OSCP cleared, next steps

Type your comment> @heromain said:

Type your comment> @halisha said:

Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.

Excuse my irony.

I haven’t passed OSCP yet, but I have a brief overview on the certs.

If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.

If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.

For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.

CEH is not the next step after OSCP…CEH is many, many steps before OSCP. CEH is mostly a total waste of time, but it’s definitely a total waste of time if you have OSCP – unless some government job just needs you to have it for whatever stupid reason.

###Excuse my irony.

Type your comment

edit: dafuq, you cant delete posts? sigh

Type your comment> @halisha said:

Type your comment> @heromain said:

Type your comment> @halisha said:

Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.

Excuse my irony.

I haven’t passed OSCP yet, but I have a brief overview on the certs.

If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.

If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.

For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.

CEH is not the next step after OSCP…CEH is many, many steps before OSCP. CEH is mostly a total waste of time, but it’s definitely a total waste of time if you have OSCP – unless some government job just needs you to have it for whatever stupid reason.

###Excuse my irony.

My bad; that one went over my head :slight_smile:

Type your comment> @halisha said:

Hi, time for the next step. Go for Certified Ethical Hacker (CEH). Considering your learning curve you should nuke it in less than 6 months.

Excuse my irony.

I haven’t passed OSCP yet, but I have a brief overview on the certs.

If you want to study more about infrastructure and stuff like that just go for OSCE and keep grinding on HackTheBox ladder and pwn everything - reverse, misc, web, pro labs.

If you want to get yourself into bug bounty, go for OSWE, get a subscription on pentesterlab and start mastering web.

For me personally, I’d feel a lot more entitled if I were Omniscent or Guru on HTB rather than being an OSCP. I also feel and hope employers will start to take HTB Rankings seriously in the near future.

I agree with everything you said regarding HTB, I’m seriously considering not focusing on another certification and just focus on getting the experience. I’m more relax that way and it’s flexible with my new job.

I have to say I don’t agree with CeH. There isn’t a lot of respect for that certification nor do I believe it’s the next step for OSCP, as a few have already mentioned. I don’t have time for multiple choice exams at the moment, I get more out of the practical exams :).

Thanks

@0x16

I was ironic about CEH :).

Well, as George Hotz says, you don’t need any certification or approval from any authority to become a hacker. Learn learn learn.

But it may raise your monthly salary :wink:

go Elearning PTP and PTX,if you want more challenges

@0x16 By the way Just to let you know OSWE. Is more into the developer side of things.

Source code review is heavily done in the exam.
If you are a web developer and have web developing experience aka comfortable reviewing source code.

It will be highly recommended to smooth it all out.
I guess you can also do WAPT from Elearn as well?

To be honest, its best if you understand the whole infrastructure before exploiting it.
OSCP taught only basics in Web exploitation as its a network based pentest course instead.

If you are patience or you have web dev background then I assume you will pawn more bug bounties than a regular pentester that doesn’t have knowledge on most web technology frameworks.

Don’t be kids that just learned SQLI and call themselves a pentester lol.
The real hackers and pentesters are actually programmers and system administrations itself.

Turns you are the blue team. Great! You guys usually learn both red teaming and blue teaming techniques together.

How about you go join the blue team in web application? Maybe you will get 3 bug bounties the next day.

Type your comment> @0x16 said:

Hi all,

This isn’t going to be a write up of my experiences with OSCP. However happy to answer any questions that don’t break OS rules.

As the title states, I’ve recently cleared my OSCP. Considering next steps.

Little about me, I’ve been a network engineer for the past 6 years. I’m the sort of person that gets bored easily and always wants a challenge. So July 2019 I started on HTB (had no intention to do my OSCP), ippsec videos, all the good OSCP prep sites. Fast forward to November 2019 I’m OSCP certified.

