So I’ve done most of the easy boxes, both live and retired in preparation for my OSCP, and am currently ranked hacker. I’ve learned a lot during this time but am sort of plateauing in skill at this point. Every box that is on TJNull’s list is doable for me with enought time. I was wondering what my next focus should be for learning in order to up my rank and start doing boxes that are harder than the OSCP. Is it about learning more modern tech and software? or it just practicing my methodology by doing harder and harder boxes? Do harder boxes just require more enumeration or is there something else that makes them hard that must be learned. Simply what should be my next steps in order to get to Guru or Omniscient?
To start doing harder boxes, just start doing them. Ratings are pretty subjective, so it’s not like there is a clear cutoff “you’ll need these skills to do boxes harder than X”. Methodology is always imo the most important thing as it’s kind of like your foundation, so every box is an opportunity to continue practicing that. So I would just start doing them and see how it goes.
As for what makes boxes harder, I think it’s mostly the number of steps involved, you might have to start chaining vulnerabilities in order to gain that foothold or get the flag. Also you might have to start writing your own exploit scripts or at least making some changes to get the scripts you find to work. Being able to google well and figure out more unfamiliar technologies will come into play a lot more. You’re never going ot be able to be aware of or be proficient at all the technologies that you’ll find and need to exploit to pop a box, but being able to work with things you are unfamiliar with or how to find the important information about them is definitely a skill, and one that comes into play the harder things get.
In general you should have some kind of idea about what your strengths and weaknesses are, so you can always focus on your weaknesses in order to improve them, through targeted work. Maybe it’s learning more about the technology or ideas/principles involved, maybe it’s being able to find challenges that specifically target those skillsets. Really depends on what it is. You seem to have a pretty solid gameplan in place and an analytical approach to improvement, so I would lean in on that and make whatever plan makes the most sense to you. You aren’t committed to anything, so try something, if it doesn’t work, re-evaluate and try again. Don’t stress about it being wasted time if you try something that isn’t the most optimal, you’ll end up wasting far more time trying to find the most optimal path than if you just pick a path and start walking, and then change direction as needed.
Are you currently enrolled in the OSCP? They apparently just made some big changes to the test and stuff, I haven’t really followed it, but you might want to take a look at what those are, as that might change your method of approach on what you want to focus your time and learning on given that as your goal.
2 Likes