tag:blogger.com,1999:blog-1094392735627525300.post1300421867401113792..comments2023-06-02T00:46:19.118-07:00Comments on tekwizz123's Blog: OSCE Review and ExperienceUnknownnoreply@blogger.comBlogger19125tag:blogger.com,1999:blog-1094392735627525300.post-29159269454569816542016-01-19T14:49:41.265-08:002016-01-19T14:49:41.265-08:00And no problem on motivation, glad to hear that it...And no problem on motivation, glad to hear that it helped you out. As for overcomplicating the situation, most likely. I personally tend to do that a lot :)thetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-53697537541160866482016-01-19T14:48:17.767-08:002016-01-19T14:48:17.767-08:00Hey you can contact me at dGVrLndpenouMTIuM0BnbWFp...Hey you can contact me at dGVrLndpenouMTIuM0BnbWFpbC5jb20= if you want to pick my brain.thetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-4057443034769017892015-12-27T14:58:26.172-08:002015-12-27T14:58:26.172-08:00Thanks for the reply mate - really appreciate it. ...Thanks for the reply mate - really appreciate it. Looking back on it it's becoming apparent that I probably didn't enumerate properly, but I can't be sure... the only way I can be sure is if I'm put back into the same situation, which may or may not happen on the next attempt. One thing is for sure is that I'll keep going until I get it.<br /><br />Would love to catch up privately about it and general infosec (Z3JhZW1lLmNvd2llQG50bHdvcmxkLmNvbQo=) <br /><br />I know what you mean about the automated tools, I've already started knocking those up as on the first attempt I ended up encoding something backwards (You'll know what I mean) - big costly mistake which soaked hours. <br /><br />Thanks again!<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-43603430513666163422015-12-27T11:00:09.263-08:002015-12-27T11:00:09.263-08:00Hey mate,
Don't feel so gutted about failing ...Hey mate,<br /><br />Don't feel so gutted about failing it on the first attempt. I did so as well as did most people I know. As a matter of fact failing it the first time is actually a good thing because it teaches you a lot and forces you to go over things and make sure you learn them for the second attempt.<br /><br />My advice for you is to go through what you did for your exam. What worked for you? What didn't work? Take notes whilst your mind is fresh. List all of these things down so you can go through it later when you might have forgotten things.<br /><br />Next, make sure you can do all of the things you did successfully as quickly as possible. Where applicable, try to automate the tasks so you spend less time on them. You want to be focusing on what you didn't successfully complete as much as possible on the exam.<br /><br />Finally, for the stuff that you didn't complete, look over it. What was it that you didn't get? Was it a concept you didn't get? If you can't find the concept, what is confusing you about it? Do more research until you get to the concepts you don't understand. When you find them, do research into them until you really get everything that is going on. Go over any related material in the courseware, as well as any areas you think you are weak in and need more practice. Don't try to cover the whole material as you probably won't have enough time.<br /><br />Once you have done this, train train train. Make some sample VMs and try to simulate the problems you encountered in the exam. Whilst the exams will often try to trick you up, if you understand the base concepts it will make it a lot easier to solve the problem at hand. This only comes with practice so you need to try to challenge yourself as much as possible here.<br /><br />As for the WebFu, remember that for a lot of web challenges, enumeration is key. I have had several web applications that I've looked at before and initally thought they were quite secure but when I started enumerating their entire attack surface and methodically probing every possible entry point, I found they were actually pretty damn weak. Test each entry point one by one and be aware that your attack my affect other parts of the application (stored XSS for example).<br /><br />I hope this helps. Again practice, enumeration, and automation in summary :) Feel free to ping me if anything isn't clear, happy to try explain things more :) thetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-605438934143508702015-12-27T10:21:31.666-08:002015-12-27T10:21:31.666-08:00Hi thetekwizz,
Great blog Post on the OSCE...
Li...Hi thetekwizz,<br /><br />Great blog Post on the OSCE...<br /><br />Like you I have just failed the OSCE at the first attempt, I'm absolutely gutted. I failed on the WebFu though so have a bit to do in that area - was wondering what else you would recommend for the challenge?<br /><br />It's silly because I have the Web Hackers handbook and went through it as part of my learning. <br /><br />Any assistance appreciated.<br /><br />Cheers.<br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-38642076792071028722015-11-15T04:52:22.037-08:002015-11-15T04:52:22.037-08:00Hey there,
I would nessisarily say there are any ...Hey there,<br /><br />I would nessisarily say there are any reference books however being familiar with the material in the OSCP courseware would be highly recomended. Having compelted your exam I would just make sure you go back over the coursework and make sure that there are not any areas where your not completly sure about the material.<br /><br />Additionally it is recommended that you go through the Corelan material on exploitation development till you know how to do buffer overflows, SEH overflows and egghunters comfortably. If you have time, you may want to look into some of his more advanced material just to be sure you can wrap your head around more advanced topics but this is not nessisary.<br /><br />You should also be able to take any exploit (SEH, stack overflow or egghunter based that is) and recreate it from scratch. That being said you will learn more about this during the class but being able to do this beforehand will save a lot of time and potential pain.<br /><br />If you are having trouble with Corelan's tutorials, take a look at Lupin's tutorials from thegreycorner which go over the same concepts in simpler details. Once you have done his tutorials though I would recommend then going back to Corelan's tutorials just because he covers things in deep detail (and this detail will help you a lot during the course.