I’m considering next steps. I start a new job in a week, they need a senior network engineer to finalise a big contract they have for the first 6 months. I’ve made it clear that my intention is to break into the security field, always been a passion of mine. They are keen to support me in doing this considering the supply/demand for people/roles is woeful at the moment.

However I don’t like sitting idle, I can do network engineering in my sleep. I need something to preoccupy my mind out of hours.

Looking at OSWE or OSCE, both look interesting, a friend of mine suggested eWPT. Should I start with eWPT and then consider OSWE? What did you do?

Alternatively, should I start looking into bug bounties? With the intention to get experience under my belt? Where do I begin?

Regards,
0x16
congrats go for elearn security course as they are up to date

Type your comment> @newbiewas said:

Type your comment> @0x16 said:

Hi all,

This isn’t going to be a write up of my experiences with OSCP. However happy to answer any questions that don’t break OS rules.

As the title states, I’ve recently cleared my OSCP. Considering next steps.

Little about me, I’ve been a network engineer for the past 6 years. I’m the sort of person that gets bored easily and always wants a challenge. So July 2019 I started on HTB (had no intention to do my OSCP), ippsec videos, all the good OSCP prep sites. Fast forward to November 2019 I’m OSCP certified.

I’m considering next steps. I start a new job in a week, they need a senior network engineer to finalise a big contract they have for the first 6 months. I’ve made it clear that my intention is to break into the security field, always been a passion of mine. They are keen to support me in doing this considering the supply/demand for people/roles is woeful at the moment.

However I don’t like sitting idle, I can do network engineering in my sleep. I need something to preoccupy my mind out of hours.

Looking at OSWE or OSCE, both look interesting, a friend of mine suggested eWPT. Should I start with eWPT and then consider OSWE? What did you do?

Alternatively, should I start looking into bug bounties? With the intention to get experience under my belt? Where do I begin?

Regards,
0x16
congrats go for elearn security course as they are up to date

Yo. Have you take any courses from them?

Type your comment> @Money said:

Yo. Have you take any courses from them?

yea just try there PTS and have course content of PTP :slight_smile:

Type your comment> @newbiewas said:

Type your comment> @Money said:

Yo. Have you take any courses from them?

yea just try there PTS and have course content of PTP :slight_smile:

Will PTS and PTP actually prepare me for OSCP? I don’t think that’s always the case though.

I did PTS roughly 1.5 years ago and OSCP a half year ago.
PTS gives you a bit of understanding, especially if you are not familiar with using Linux.
But in terms of difficullty you can not compare both. its just diffrent leagues.
If you want some more Infos you can PM me.

Type your comment> @Baikuya said:

I did PTS roughly 1.5 years ago and OSCP a half year ago.
PTS gives you a bit of understanding, especially if you are not familiar with using Linux.
But in terms of difficullty you can not compare both. its just diffrent leagues.
If you want some more Infos you can PM me.

Hello what about PTP and PTPX?

I did the eJPT and eCPPTv2 very recently with pretty much HTB, CyberSecurityChallenge and some other CTFs as my ‘cyber’ experience… and 10+ years experience in Software/Tech. eCPPTv2 was a really good exam.

I did the OSCP exam on Saturday and Sunday, eCPPTv2 is probably harder in the respect of not being guided on what to attack and that you actually need to pivot but in terms of difficulty it was harder to ‘get in’ on the OSCP machines. Buffer overflow was similar in both exams. Reporting looks to be a bit stricter on OSCP, I think that is what I’ll fail on right now.

EDIT: I passed, sometimes being succinct isn’t a bad thing. :slight_smile:

Type your comment> @da1y said:

I did the eJPT and eCPPTv2 very recently with pretty much HTB, CyberSecurityChallenge and some other CTFs as my ‘cyber’ experience… and 10+ years experience in Software/Tech. eCPPTv2 was a really good exam.

