Start of my blog for OSCP (WORK IN PROGRESS)
How It Started
I started my cyber security journey in 2016. After graduating college, I decided this career would provide enough variety and mental stimulation to keep me interested for, hopefully, my entire life. I found a mentor that runs a consulting group in DC and he advised to go work for an MSP. This would help me gain a full understanding of the fundamentals of IT (you can’t crack a safe until you know how it is designed). I worked for a local MSP for a few years and I decided it was time to transition to penetration testing. After a few engagements with a senior tester, it was obvious I needed to develop better processes and understanding of pentesting workflows. So here I am, blogging and studying for the OSCP. As studying is more important than blogging, most of my efforts will be towards that. For now I will add bullet notes.
Lessons Learned So Far (abridged)
- Enumerate more than you think
- Forums are great but don’t rely to much on them
- Set timer to avoid rabbit holes
- 2 - 4 boxes a day is only useful if something is learned every box
- No matter how tedious document everything
Test Attempt One
- Enumeration for Windows Environments was too slow. Missed key data early and set me back 3-4 hours
- Need to improve on the following: Web App vulnerability enumeration, Buffer Overflow
Test Attempt Two
Passed! Now time to finish some write ups and revamp the home lab.
Helpful Links
https://book.hacktricks.xyz/welcome/readme