<br /><br />Once you have done all of this, take a read through the Web Application Hacker's Handbook. Whilst web is not a huge element of the course, you should be familar with the basic terminology of web security as well as the theory and concepts behind it. Personally though I find the book to be rather large to go through so if you want more hands on you can also do Webgoat or take a look at some web challenges online from places like VulnHub.<br /><br />Please feel free to ask me any further questions you may have :)thetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-76976014372219678512015-11-12T19:46:14.925-08:002015-11-12T19:46:14.925-08:00Thank you for the review . I have just finished my...Thank you for the review . I have just finished my OSCP and going to take the CTP course. Are there any reference books for CTP which you recommend to build up a good foundation before starting ?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-13793048670365703492015-08-16T05:14:19.541-07:002015-08-16T05:14:19.541-07:00Of course if you have done OSCP you should know wh...Of course if you have done OSCP you should know what the OSCE would be like a lot more. Bascially speaking if your asking me what you should do if your starting from scratch this is probably not the course for you at the moment.thetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-73258557288494614492015-08-16T05:13:22.432-07:002015-08-16T05:13:22.432-07:00Basic exploit development skills
Python knowledge ...Basic exploit development skills<br />Python knowledge - Be able to script your own tools on the fly<br />Debugging knowledge (comes with exploit development)<br /><br />Basically know how to create exploits comfortably to the level where the majority of the common exploits out there today are not a problem for you to recreate yourself. You don't need to go down the ROP or Unicode path where you get into more advanced exploits however, but you should know most of the other stuff, how it works, how to modify it, and be able to recreate it from the vuln POC into a fully working exploit without any help.thetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-43451558331818903132015-08-15T23:52:27.353-07:002015-08-15T23:52:27.353-07:00If you start from scratch, what materials or topic...If you start from scratch, what materials or topics should be covered before attempt? Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-6179454734991002682015-05-05T11:34:57.578-07:002015-05-05T11:34:57.578-07:00Not sure if you can retrieve my e-mail via my Goog...Not sure if you can retrieve my e-mail via my Google profile, but it's ak dot haxme at gmail dot com.Anonymoushttps://www.blogger.com/profile/15304032321557126454noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-68743297410319267672015-05-05T11:30:39.439-07:002015-05-05T11:30:39.439-07:00Hi.
Would you mind sending me an e-mail so we can...Hi.<br /><br />Would you mind sending me an e-mail so we can communicate about the OSCE in private?<br /><br />Thank you.Anonymoushttps://www.blogger.com/profile/15304032321557126454noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-49907672789786097652015-03-18T05:11:44.682-07:002015-03-18T05:11:44.682-07:00Also, if you take the exam twice you will learn a ...Also, if you take the exam twice you will learn a lot about your own problems and mistakes. I have no regrets about taking the exam twice myself as it allowed me to learn a lot more that way and I feel if I had of taken the exam once it wouldn't have given me the same learning experience :)thetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-26800206555015080612015-03-18T05:10:30.110-07:002015-03-18T05:10:30.110-07:00It should be pretty clear after your first exam at...It should be pretty clear after your first exam attempt what you need to research and where you need to improve your skills.<br /><br />If you want to do some training before the exam go ahead and try replicate the techniques shown in other situations. Get familiar with what possible situations that could be thrown at you and how to deal with them so when it comes time for the exam you are ready.<br /><br />I can't really say much more other than that, best bet is to just be prepared for as much as possible so the exam doesn't hit you with too much suprisethetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-39761914395919034072015-03-17T22:52:23.000-07:002015-03-17T22:52:23.000-07:00Hi, again.
I just completed all the CTP modules a...Hi, again.<br /><br />I just completed all the CTP modules and have over 40 days of lab time left. I was wondering if you could list your sources for research, especially those you used after your first exam attempt. I want to best utilize this time and get as much hands-on (relevant) practice as I can to prepare. I really don't want to take this exam twice.<br /><br />Thank you.AKnoreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-76323476211147632022015-02-08T15:34:30.566-08:002015-02-08T15:34:30.566-08:00Generally? About a week to two weeks but it depend...Generally? About a week to two weeks but it depends on the person in my opinion.thetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-19405780956280305132015-02-08T07:35:31.344-08:002015-02-08T07:35:31.344-08:00How much time did you need for your personal resea...How much time did you need for your personal research between your first and second attempts?AKnoreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-85442519085081053792015-02-05T15:33:38.154-08:002015-02-05T15:33:38.154-08:00Generally using the generic Kali image should be s...Generally using the generic Kali image should be sufficent, shouldn't need anything special. If the image works for PWK it should be fine to use for CTP.<br /><br />As for the question as did I find out what I was doing wrong? Yes I did in the end but after finding it out I realized I was on the right path, just ran out of time in the exam. It was probably one of the biggest learning experiences I've had though :)thetekwizzhttps://www.blogger.com/profile/07021907186760706163noreply@blogger.comtag:blogger.com,1999:blog-1094392735627525300.post-34418535140640077692015-02-05T12:26:29.461-08:002015-02-05T12:26:29.461-08:00Hello!
If you have taken the PWK course and used ...Hello!<br /><br />If you have taken the PWK course and used their custom i486 Kali image for that, could you reuse the image for the CTP or is there another one built specifically for it?<br /><br />I read in another review blog written by someone who also had trouble exploiting a certain box on the exam remotely, even though his exploit worked locally. Did you ever find out what you were doing wrong? Like, after you pass the OSCE, does a new section in the forums open for you like it does for the OSCP?<br /><br />Thank you.AKnoreply@blogger.com