some boxes and he'll do walkthroughs for that and then you move in active directory and the best thing to do is to build an active directory Network it's really easy he goes through the whole thing uh all you need is a hypervisor like VMware or uh virtual box and then you can download these three Windows machines and set up an ad and then you get this hacket you get he shows you the tools to do it and then what you can do after you attack that successfully a few times go take the pjbt uh it's a junior certification but it's an internal active directory and like again active directory is on the ocp so my strategy was I did a number of search before the ocp but I'm not trying to collect or names behind my name uh titles behind my name because it was that I wanted to cuz like you learn a lot going into a test but you also learn on a test and each one was kind of like a a Capstone leading up the ocp so pjbt was inal ad also requires a pin test report and then after that you start preparing for the pmpt the only difference with the pmpt it's an external ad some of those same concepts are going to be on there except for there's some ENT you're doing some Recon and then there is a web elements as well so that was a good next step I also did the ejpt just because I had a voucher in between the two and it is external it's not 80 but it's external so you get to mess around a little bit with pivoting and then then I did the pmpt um I'm trying to think what other things to do oh okay the next thing you say is like after you do the pmpt I would go ahead and get the voucher start the class the 90 days is a great time scale I think I think you want to put some pressure on yourself to like keep on it short-term goal um the pin 200 course teaches you a lot a lot there's a lot of great stuff in there I specifically enjoy like the privileg escalation both Linux and windows but specifically in Windows you get to learn dll side loading uh D injection um uh it's like the name order uh hijacking as well um H there's a number of great attacks you may not learn in and like hack the box or uh try hack me that are on there that the course is very strong so the first attempt I did on the ocp I did not do the exercises I did not do the challenge labs and therefore I didn't get the bonus points those bonus points are very big I would not have passed this time without the bonus points that extra 10 points is a big deal um cuz then cuz all I did was pass ad I had the bonus points and I got user on one box and user another box and I I had the points to pass um The Challenge labs are also very difficult but they're they're a good primer because I think that the challenge labs are actually harder than the test so if you can pass those and the other thing you got to think about is the ocp is within 24 hours challenge boxes you can take your time with so I guess it's kind of like levels out um lastly I would say people say to not use metlo and to be honest once I kind of got started with PJP I really stopped using Metasploit you get used to using local exploits there's like local exploits for pretty much everything it's just about figuring out what the syntax is and you know it's just about Google Dorking for that answer um also there are some there's some gray area I'm not sure about like I didn't I didn't use Blood Hound on the test I didn't need it really I uh you can't use SMB map you can't use number for Linux to like automatically enumerate um SB anything that's kind of automated except for lmpas and lmpas are approved so Len peas is Linux per escalation it's an automatic script that runs things and finds things to go after and rates them like in red yellow and like normal color um It'll like look at the system information it'll look at are there any pseudo permissions you can exploit are any Chown jobs um are there any kernel exploits you can use on Windows same thing looks a system information it looks at any kernel exploit you can run uh any kind of creds in the clear um you know processes that you can take advantage of the deal hijacking that kind of thing so but just be careful and read the rules you can and this is murky for me as well I had to look into it you can use met meterpreter with msf Venom exploits so you can create a reverse shell in msf venom and have it connect to the multi- Handler in Metasploit but only that and then you use I did not do it on this intent of the of the ocp I use metas once in the first one how I got initial access on the first box in ad actually um but I didn't use it all this time you just get used to doing more advanced things after a while I think and not needing to use the Easy Button of metas in general I think that's good practice um other than that I think the last thing I just want to say is uh don't don't get hung up on the negativity people put out there people that are scared to do things or ATT to things are going to they're going to say bad things about it to make themselves feel better copium um I think that's the same thing with ocp it's not it's not not undoable it can be tough but you have to think about not just doing things but understand why you're doing them and where you would apply them um and I would say I like the pmpt and ocp because pmpt teaches you more of a um real world practical way of doing things there's no limit on tools you can use you got five days ocp just to clarify what I think I think the point of the ocp is to show that for you to prove that you have the raw skills and understanding of do using tools that are not automated and learning the actual techniques you know at a lower level because if you can do it at a lower level then you can use the tools do that are automated and do it at a higher level and as well as you have to hack things within that 24-hour time period and manage your time very well um so they each have their pros and cons I think and I think if you do both you'll be in a good place uh but anyway if anybody has any questions feel free to comment uh send me a message on Twitter whatever and honestly if you have any questions on the test i' would love to help but thanks for listening bye

Info

Channel: August van sickle

Views: 1,353

Rating: undefined out of 5

Keywords:

Id: B8umrZK7Oc0

Channel Id: undefined

Length: 12min 21sec (741 seconds)

Published: Tue Dec 19 2023