Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: About to start PWB - Any tips?

From: admin () unmanarc com
Date: Thu, 05 Jul 2012 12:59:39 -0400
I suggest to take at least the 3 months...

The OSCP is a 3 stage
certification...

1. Exercises / Documentation

2. Labs

3. 24 hour
Exam

Having the skills, stage 1 could be done easily but not quickly,
there are too many exercises, and the report is large enough to take
that in consideration... hint: Its possible to do the exercises
offline***.

the stage 2 is interesting, there are many easy-to-hack
hosts, and few tricky ones.. don't try to use autopwn or nessus or similar
You need to spend a lot of time, if you are actually working, you will be 
doing this after-hours, and without giving details about OSCP labs,
remember that pen-testing is about backtracking, something that seems to 
be "easy-to-hack" could be a medusa trap. you could be trying for hours
or days in one vector (I.E. modifying exploits), and the answer is not
even that way (Or vice-versa). Sometimes the way to change your mind and find the path 
is sleeping...

Having knowledge in programming and operating systems
IS required. not optional. Everything in the lab could be done using the shortest path (I.E. Core Impact, metasploit autopwn), but, you wont be learning anything if you take that way, and I'm almost sure that you wont be able to pass the 
exam if you skip "the foundations".

Then the stage 3 comes...
Everything there is about "Try Harder"

And if its not clear.....


words of wisdom to remember: Try harder!

----

Regarding to the
setup:

Please use a good internet connection, without packet loss...


and:

1. dedicated harddware with backtrack... Its the best option,
specially if you want to use CUDA/OpenCL. and please, dd if=/dev/urandom of=/dev/sda until the end before installing the OS... remember that your computer would be exposed to "HACKERS", and they could have ZERO DAYS!!! 
Going trough that VPN is like taking a flight and knowing that everyone
in the plane have diseases like Ebola.

OR

2. VMware/VBox, its also
ok, you could manage the hash-cracking trough the host, you need about
4Gb for the /home, I don't think that you will be using more than 2gb,
including the study guide, and videos. I recommend another partition for the wordlist, and the rainbow tables and / (8gb without the rainbow, and 
Terabytes with rainbows)

They provides you a hash-cracker website, but
its wise to have your own.

/*Best Regards

Aaron*/
On 2012-07-05 04:32, Michele Orru wrote:

It obviously depends on your knowledge.
If you're skilled already, OSCP probably takes 1 month (not full time). 
CEH is crap, don't do it.

Cheers
antisnatchor
On Thu, Jul 5, 2012 at 9:22 AM, Chad King <sirkemera () gmail com> wrote:
Just a quick question for anyone that has taken the CEH or any offensive security certifications recently. How long did it take you to study the 
material and be ready for the tests?
On Mon, Jul 2, 2012 at 3:45 PM, Michele Orru <antisnatchor () gmail com> wrote: 

Do the labs, and be sure to be fast and prepared about Privilege
Escalation.
IMHO it was the most difficult part when I did OSCP.
OSCP is a great certification, and it's difficult also for experienced 
pentesters.
You'll have fun. When I did mine (passed on the first try), I've spent 20 hours (you have 24 hours for the exame) with 3 hours of sleeping. 

Though but very very nice.
You'll enjoy it.

Cheers
antisnatchor
On Mon, Jul 2, 2012 at 1:27 PM, Mustafa Qasim <alajal () gmail com> wrote: > On Wed, Jun 20, 2012 at 1:32 PM, Alex Dolan <dolan.alex () gmail com> 
> wrote:
>>
>> Hey guys I'm about to embark on the Pentesting With Backtrack course 
>> and was after any tips any one can give me.
>>
>> I'm fairly new to hacking and this will be my first training
>> experience with it. I'm pretty self-sufficient with Ubuntu and know my 
>> way around Windows okay. Any areas I should be focusing on and
>> brushing up before receiving the study materials?
>>
>> What do you recommend for hardware? Should I use a laptop and keep the >> same install running with me or will it be fine to move between home >> and work while I'm doing it and using a service like Dropbox to store 
>> my files and stuff? How much space should I allow for the BT5
>> partition?
>>
>> Thanks for any advice you can give.
>>
>> -Al
>>
>>
>> ------------------------------------------------------------------------ 
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an >> SSL certificate. We look at how SSL works, how it benefits your company and >> how your customers can tell if a site is secure. You will find out how to >> test, purchase, install and use a thawte Digital Certificate on your Apache >> web server. Throughout, best practices for set-up are highlighted to help >> you ensure efficient ongoing management of your encryption keys and digital 
>> certificates.
>>
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 
>>
>> ------------------------------------------------------------------------ 
>>
>
> Alex,
>
> I'm also getting warm up for OSCP. I am trying to spend some time with > exploits and WITHOUT metasploit/nessus hacks because both aren't of 
> any use in OSCP labs and exam.
>
> --
> Mustafa Qasim
>
> me () mustu info
> http://blog.mustu.info
>
> ------------------------------------------------------------------------ 
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an > SSL certificate. We look at how SSL works, how it benefits your company and > how your customers can tell if a site is secure. You will find out how to > test, purchase, install and use a thawte Digital Certificate on your Apache > web server. Throughout, best practices for set-up are highlighted to help > you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 > ------------------------------------------------------------------------ 
>



--
/antisnatchor


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.



http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1

------------------------------------------------------------------------






------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: