Registering for the OSCP





Alright so OSCP, this insane crazy test that sounds so difficult. When looking into what certifications I wanted to pursue, I found this quote "The CEH will get you an interview, the OSCP will get you the job" . I am by no means a pentester or even a cyber security analyst, my skills are not that strong and the force is definitely not with me otherwise I'd not apply to jobs at places like Walmart right now. I considered these other cerifications before settling on this.

 Why I'm stupid and chose to try harder.

  • -CISSP without 5 years experience in IT, I chose not to pursue this. Higher level blue teaming
  • -CEH, while this is good, I do not feel I have the backend technical ability to justify taking this, first hand as an analyst, concepts and practice are two separate things. Entry level Red & Blue teaming
  • CASP, Higher level blue teaming
  • GIAC anything, I like SANS and all but it's expensive and I am not that rich homies
  • CSA+, I considered this heavily since I had a coupon for a voucher, however I chose not to pursue it since it is newer and not as recognized New mid level blue team
  • eJPT, The exam looked too easy Beginner red team
  • eCPPT, This gets an honorable mention, the eCPPT is kind of equivalent to a modern updated version of the OSCP. I really really considered this exam as a company that recognized it would consider my resume priority. However I already face a barrier with interviewers and I wanted the recognizability, plus, my accomplishments outside of that mean more than any certification would. Mid level red team
  • Anything else, is too specialised, oriented towards management, or not as easily recognizeable
    I need a jumping off point to get into cyber security and this seems the best way to do it. After completing this course I will try to do some bug bounties and get a CVE or OSVD added to my resume.


    Registration


    Before I registered for the test I needed a domain. Maybe you have an email and a website but I didn't. I knew I wanted a domain ending in '.ninja' but I didn't know what exactly to call it. After a day of deliberating I remembered the hacker playbook 2! The imaginary company of SUCK (Secure Universal Cyber Kittens) and registered http://www.cyberkittens.ninja as my site. For the sake of keeping my totally original and creative name intact I wanted to see if cyberkittens.com was available. No, but, I may be in luck, the person who registered it is offering to sell it through a broker!




    Wow, that's more than I've ever made at a job in my life. He asked for a counter a bit later, I offered him 60$. Even at that price I'd rather gamble that much money because I'd have a better chance at making a profit that than making a profit by purchasing that domain. It's a good thing he didn't say yes because I don't have that much in my checking at the time. It expires next year so fingers crossed.

    So I own the domain cyberkittens.ninja and nothing else. I purchased it through google, payed another 5$/month to set up G suite for email, and registered for my course. I didn't want to include any private information, fortunately it seems there wasn't much. Lets take a look.



    I knew the exam was 24 hours long. But there is a bit in there that is important. 8 hours of video to download, a 350 page book, and the average student reports spending a minimum of 100 hours. That is scary stuff. I'm glad I purchased the 90 day course.

 Also beware, I was and still am unsure of where I sit with my Linux abilities. This course will take a lot of work and this email serves as a warning that no one should take this lightly, but if we are, it can't be worse than installing Gentoo.











After this I need to provide a government identification since my email is new and not with an established company. I really considered adding a picture of my drivers license here but chose not to. After this I was allowed to connect to their lab, I did not explore, it seemed like a bad idea. I pinged the test server and averaged about 200ms, not great but it's acceptable for the course. Following I paid for my registration at a local address, 1150$ 90 days,  starting Sep 9th. I am trying to complete this as if it were a 60 day course.

Comments

Post a Comment

Popular posts from this blog

Thoughts on ISSA talk on using AI to automate security

Recently I attended the ISSA presentation in MN, the description of it: The Power and Potential of Robotic Process Automation. And the Security Risks. Please join us on March 22 nd  as we explore the powerful and emerging Robotic Process Automation technology in regards to what IT security professionals need to know about RPA platforms . Robotic process automation (RPA) is a powerful and emerging technology that streamlines and standardizes many human user processes as well as harmonizes different systems across an organization’s environment. So what do IT security professionals need to know about RPA platforms? Very simply, it is a new attack vector and organizations need to start to understand their risk. Because RPA software interacts directly with business applications and mimics the way applications use and mirror human credentials and entitlements, this can introduce risks when the software robots automate and perform routine business processes across multiple
Read more

Bandit 12

Bandit 12 bandit12@bandit:~$ ls data.txt bandit12@bandit:~$ mkdir data bandit12@bandit:~$ cp data.txt ./data bandit12@bandit:~$ cd data bandit12@bandit:~/data$ ls data.txt bandit12@bandit:~/data$ file data.txt data.txt: ASCII text 0000000: 1f8b 0808 4572 4259 0203 6461 7461 322e ....ErBY..data2. 0000010: 6269 6e00 0143 02bc fd42 5a68 3931 4159 bin..C...BZh91AY 0000020: 2653 59a3 fd61 8800 0019 ffff dffb 1ff5 &SY..a.......... 0000030: f7d7 dfdb fe4f ffb3 b5f7 ffdf b2d8 fefb .....O.......... 0000040: e7dd fffa fefd 7f7b d1fb fe3f b001 3b56 .......{...?..;V 0000050: a106 81a0 1a00 07a8 0068 01a1 a69a 0000 .........h...... 0000060: d1a0 d034 6868 34f5 0641 a000 000d 000f ...4hh4..A...... 0000070: 5064 00d0 321a 69e9 0323 1a27 a883 4003 Pd..2.i..#.'..@. 0000080: 41a0 01ea 0000 0003 4000 0068 7a4f 4800 A.......@..hzOH. 0000090: 0c8c 803d 41a0 64d1 a3d4 d1a3 6a68 01a0 ...=A.d.....jh.. 00000a0: 34da 8340 003d 4347 a83a 69a6 8699 0034 4..@.=CG.:i....4 00000b0: 3203 4610 3
Read more

Bandit level 14

Bandit 14 Level Goal The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost . Commands you may need to solve this level ssh, telnet, nc, openssl, s_client, nmap Helpful Reading Material How the Internet works in 5 minutes (YouTube) (Not completely accurate, but good enough for beginners) IP Addresses IP Address on Wikipedia Localhost on Wikipedia Ports Port (computer networking) on Wikipedia Okay so I know telnet doesn't have authentication. I know I'm probably using that so I check the man page. Synopsis telnet [ -8EFKLacdfrx ] [ -X authtype ] [ -b hostalias ] [ -e escapechar ] [ -k realm ] [ -l user ] [ -n tracefile ] [ host [ port ]] Okay so the command will be "telnet localhost 30000", remember those instructions from the previous level on where that password was? Neither do , lets read it again! "The pa
Read more