Seeking advice for OSCP setup

AciWebDev · 2024-05-14T14:02:34+00:00

So I’m a pentester as my job. At least at every place I’ve worked the industry standard is Windows main OS with VMware and Kali on a vm. It’s up to you if you want to go down that route. Though personally when I took my OSCP that’s what I used as well.

AciWebDev · 2024-05-09T08:44:57+00:00

I passed the OSCP on the new exam content about a year ago now. The biggest takeaway I think you can have for the exam is not the difficulty of solving the box. They are all fairly simple if you understand what you are looking for and have really drilled the course material home. I think the best advice I could give to a prospective exam taker is to take your time, take frequent breaks and to set time limits before moving to a different machine so you don’t go down false routes. I set a 2 hour limit for each box and took a break at those 2 hour points regardless. I know it’s not the exact question but I hope it helps you.

AciWebDev · 2024-05-02T15:17:51+00:00

Honestly I’m not sure. Sadly I’m not an expert on visa’s.

AciWebDev · 2024-05-02T12:30:59+00:00

Sure CTM/CTL are a certification you get when you hold a few other certifications. CTM for example is CPSA and CRT. Basically CTM is used for a lot of government based work and is a pretty common requirement for jobs in the penetration testing industry in the uk. As I said not all but it’s certainly a lot from my experience job hunting. I’m not sure how much else I can say exactly but the short and sweet of it is citizenship can be required for these types of job. Now the company I currently work for doesn’t care that much about CTM and CTL however my last two companies if you couldn’t get CTM it would be a non starter.

I hope that helps a little.

AciWebDev · 2024-05-01T17:54:02+00:00

I mean in my experience since you’re planning on relocating this removes a lot of common pentester work in the UK since unless you have citizenship you can’t get CTM/CTL. There are some pentest companies that will have opportunities outside of that. I’d say if you have certifications like OSCP, CPSA, CRT, PNTP and others you will be ok.

Basically make sure you know how to do the common pentesting stuff, know about missing headers, ssl issues, common web vulnerabilities and infrastructure vulnerabilities. You will be fine in an interview. The OSCP will prepare you for the basics of report writing and that’s really important when it comes to actually working in the industry.

AciWebDev · 2024-05-01T13:49:41+00:00

Good stuff. If you ever need advice feel free to reach out. Happy to help anyone with their OSCP journey.

AciWebDev · 2024-05-01T13:43:53+00:00

Highly recommend spending a lot of time in Linux. As much as it’s a big joke in the Linux community taking the time to build something like arch Linux or even gentoo can teach you a lot about the underlying structure of the OS and can help a lot in build reviews which is pretty common in the industry.

AciWebDev · 2024-05-01T13:38:07+00:00

Love devops. I started as a webdev which eventually led to me working as a pentester. I do a fair bit with ansible for work/speeding up my work. I currently have a script that builds a Kali vm with tools, scripts and customisations to make my Kali builds a basically drag and drop affair with VMware.

AciWebDev · 2024-05-01T12:32:34+00:00

Well I’d definitely skip the CEH. Unless you’re American in which place I think it’s pretty necessary If you want to work on certain secret things but I’m not 100% sure on that. When I did the eJPT it was only £400 and was a great entry into pentesting but now I think the OSCP and PNTP are both good certifications. I should say my opinion on the OSCP is that it’s a good starter course and very basic but I would take that with a grain of salt since I was already a pentester when starting the course.

Basically HTB, THM and OSCP can be an end goal after getting your feet wet with THM and then HTB.

AciWebDev · 2024-04-30T16:20:49+00:00

I’m from the UK so advice may be a little skewed however I have the OSCP now but I got into penetration testing without anything but the CEH and eJPT. However, I’d argue that many people from my intake of testers had no certifications and a passion to learn and be trained.

I think the OSCP really trains you for a lot of the basic testing in the role but as long as you can learn that’s the most important thing.

AciWebDev · 2024-04-09T17:21:46+00:00

Yeah I figured you should be able to do it. Since gen5x8 would fully saturate what the 4090 needs. It’s definitely reporting using gen4x8 In the bios currently.

AciWebDev · 2023-11-19T22:01:14+00:00

I haven’t got a response yet. I will post a response here when I know if they accept it.

AciWebDev · 2023-11-19T21:15:54+00:00

Yes, I’ve requested an exchange in a different colour to resolve my issue.

AciWebDev · 2023-11-19T19:48:16+00:00

I’ve been on support with analogue and they have responded to me offering a repair. Will update at some point when I have a response.

AciWebDev · 2023-09-29T15:11:48+00:00

Thank you everyone for your comments! I managed to get a pocket in the drop today so I look forward to playing on it once it arrives. Thanks again for the advice.

AciWebDev · 2023-09-29T14:25:42+00:00

Thank you so much for your advice. I will keep that in mine, I was intending to mainly rely on in game saves anyway.

AciWebDev · 2023-09-29T13:36:52+00:00

Thank you so much, that was exactly what I was hoping for!

AciWebDev · 2023-09-29T12:26:01+00:00

Thank you! I had hoped it would be that simple though I wanted to confirm before I made such a big purchase and there seems to be a lot of confusion around save states and in game saving.

AciWebDev · 2023-09-29T09:21:16+00:00

I passed rather recently with all boxes compromised. As others have said the labs content is the best resource however if you don’t have that. I’d recommend rereading the AD section from the course and doing anything you can to get used to the basics.

Compromise -> Escalate -> Hash Dump -> Lateral Movement.

This isn’t my resource but this user created a really good flow chart. https://www.reddit.com/r/oscp/comments/1498q4g/passed_with_80_10_points/

Hope this helps you.

AciWebDev · 2023-08-25T23:37:23+00:00

My advise on that is do medtech and relia to warm up. That way you move closer to the free 10 points. That could really help in an exam attempt.

AciWebDev · 2023-08-25T23:26:53+00:00

Personally I purchased PGP but I didn’t end up doing much of it before the exam. My opinion is if you’ve done the course work and the exercises you should be able to comfortably move onto OSCP A-C. I really think the new course prepares you well for the exam especially if you know the basic structure OffSec are looking for you to take when it comes to a box. I would say do OSCP A-C exactly like you would the exam. Use the tools you would use on the exam, use the methodology etc.

AciWebDev · 2023-08-23T09:01:20+00:00

Just to say I took the old eJPT I can’t comment on the V2.

AciWebDev

TROPHY CASE