Studying on Parental Leave

Look at this guy – him and I bonded together yesterday. My wife went back to work, and I chilled with him for the day. I gotta tell ya, he did really well on his bottle. It was honestly day 1, and he is starting to get the bottle down.

My little man!

Which leads to the next thing. So I am on parental leave till November, and I was hoping that I could get some studying in with this dude. Well, I need to be patient with myself since that’s not going to happen for a while – at least till we get used to each other. So, yah, it’s going to be slow going with OSCP again. I haven’t signed back up for the labs, which is good. There is a lot I can do without them and I once the labs are up, the clock is ticking to get them done.

I really , really want to pass this exam. I have to say though, I have already been really learning a lot, but I have a long way to go to pass. I think I can do it.

I wake up around 3 every morning!

Wazzup peeps.

I love waking up so early. Sure, sometimes I get a little sleepy, but nothing a cat nap (when I can get it in) won’t fix. So what do I do? Well… I am glad you asked.

  1. First thing, coffee. Who the hell can function without that dark source of life bearing drink
  2. Then it’s onto studying. Sometime. Like, today and yesterday I goofed a bit (oh man, Pihole is so friggen awesome)
  3. I meditate for about 10 minutes + the lesson somewhere between studying and 6 am.
  4. Around 6 am, I go for a jog. In fact, after I get off here and finish up this post, it’s onto running
  5. Come back, make lunch for Mila and chill with the fam

Then I go about my day. I have to say, it’s awesome. I get things accomplished and have some time to myself. Who needs sleep am I righzzzzzzzzzzz……..

That S*(&% hit me like a brick

Welp, my test date came, I logged in, got set up, saw what it was about, and was like – I need to really try harder here. I knew I wasn’t going to pass, and I didn’t even try. I was so not ready. With two kids, work, and little bits of studying, I wasn’t retaining the information and wasn’t going to pass. I did find out how the BoF is going to go down and the points on the test…. so that is good. But now, I need to reframe and think about how to do this.

I am on parental leave for 2 1/2 months. Which means I do not have work to worry about. I will need to take care of Andrew, but when he is sleeping, I can study. But I think approaching the OSCP is going to take a fundamental shift. I can’t just go through the labs and expect to break boxes, I need to go through the labs, explore the labs, and then break boxes. And take notes. Nuggets along the way, and also have a methodology down. It’s the only way. So I bought some notecards and thought I would break up the areas into six sections:

  1. Information Gathering
  2. Vulnerability Identification
  3. Research and Development
  4. Exploitation
  5. Post Exploitation

Information gathering will be netdiscover, nmap. Vulnerability Identification will be searching from the vulnerabilities. Research and Development will be setting up the vulnerability. Exploitation will be running the exploit, and post-exploitation will be priv escalation, etc.

Now, this might change as I pick up nuggets, but I think this is a good place to start. I have looked at a few, and I waffle with 2 & 3, whether they should be switched. Meh, I just need to start getting back into the journey.

I did a few Kioptrix boxes from Vulnhub, just to get a little footing, but I think starting tomorrow, I am going to re-signup for the labs and just do the studying all over again. I have to go deeper – study constantly. Try harder.

I started reading a book called “Deep Work” and it talks about how impactful work, the work you lock yourself into a room with, can bring change. For the next 90 days I am going to try harder. I really, REALLY want this cert. For me. I am not going to stop till I get it.

I need to commit more

This journey is slowing fading. I need really need to commit more on doing my OSCP studying. I decided to try to hook up with a tutor to get BoFs down, but I am slowly losing my knowledge on the other areas.

The idea of sticking to just doing BoFs is not working. I will work on them tonight, come up with some questions for my tutor, and then work on HTBs that are like the OSCP. I think that is the best approach at this point. And now, it’s off to work. I am going to get to work a bit early to see if I can leave early. And I am out. πŸ™‚

Welcome, Andrew Hunter!

July 5, 2019 3:47 pm, 7 lbs, 13 oz.

Less than five days ago, this little dude entered into my life and my family. I am so blessed to be another father to a healthy kiddo. Words can’t describe how I feel now – this week I am off of work, just taking care of my amazing wife and newborn.

The second time around, I am not as worried about everything – I can just relax, and enjoy him. I have been studying – Mila is with my in-laws, giving me some time to be with the baby. So back to studying! (58 days left!)

Back to buffer overflows!

Oh man, it’s 69 days till the exam now?!?

My wife is due any day now with our next kiddo. I have a huge paper that I am editing. Then I need to start working on more work, then more work, then, wait, what about OSCP studying? Damn it. I am getting worried.

I am currently at Starbucks on a Friday night, away from my family TRYING to get through my paper. I feel like adulting is just getting through one hurdle just to get through the next one. Or maybe that’s just life. Whatever. My countdown clock that pops up when I open a new tab in chrome is just counting down the seconds till I bomb my OSCP if I don’t do something drastic.

