Read on Twitter
(not back into Tweeten, but had to share this)
I opened up my OneNote thinking about step 1... and then I was checking my saved items on twitter and stumbled upon @johnjhacking's post https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/ and "Oh my God, where do I even start?" resonates so much right now! o.o
I opened up my OneNote thinking about step 1... and then I was checking my saved items on twitter and stumbled upon @johnjhacking's post https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/ and "Oh my God, where do I even start?" resonates so much right now! o.o
srsly, just on my onenote. Not counting the rest of my saved items on twitter.
every single time I try to start this shit (I think I'll just leave this an open thread for my "road to OSCP"?) I end up down the same rabbit holes.
Do I really know enough of the basics? I mean, I've got some academic background (I have no idea how Brazilian reality relates) +
Do I really know enough of the basics? I mean, I've got some academic background (I have no idea how Brazilian reality relates) +
+ but is that enough? Maybe I should try going for something like CompTIA's Network+ first...?
Then I see that it currently costs R$1700+ just to take the test. With nothing more. No fucking way I'm burning that cash for something that's, honestly, going to end up being useless!
Then I see that it currently costs R$1700+ just to take the test. With nothing more. No fucking way I'm burning that cash for something that's, honestly, going to end up being useless!
And I'm only pressuring myself for going for OSCP because I'm in love with the subject and I've won a voucher last year. It really feels like it's the universe saying "GO DO THAT SHIT. HERE. I'M GIVING IT TO YOU."
Still taking from @johnjhacking's article, I've always laughed at this meme while feeling it backstabbing at me. I mean, I've graduated in network administration here in Brazil, so I'm pretty confident my networking and basic encryption knowledge are solid.
Most of the work I've done the past 10+ years have involved automating stuff with cmd/bash/powershell, so while making a game still looks like magic to me and I really don't consider myself a programmer, I know my logics and can Google my way thru whatever I need on that field.
Theoretically, all the basic steps from the meme, I've got them. So I shouldn't see myself as that n00b hacker. And I do know it's only that crappy imposter syndrome that throws me on that backstab.
I even got to take on EXIN's ISFS and CISEF a while back and they seemed like easy certs for me, while I've heard a LOT of people have trouble with them - so, one more for the imposter.
Ok, enough rambling, let's get back to studying.
Ok, enough rambling, let's get back to studying.
Got a little bit sidetracked there because a fellow staff from somewhere called out to me saying we should set up an OSCP study group and I got all excited about that and. yeah. Distracted.
Back on track, still reading John's article (I even got a shoutout from him!)
Back on track, still reading John's article (I even got a shoutout from him!)
Ok, I already have one tip to add on this thread: don't dismiss things as "noob stuff" and skip them. Take your time to read and watch stuff - even noob stuff can teach you something new.
In my case, I think I've never took the time to read about proxychains in depth. Doing now.
In my case, I think I've never took the time to read about proxychains in depth. Doing now.
I mean, I do know how they work "in general", I understand the concept, and I'm pretty sure if I had to use it somewhere I'd be able to easily google it and get it done.
But I really never stopped to read about it, see it in action. Actually reminds me of a few older games
But I really never stopped to read about it, see it in action. Actually reminds me of a few older games
From John's beginner tips, I really loved 4 (don't listen to gatekeepers - actually, @dcg5511 has a talk with @jaysonstreet that was amazing and talks about this
) and 7 (and I feel like 2020 has been all about this one, for me - met so many and such amazing peeps out there!)
) and 7 (and I feel like 2020 has been all about this one, for me - met so many and such amazing peeps out there!)
Going back a little bit, John gives you a tip to "learn to adapt". This is truer than I think he thought about - he was talking about @georgiaweidman's book and that the techniques there are dated... But you need to adapt ALL THE TIME.
Even if you try to go for a more practical learning, like @hackthebox_eu's Starting Point course to follow their walkthrus, you need to adapt, because if you try to follow it blindly, most things simply won't work
And you shouldn't expect them to. Things change all the time!
And you shouldn't expect them to. Things change all the time!
Thought I see how much from what I've read and did (like @RealTryHackMe's Advent of Cyber) would be useful and how much I'd absorbed about all this so far.
Decided to try my hand at an easy @hackthebox_eu machine.
Decided to try my hand at an easy @hackthebox_eu machine.
My enumeration seems to be good, but my understanding of "where do I go from here" seems to be lacking when there's nothing obvious slapping me in the face.
Let's hit the web a little, shall we?
Let's hit the web a little, shall we?
Ok, the spoiler-free forums were useless to me. I kept banging my head around to no success. I'm giving myself a break here and putting me back in the noob place - take things down a notch.
Found a video walkthru that, while showed things done, explained nothing. Useless.
Found a video walkthru that, while showed things done, explained nothing. Useless.
I mean, if my goal was simply to score points, it'd have been amazing. But that's not what I'm after, screw points, I want to learn, understand what's going on.
Found another walkthru (I find it really weird how many of those are, considering it's against the rules). Gold.
Found another walkthru (I find it really weird how many of those are, considering it's against the rules). Gold.
This one explained most of the stuff done. Which piece of info made them go a certain path, most of the time. The initial foothold is still a mistery to me, but I really can't find any material explaining how to spot this when looking at things.
*MAGIC*, you know?
*MAGIC*, you know?
I've got to the user and root flags for this one, while writing up what I researched, what I read on the writeup, and I understood from it and even 2 bits I had to adapt from it because I couldn't get to work as explained.
But I'm still researching on that damn foothold...
But I'm still researching on that damn foothold...
OOOOOOOOOOOOOOOOOOOOOOOH DAMN. Now I get it.
bottom line for today is: penetration testing/bug bounty/researchers, they all must have an AMAZING memory, or an absurdly enormous humongous checklist, because for me it's absolutely impossible to memorize tiny details like these
