Studying on Parental Leave

Look at this guy – him and I bonded together yesterday. My wife went back to work, and I chilled with him for the day. I gotta tell ya, he did really well on his bottle. It was honestly day 1, and he is starting to get the bottle down.

My little man!

Which leads to the next thing. So I am on parental leave till November, and I was hoping that I could get some studying in with this dude. Well, I need to be patient with myself since that’s not going to happen for a while – at least till we get used to each other. So, yah, it’s going to be slow going with OSCP again. I haven’t signed back up for the labs, which is good. There is a lot I can do without them and I once the labs are up, the clock is ticking to get them done.

I really , really want to pass this exam. I have to say though, I have already been really learning a lot, but I have a long way to go to pass. I think I can do it.

That S*(&% hit me like a brick

Welp, my test date came, I logged in, got set up, saw what it was about, and was like – I need to really try harder here. I knew I wasn’t going to pass, and I didn’t even try. I was so not ready. With two kids, work, and little bits of studying, I wasn’t retaining the information and wasn’t going to pass. I did find out how the BoF is going to go down and the points on the test…. so that is good. But now, I need to reframe and think about how to do this.

I am on parental leave for 2 1/2 months. Which means I do not have work to worry about. I will need to take care of Andrew, but when he is sleeping, I can study. But I think approaching the OSCP is going to take a fundamental shift. I can’t just go through the labs and expect to break boxes, I need to go through the labs, explore the labs, and then break boxes. And take notes. Nuggets along the way, and also have a methodology down. It’s the only way. So I bought some notecards and thought I would break up the areas into six sections:

  1. Information Gathering
  2. Vulnerability Identification
  3. Research and Development
  4. Exploitation
  5. Post Exploitation

Information gathering will be netdiscover, nmap. Vulnerability Identification will be searching from the vulnerabilities. Research and Development will be setting up the vulnerability. Exploitation will be running the exploit, and post-exploitation will be priv escalation, etc.

Now, this might change as I pick up nuggets, but I think this is a good place to start. I have looked at a few, and I waffle with 2 & 3, whether they should be switched. Meh, I just need to start getting back into the journey.

I did a few Kioptrix boxes from Vulnhub, just to get a little footing, but I think starting tomorrow, I am going to re-signup for the labs and just do the studying all over again. I have to go deeper – study constantly. Try harder.

I started reading a book called “Deep Work” and it talks about how impactful work, the work you lock yourself into a room with, can bring change. For the next 90 days I am going to try harder. I really, REALLY want this cert. For me. I am not going to stop till I get it.

Oh man, it’s 69 days till the exam now?!?

My wife is due any day now with our next kiddo. I have a huge paper that I am editing. Then I need to start working on more work, then more work, then, wait, what about OSCP studying? Damn it. I am getting worried.

I am currently at Starbucks on a Friday night, away from my family TRYING to get through my paper. I feel like adulting is just getting through one hurdle just to get through the next one. Or maybe that’s just life. Whatever. My countdown clock that pops up when I open a new tab in chrome is just counting down the seconds till I bomb my OSCP if I don’t do something drastic.

Why are you looking at me like that BEAR!?!?!

And there goes the break timer. Back at it. Back at working. I still have a dream to get to my OSCP, but work really is doing a number at my studying time.

Hello world. Long time coming.

I sometimes tease my wife for starting things, and then never really finishing through on them.  Like starting a project, and then it falls by the wayside.  It’s very hypocritical of me, as I myself start so many things, with a passion that later dwindles.  Not this time.

Case in point.  This isn’t my first blog.  I have little blogs stored in the crevices of the Internet that I am not sure where they all are.  I have been a Web Design Studio (fully equipped as an LLC), I have done DJing, I have been a radio broadcaster, and a podcaster all under the iMova “umbrella” of my online identity.  This part of the Internet,, has been patiently “under construction” for what feels like an eternity.

When I started as a “photographer” by creating a flickr account, it was in Bettles, Alaska at 2 am on my birthday when the sun was still in a haze above the arctic circle.  How fitting would it is then to start my “cybersecurity blog” on my birthday.   2 am today.

See, I want to be a Penetration Tester.   I want to be a good, confident (that’s half the battle), technical penetration tester.  So I have been picking up books and committing to someday, get a real technical certification under my belt, my Offensive Security Certified Penetration Tester (OSCP) certification.  I just picked up The Hacker Playbook 3, as working through Georgia’s Penetration Testing book has been good, I got stuck sometimes as the tech is getting old in that book.

Reading the introduction to The Hacker Playbook, Peter Kim harps on the criticality to have your own site, that your own public blog speaks volumes.  I always knew this.  Following up, I am inspired by the richest man on the planet, Jeff Bezos, who said that if he never tried this Internet thing, he would never know he could ever do it.

So here it is, my attempt to try to work into Penetration Testing.  I think this is what should be used for.  I might chat about other things too, but I aim to tag my postings to filter relevancy.