I did the OSCP exam on Saturday and Sunday, eCPPTv2 is probably harder in the respect of not being guided on what to attack and that you actually need to pivot but in terms of difficulty it was harder to ‘get in’ on the OSCP machines. Buffer overflow was similar in both exams. Reporting looks to be a bit stricter on OSCP, I think that is what I’ll fail on right now.

EDIT: I passed, sometimes being succinct isn’t a bad thing. :slight_smile:

Can you please share your experience on how to avoid rabbit holes during OSCP exam? it cost me a lot during my last attempt :frowning:

The best advice I can give is if you aren’t hitting user or root on a box within 2 hours, move on to another box - including the buffer overflow. Easy to keep making the same mistake, go to something else and it might become clearer after, I spent 2 hours on buffer overflow because I had misspelled the variable with my shellcode, I just couldn’t see it until I came back to it after rooting the 10 an 20 pointers.

It’s a bit of a game to get the points needed, concentrate on getting the point count up then re-visiting the time thieves as you can then dedicate the time to them knowing what you theoretically have in the bank.

If you think you are hitting rabbit holes on all of them, you might be missing some knowledge/understanding or you just got a hard rotation of exam machines, but the 10 and 20 pointers were pretty fast for me, the overflow took a bit longer than i’d have liked, the other 2 I only managed user on and I was hitting what it sounds you were trying to escalate after gaining user, but gaining user was pretty clear on those for me.

Type your comment> @da1y said:

I did the eJPT and eCPPTv2 very recently with pretty much HTB, CyberSecurityChallenge and some other CTFs as my ‘cyber’ experience… and 10+ years experience in Software/Tech. eCPPTv2 was a really good exam.

I did the OSCP exam on Saturday and Sunday, eCPPTv2 is probably harder in the respect of not being guided on what to attack and that you actually need to pivot but in terms of difficulty it was harder to ‘get in’ on the OSCP machines. Buffer overflow was similar in both exams. Reporting looks to be a bit stricter on OSCP, I think that is what I’ll fail on right now.

EDIT: I passed, sometimes being succinct isn’t a bad thing. :slight_smile:

I’m taking the eCPPTv2 this weekend, any tips? I’m stressing lol

For those looking to do the OSCP, new update

You can find the old and new Exam Retake policies below.

Current Policy
Students may schedule an exam retake within 90 days of the exam retake cooling off period as follows:
After the 1st failed exam, a student may schedule an exam retake after 1 week
After the 2nd failed exam, a student may schedule an exam retake after 2 weeks
After the 3rd failed exam, a student may schedule an exam retake after 3 weeks
After the 4th failed exam onward, a student may schedule an exam retake after 6 weeks

Future Policy, effective on the 17th of February, 2020
Students may schedule an exam retake within 120 days of the exam retake cooling off period as follows:
After the 1st failed exam, a student may schedule an exam retake after 4 weeks
After the 2nd failed exam, a student may schedule an exam retake after 8 weeks
After the 3rd failed exam onward, a student may schedule an exam retake after 12 weeks

Type your comment> @NostromoLain said:

Type your comment> @da1y said:

I did the eJPT and eCPPTv2 very recently with pretty much HTB, CyberSecurityChallenge and some other CTFs as my ‘cyber’ experience… and 10+ years experience in Software/Tech. eCPPTv2 was a really good exam.

I did the OSCP exam on Saturday and Sunday, eCPPTv2 is probably harder in the respect of not being guided on what to attack and that you actually need to pivot but in terms of difficulty it was harder to ‘get in’ on the OSCP machines. Buffer overflow was similar in both exams. Reporting looks to be a bit stricter on OSCP, I think that is what I’ll fail on right now.

EDIT: I passed, sometimes being succinct isn’t a bad thing. :slight_smile:

I’m taking the eCPPTv2 this weekend, any tips? I’m stressing lol

Once you find your way in, take your time to explore everything. Don’t panic if you can’t get into every machine, maybe you don’t need to. Buffer overflow you can follow the many guides online, just screenshot everything you do.