Why are you looking at me like that BEAR!?!?!

And there goes the break timer. Back at it. Back at working. I still have a dream to get to my OSCP, but work really is doing a number at my studying time.

Hack The Box!

Hello, friend. So I have 8 days left in the PWK course. 2 hours/day is not realistic on the weekdays, so let’s go with 1 for now. It takes like 30 min to just get back into the material, so yeah.

I am going to spend the last few days here going through BoF. Today, I just reviewed nc and ncat. Basic stuff we are working with here people. But it’s been sometime I have worked with this stuff… even just grepping commands when working with enumeration… like not even pentesting.

Hack The Box, baby.

Anyway, I also got set up on HTB, and put my little sticker on the right for all to see. I am a noob!! Yay! Actually I rooted one active box today. Ridiculously simple to grab the flags, but it was a nice little win. I will be working on HTB to brush up skills post PWK. I also got a VIP because I can then go through retired machines and walk-throughs, etc.

As my wife always says to me, it’s not when you get your OSCP, is that you get your OSCP. I honestly hope I get it before I die. ugh.

The Journey is so long and I am so tired

This is getting ridiculous. It’s mainly my fault, but some of these exercises in the labs make me want to bang my head on the wall – really hard.

I am trying, and documenting the exercises. I have been working at them for over five months now, and yes, there are a few that have given me some hiccups. The ones that are hitting me hard are using sqlmap to obtain a shell on a target machine, using password attacks that were described in the book, and the Port Redirection/Tunneling. A lot of this is my fault for not going harder at the problems, and faster. For example, I did get the BoFs, but that was seriously like almost a half a year ago.

It looks like I have 12 days left in the labs, and I am definitely not going to get 10 boxes as root and document them all in that amount of time. Oh yeah, I also signed up for the test in September. Oh, and my wife and I are expecting a child in July.

To make matters worse, the prices are going up. So, it’s been real, but I am not sure if I am going to get this cert any time soon. I am not quite sure where to go from here. So let’s analyze, shall we?

Option one:
(γƒŽΰ² η›Šΰ² )γƒŽε½‘β”»β”β”»

Okay, let’s put the table back….
┳━┳ ヽ(ΰ² Ω„Νœΰ² )οΎ‰

Let’s try that again:

  1. Just spend every morning for 2 hours in the lab and the exercises. Try to do the areas that you didn’t get (the exercises that you didn’t get) and if you don’t get them, it’s no biggie. Just try to get back into the material, and hit it hard for the last 12 days.
  2. Post-time: You didn’t get the 5 points. You’ll get them after your first attempt at the exam. Because face it, you aren’t going to pass your first attempt. So here is where HTB and ippsec walkthroughs will help you. Step one, find some free BoFs and PRACTICE them. You know that’s a solid 20 points.
  3. Walkthrough the boxes in July. Start figuring out your methods. Just try to get as comfortable you can to at least try the exam in September. August, keep on going. Learn as much as you can from tutorials, the book, watch the videos again and relate them to HTBs.
  4. Fri, 06 Sep 2019, 05:00 (America/New_York), just try.
  5. Buy 30 days of lab – $300 bones. Finish up the exercises and the boxes. Get the 5 points, then schedule your exam again. Take it.

Remember what your wife said, it’s not how quickly you pass, but when you pass. Don’t give up, don’t get scared. Just go for it. You got this.

Finally, I am getting to Metasploit. Wow.

Well, I haven’t written for a while, but my daughter turned 4, my wife is expecting in July, and I am waking up pretty early to start studying these days. It’s a slow process, but I’ll get there. My plan is finish the labs, practice on and take the test in early September. I feel like failing the first time is simply a right of passage, so if that happens, at least I’ll know what to expect for the next time. I will get this cert. It might take time, but I am going to get it.

I am getting to the end of the labs, and I know now why metasploit is last and why you can only use it on one box – it’s pretty powerful. I did use it to pop my first shell on the lab machines – using 08-067 to exploit SMB!

This gif never gets old…

I didn’t know about meterpreter before the exploit, so I was hanging onto my shell for dear life, trying to upload a privilege escalation executable using certutil and tftp, but the shell was non-interactive and yeah… didn’t get far. But I started reading about meterpreter and all I could think about is how I am going to root that box now with my new knowledge.

The labs ask to perform a few things that I had to skip and gain my knowledge on – i.e., using metasploit to dump hashes and pass the hash. So now, I have to go back and finish up those labs. My lab report, w/o and writeups of pwning the 10 machines is almost at 200 pages. I am not going to fail to get those 5 points. Even if I have to come back and pay for more lab time.

I will have to say that I am really enjoying my time learning through PWK. People slam it for not being current (the exploits and the material), but I think that’s part of it – TRYING HARDER. Also, forget that man, it’s a VERY solid foundation for pen testing.