Seeking recommendations for OSCP exam

I am preparing to take OSCP exam and have around 50 days. However, I have planned to first study the official OffSec Materials then proceed to labs / challenges.

For the practical side I would like to cover all challenges including Offensive Security labs, VulnHub and HTB retired machines at the same time but it will require time.

Still I would appreciate any better recommendations in this regard and what challenges should I put in priority due to time limitation considering a busy day at work.

Comments

  • edited February 9

    Hi! PWK starts from basics. However you got few boxes already so know how to enumerate, how to get shells, prviesc.

    Reread privesc
    https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
    http://www.fuzzysecurity.com/tutorials/16.html

    Get used with
    https://github.com/rebootuser/LinEnum
    https://github.com/411Hall/JAWS
    https://github.com/rasta-mouse/Sherlock/blob/master/Sherlock.ps1

    Bookmark
    https://gtfobins.github.io/
    https://lolbas-project.github.io/

    During my course I had no time for HTB, but it was not necessary, boxes are pretty the same here and there.

    The only topics i think you might be interested in before PWK are:
    BOF - https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ this part 1 is enough no need to read others. Try to find other vulnerable software with similar vulnerability.
    PIVOTING - https://blog.techorganic.com/2012/10/06/introduction-to-pivoting-part-1-ssh/
    If you know these topics already - then just go for OSCP )
    Aaaaaand of course Ippsec videos which helped me a lot, to understand so many thing, especially how to think )))

    Hope i didn't spoil anything related to PWK?

  • Thank You so much for the recommendation and like to share that I already have CEH, ECSA, CHFI, Security+, CASP, studied SANS 560, 660 plus many customized courses in Penetration Testing, post Exploitation so just want to further enhance my skills and also make sure the exam will be done in first attempt.

  • if you have already 560 and 660 means it will be easy. But you looks studied. Not sure how far you learnt.
    660 is harder than OSCP AFAIK. Of course syllabus may differ.
    You need to concentrate on enumeration more I think.

    sesha569

  • The point is I have studied the official video course for both SANS Courses but not certification / exam.

    Thank You for the information.

  • "CEH, ECSA, CHFI, Security+, CASP, studied SANS 560, 660" - after that i was so surprised with your initial question... o_O
    "studied the official video" - anyway if you got all from videos I see no reasons to postpone the lab. OSCP is not the so hard, this is initial step. Next are harder OSCE, OSEE and of course OSCNF* (https://snag.gy/iq4rQE.jpg) OSEE must be really tough ))), but OSCP should be easy for you.

  • Type your comment> @Trinidad said:

    "CEH, ECSA, CHFI, Security+, CASP, studied SANS 560, 660" - after that i was so surprised with your initial question... o_O
    "studied the official video" - anyway if you got all from videos I see no reasons to postpone the lab. OSCP is not the so hard, this is initial step. Next are harder OSCE, OSEE and of course OSCNF* (https://snag.gy/iq4rQE.jpg) OSEE must be really tough ))), but OSCP should be easy for you.

    The reason i asked the question is that I have visited many websites with different feedbacks and each of them were explaining the difficulty level high.

    Thank You for comments and recommendation....

  • Type your comment> @AlphaX01 said:

    The reason i asked the question is that I have visited many websites with different feedbacks and each of them were explaining the difficulty level high.

    Well i was in the same situation and spent a lot of time trying to understand if my level is enough or not. If you know all the things from the list i provided and especially pivoting and BoF then the lab will be an easy walk for you. When i started PWK lab i had no idea about pivoting and only heard something about BoF.
    And of course you are very welcome! )

  • edited February 9

    @Trinidad I have problems in BoF and do not understand much so do you recommend to study a full course on BoF or the above link will be enough...

    I also faced the same case (BoF) vulnerability in Brainpan box but rooted using writeups.

  • Only one link. If you will study thru full corelan course then you should go directly to OSCE. So first part, one link is enough.

  • @Trinidad Thank You so much !

Sign In to comment.