This isn’t going to be a write up of my experiences with OSCP. However happy to answer any questions that don’t break OS rules.
As the title states, I’ve recently cleared my OSCP. Considering next steps.
Little about me, I’ve been a network engineer for the past 6 years. I’m the sort of person that gets bored easily and always wants a challenge. So July 2019 I started on HTB (had no intention to do my OSCP), ippsec videos, all the good OSCP prep sites. Fast forward to November 2019 I’m OSCP certified.
I’m considering next steps. I start a new job in a week, they need a senior network engineer to finalise a big contract they have for the first 6 months. I’ve made it clear that my intention is to break into the security field, always been a passion of mine. They are keen to support me in doing this considering the supply/demand for people/roles is woeful at the moment.
However I don’t like sitting idle, I can do network engineering in my sleep. I need something to preoccupy my mind out of hours.
Looking at OSWE or OSCE, both look interesting, a friend of mine suggested eWPT. Should I start with eWPT and then consider OSWE? What did you do?
Alternatively, should I start looking into bug bounties? With the intention to get experience under my belt? Where do I begin?
Regards,
0x16
congrats go for elearn security course as they are up to date
I did PTS roughly 1.5 years ago and OSCP a half year ago.
PTS gives you a bit of understanding, especially if you are not familiar with using Linux.
But in terms of difficullty you can not compare both. its just diffrent leagues.
If you want some more Infos you can PM me.
I did PTS roughly 1.5 years ago and OSCP a half year ago.
PTS gives you a bit of understanding, especially if you are not familiar with using Linux.
But in terms of difficullty you can not compare both. its just diffrent leagues.
If you want some more Infos you can PM me.
I did the eJPT and eCPPTv2 very recently with pretty much HTB, CyberSecurityChallenge and some other CTFs as my ‘cyber’ experience… and 10+ years experience in Software/Tech. eCPPTv2 was a really good exam.
I did the OSCP exam on Saturday and Sunday, eCPPTv2 is probably harder in the respect of not being guided on what to attack and that you actually need to pivot but in terms of difficulty it was harder to ‘get in’ on the OSCP machines. Buffer overflow was similar in both exams. Reporting looks to be a bit stricter on OSCP, I think that is what I’ll fail on right now.
EDIT: I passed, sometimes being succinct isn’t a bad thing.
I did the eJPT and eCPPTv2 very recently with pretty much HTB, CyberSecurityChallenge and some other CTFs as my ‘cyber’ experience… and 10+ years experience in Software/Tech. eCPPTv2 was a really good exam.
I did the OSCP exam on Saturday and Sunday, eCPPTv2 is probably harder in the respect of not being guided on what to attack and that you actually need to pivot but in terms of difficulty it was harder to ‘get in’ on the OSCP machines. Buffer overflow was similar in both exams. Reporting looks to be a bit stricter on OSCP, I think that is what I’ll fail on right now.
EDIT: I passed, sometimes being succinct isn’t a bad thing.
Can you please share your experience on how to avoid rabbit holes during OSCP exam? it cost me a lot during my last attempt
The best advice I can give is if you aren’t hitting user or root on a box within 2 hours, move on to another box - including the buffer overflow. Easy to keep making the same mistake, go to something else and it might become clearer after, I spent 2 hours on buffer overflow because I had misspelled the variable with my shellcode, I just couldn’t see it until I came back to it after rooting the 10 an 20 pointers.
It’s a bit of a game to get the points needed, concentrate on getting the point count up then re-visiting the time thieves as you can then dedicate the time to them knowing what you theoretically have in the bank.
If you think you are hitting rabbit holes on all of them, you might be missing some knowledge/understanding or you just got a hard rotation of exam machines, but the 10 and 20 pointers were pretty fast for me, the overflow took a bit longer than i’d have liked, the other 2 I only managed user on and I was hitting what it sounds you were trying to escalate after gaining user, but gaining user was pretty clear on those for me.
I did the eJPT and eCPPTv2 very recently with pretty much HTB, CyberSecurityChallenge and some other CTFs as my ‘cyber’ experience… and 10+ years experience in Software/Tech. eCPPTv2 was a really good exam.
I did the OSCP exam on Saturday and Sunday, eCPPTv2 is probably harder in the respect of not being guided on what to attack and that you actually need to pivot but in terms of difficulty it was harder to ‘get in’ on the OSCP machines. Buffer overflow was similar in both exams. Reporting looks to be a bit stricter on OSCP, I think that is what I’ll fail on right now.
EDIT: I passed, sometimes being succinct isn’t a bad thing.
I’m taking the eCPPTv2 this weekend, any tips? I’m stressing lol
You can find the old and new Exam Retake policies below.
Current Policy
Students may schedule an exam retake within 90 days of the exam retake cooling off period as follows:
After the 1st failed exam, a student may schedule an exam retake after 1 week
After the 2nd failed exam, a student may schedule an exam retake after 2 weeks
After the 3rd failed exam, a student may schedule an exam retake after 3 weeks
After the 4th failed exam onward, a student may schedule an exam retake after 6 weeks
Future Policy, effective on the 17th of February, 2020
Students may schedule an exam retake within 120 days of the exam retake cooling off period as follows:
After the 1st failed exam, a student may schedule an exam retake after 4 weeks
After the 2nd failed exam, a student may schedule an exam retake after 8 weeks
After the 3rd failed exam onward, a student may schedule an exam retake after 12 weeks
I did the eJPT and eCPPTv2 very recently with pretty much HTB, CyberSecurityChallenge and some other CTFs as my ‘cyber’ experience… and 10+ years experience in Software/Tech. eCPPTv2 was a really good exam.
I did the OSCP exam on Saturday and Sunday, eCPPTv2 is probably harder in the respect of not being guided on what to attack and that you actually need to pivot but in terms of difficulty it was harder to ‘get in’ on the OSCP machines. Buffer overflow was similar in both exams. Reporting looks to be a bit stricter on OSCP, I think that is what I’ll fail on right now.
EDIT: I passed, sometimes being succinct isn’t a bad thing.
I’m taking the eCPPTv2 this weekend, any tips? I’m stressing lol
Once you find your way in, take your time to explore everything. Don’t panic if you can’t get into every machine, maybe you don’t need to. Buffer overflow you can follow the many guides online, just screenshot everything you do.
