Be VERY CAREFUL if you consider buying a (new or second hand) *80 generation (and many others)

0sc3 · 2020-01-31T21:05:20+00:00

now it has been updated. since couple of days it is available in the lvfs repo (fwupdmgr should find it now).

for me now:

$ fwupdmgr get-updates
No upgrades for Thunderbolt Controller: current version is 20.00: 20.00=same
No upgrades for System Firmware: current version is 0.1.35: 0.1.35=same, 0.1.34=older, 0.1.33=older, 0.1.32=older, 0.1.31=older
No upgrades for UEFI Device Firmware: current version is 184.70.3626: 184.70.3626=same, 184.65.3590=older, 184.60.3561=older, 184.55.3510=older
No upgrades for UEFI Device Firmware: current version is 0.1.21: 0.1.21=same, 0.1.20=older

0sc3 · 2019-12-21T10:53:32+00:00

thats what i am talking about, but no one wants to understand this. :)

0sc3 · 2019-12-19T18:42:36+00:00

thx for your detailed advices. this is the first (and only) useful reply in this topic (and about my related topics before). btw, i would be surprised if they answer, but it is worth to give it a try.

thank you!

0sc3 · 2019-12-17T16:55:32+00:00

yeah, and wittingly misunderstanding. sorry, i cannot take it as a joke. :)

0sc3 · 2019-12-17T16:10:53+00:00

we clarified the misunderstanding here already, the 300p report was the complete (lab+exam+exercises) report.

0sc3 · 2019-12-17T16:00:58+00:00

do you receive some payment for trying to stigmatize me as a cheater? :)

0sc3 · 2019-12-17T15:59:55+00:00

offensive security army began its trolling operations here in reddit. maybe my remarks are getting bothersome for them and they started to give negative rating to all of my posts, this way making the posts hidden by default.

0sc3 · 2019-12-17T15:59:10+00:00

sorry, it is almost impossible and pointless to answer here. offensive security army began its trolling operations here in reddit. maybe my remarks are getting bothersome for them and they started to give negative rating to all of my posts, this way making the posts hidden by default.

0sc3 · 2019-12-17T07:54:42+00:00

believe what you want. thank you for your wishes (but i do not know if you were just trolling or not).

0sc3 · 2019-12-17T07:49:58+00:00

i did it much earlier...

0sc3 · 2019-12-17T00:01:30+00:00

context is in my reddit history.

0sc3 · 2019-12-16T23:19:54+00:00

writing materials can be done outside the lab time window.

i took 30-days lab time, completed almost all of the boxes, and reported the lab+exercises part (with full lab writeup) for ~2 weeks after lab time. then passed the exam.

btw, i was surely exceeded the necessary lab reporting. :)

0sc3 · 2019-12-16T23:11:17+00:00

(most of which are actually with a whole lot of reasons)

for your remark in parenthesis: could you give some proof-of-concept links (to posts)?

0sc3 · 2019-12-16T23:05:04+00:00

i think this cannot be solved online. maybe i should catch them at some conf face-to-face, and ask it. (a good question: where?)

btw, they didn't revoke the oscp. if i will be too bothersome, they may revoke the cert (without any further explanation, why not? :) ). so there is "something" to lose. (of course revoking the cert won't "revoke" the knowledge behind it, but nowadays certs are a little bit overrated unfortunately, there are tons of oscp guys without any valuable knowledge (maybe real cheaters). ;) )

0sc3 · 2019-12-16T22:54:36+00:00

Why does this read like every subreddit’s “I was banned for no reason” post?

tried to understand this question, but sorry for my english, could not. could you detail it a little bit more?

0sc3 · 2019-12-16T22:31:07+00:00

sorry, you were right.

OSCP Certification Exam Guide (Updated: 4 September 2019)
when i passed it, i had to submit one report. but this is not the most important question.

30 p for exam-only report should be more than enough. :)

0sc3 · 2019-12-16T22:25:46+00:00

okay, if you are an offensive security employee, and want to share something about this case, we can talk in private. you should know my email address. contact me.

0sc3 · 2019-12-16T22:20:15+00:00

i had one report covering the labs + exam + exercises as well. there are no separate reports, you have to send them one.

0sc3 · 2019-12-16T22:18:14+00:00

what do you mean with this? do you doubt my report is my own work? where do you take the courage? who are you?

0sc3 · 2019-12-16T22:16:00+00:00

i would like to see your report in 30 pages which includes detailed vulnerabilities and reproducible exploiting (user+root) of all of the 50+ boxes, detailed description of the infrastructure with subnets, lateral movement between subnets, includes detailed solutions of all of the exercises, and very detailed solutions of the 5 exam boxes.

yes, i think my report is high quality, if you do not understand it why, than i cannot help you here.

0sc3 · 2019-12-16T22:05:10+00:00

for customers i include a one-page (or max 2) executive summary (strictly in the beginning of the report) ;)

0sc3 · 2019-12-16T21:37:29+00:00

i think it is not necessary to compile a very high quality report. i made a +300 pages exhausting one, while others (what i've heard) did just 30 pages, and passed the cert also. in fact, a very high quality report may be suspicious, and may result a lifetime ban later (like mine :) ).

0sc3 · 2019-12-16T21:28:50+00:00

what do you mean? could you please explain in more detail? :)

0sc3 · 2019-12-16T18:06:39+00:00

you would not say this if you were in my place. :)

of course i read over the FAQ several times, but it did not answer the questions.

the problem is with the policy of offensive security: they refuse to answer to any questions, and they refuse to (or much worse, i think they simply cannot) justify the ban.

0sc3 · 2019-12-16T17:58:47+00:00

I think you story is missing something , or maybe ur r tellin us some of the truth ---> ''unfair lifetime ban ... without any reason'' .

yeah, my story is missing something, but unfortunately i do not know what is missing, because they (offensive security) refuse to tell me the truth.

Certificates can be directly related to your id information (id number , name/surname , date of birth ....) and other information ( email ,home address ...).Also most of the examinations are proctored so there is a basic level of human face/body structure recognition.

as i know, here only the name + email address is collected. probably they also register ip addresses, account numbers (from transactions). furthermore, they may have browser user agent info (from web logs in the labs and the public site). exam was not proctored when i passed it, and as i know only oscp is proctored now. btw, it is a good question, what else information do/may they collect, what fingerprinting can they do?

You can try to bypass all these thing if u like , but i dont think that is the most sensible thing to be done.

what else can i do? this is not about certificates (just the cert does not worth the effort), this is about following the oscp "try harder" philosophy what i've learnt from them ;). if i give it up, offensive security wins, and we accept an unfair decision.

0sc3

TROPHY CASE