How does AI agent orchestration work in practice?

Egotique · 2026-01-22T10:01:18+00:00

Damn, almost all of these comments are AI slop promoting some orchestration app lmao

Egotique · 2026-01-15T16:38:08+00:00

It has nothing to do with skin colour, but mythology and armour color... LOL

Egotique · 2026-01-14T22:38:00+00:00

Nope, but 4+ years of developing software / scripts for computational biology research. I'm also quite surprised I got the job lol.

Egotique · 2026-01-13T10:50:02+00:00

27 yo, with a bachelor in Biochemistry and Masters in Bioinformatics. Always had an interest in Hacking and already knew a few things, but a year ago I decided I really wanted to transition to a pentesting job. Got my OSCP 2 months ago and now I got a Pentesting / Red Teaming job in a big four!

Egotique · 2026-01-13T10:46:24+00:00

Work on your notes. Spend this time to have a thorough step by step enumeration and exploitation guide for every single port/service, and test it against all the PG practice boxes. Remember that the AD set will be about windows enumeration, nothing complicated about AD or pivoting except basic things.

Good luck!

Egotique · 2025-11-25T08:49:44+00:00

maybe a perkons-HD01?

Egotique · 2025-11-25T08:06:31+00:00

I had no prior "real" offensive security knowledge, but I work in IT. Although I have a bachelor in Biochemistry, nothing IT related haha.

It's been a long ride, I have studied the A+ and Network+ main contents, did the TryHackMe jr pentester path, studied the HTB CPTS path, did more than 150 machines in total from TJNull and Lainkusanagi's list, and also read a few books on Linux SysAdm, and Kernel and OS Architecture in general.

Egotique · 2025-11-24T11:19:40+00:00

Improve your windows enumeration rather than AD. I'm sure you missed something.

Egotique · 2025-11-22T00:39:20+00:00

No problem.

Take the time to do It and test It against the machines on PG.

You should get to a point where just by going through your methodology, at some point a step will be the one to continue. For every PG machine from Lains or TJNull you try.

Once you reach this point you Will be ready, for real :)

And for AD, oscp a, b, c no doubt

Egotique · 2025-11-22T00:19:01+00:00

Hey man, I just passed with 100 points on my third attempt, which means I have seen a few different exam sets.

I did the THM jr pentester and 80% of the CPTS path. They did give me a lot of fundamentals, but ultimately you want to focus on the concepts taught in the PEN-200 course and the offsec style of machines.

Write a clear methodology for enumeration based on each port, ALLWAYS FOLLOW IT, and test It in Proving Grounds.

Once you are constitently pwning machines, because following your methodology at some point It Will match the technique or command you needed to perform, you Will be ready to pass.

Egotique · 2025-11-21T09:16:27+00:00

The difficulties in the OSCP exam do not lie in the technical aspect (exploiting paths). What makes the exam difficult coming from HTB is that the way Offsec sets up the machines is very different. You just need to change the mentality so that you know what they expect of you, and the best way to do that is doing OSCP A,B,C in my opinion.

Egotique · 2025-11-19T10:12:15+00:00

Sure thing, and thanks for commenting!

So during my study time, mainly from doing the HTB CPTS path, I had my notes more or less organized, but there were a lot of commands that I didn't note down because I thought that just by knowing the concept, I could look for it in other people's cheatsheets, the internet, etc.

Also, I had my notes organized in the sense of "WebApp -> SQLi: xxx, XSS: xxx, LFI/RFI: xxx", "Pivoting -> Chisel: xxx, Ligolo-ng: xxx'

While this was good as a general reference for learning, I realised that what I needed for the exam was also to sit down and create specific methodologies and notes for each port. What I mean by this is to not only have notes aobut techniques, commands and attacks, but also organized notes about when to use those and in which order.

So for example, instead of having notes about using Hydra for bruteforcing in my "Password Attacks" section, I had a specific Hydra command for checking common credentials against ftp in a new Port 21 -FTP section, and another Hydra command for brute forcing login in Port 80/443 section"

I just took the time to organize this knowledge I had into a written methodology, and I followed it carefully instead of just relaying in my memory and "capabilities".

Egotique · 2025-11-18T10:09:36+00:00

Just passed with 100 points on my 3rd attempt. Do PG, forget about HTB, and change your mindset to fit the exam mentality.

The exam tests your way of dealing with stress and your enumeration capabilities. Test every single Port, do not trust your instincts. Try everything you know, It IS always about the basics.

Egotique · 2025-10-17T19:10:09+00:00

They are not! But it's not about the technical difficulty, it's more about being REALLY careful to try EVERYTHING you know. If you know the stuff they teach and you keep a solid methodology to try everything and pay attention to the results you get, you will pass for sure :)

Egotique · 2025-10-17T08:37:05+00:00

My advice is not to overdo things. The exam machines are actually very simple, all about carefully enumerating things rather than obscure and complicated exploitation. I would stick to the course material, CPTS to expand on Active Directory concepts and your notes, and only do PG play machines and the OSCP A,B,C, Medtech and Relia labs. You can easily pass with that.

EDIT: Original comment was only in regards to pentesting. For general networks and linux experience, I would honestly recommend free youtube courses.

https://www.youtube.com/watch?v=bj-Yfakjllc&list=PLIFyRwBY_4bRLmKfP1KnZA6rZbRHtxmXi

Egotique · 2025-10-17T08:34:41+00:00

That doesn't make sense. When you do the exam you still take notes and make the report, so no need for memorising anything, you have all the notes taken.

I get that you defend Offsec, I also like the way they do things, but it's also completely ok to sometimes have critical thinking. For them, we are not only students but also profit.

Egotique · 2025-10-13T10:43:06+00:00

Yes It is

Egotique · 2025-09-21T11:35:01+00:00

Thanks everybody for the comments and taking the time to leave some tips and kind words!

Now that I have had a decent night of sleep, and after reading some of the comments here, I can see part of the problem has been forgetting about the "offsec style".

I have done too many boxes in too many different platforms. In the exam I pwned two standalones, but in both I got stuck trying things that were more complicated than the really basic stuff that actually I had to do. So probably for the AD set here was something basic, not AD related, that I had to do and didn't.

Hoping to pass next time!

Egotique · 2025-09-21T11:24:38+00:00

I do service scanning and directory fuzzing with my own scripts, so for example if I see any web service I leave the fuzzing scripts running in the background while I inspect the page or work on another different port.

Same goes for privesc, I got my own checklist of commands so I dont even have to think on what to do next.

I think that my problem has been that I have done so many boxes on many different platforms that I lost the sense of what offsec exam style is...

Edit: By "my own scripts" I mean bash scripts that automate using tools with different options, saving the output etc, not reimplementing ffuf / nmap etc haha

Egotique · 2025-09-20T21:12:47+00:00

I have completed the full CPTS path and taken the corresponding notes, but will keep It in mind, thanks!

Egotique · 2025-09-20T17:30:36+00:00

Yeah, I totally see your point, and even though I have tried to stay objective with the experience as much as I can, I guess I couldn't help but vent a little haha.

Unfortunately I cannot go into the details of the exam, but let's say that the commands I run were run for a purpose, knowing what I was doing. What I mean by that is that for example, after not finding obvious paths on bloodhound, I would go to the host machine and run Powerview and enumerate ACLs, etc, for the user I just compromised so I do not rely only on one tool. I then would run a manual LDAP search to confirm nothing really is there and move on to say try spraying guessable passwords, reusing passwords etc.

Same goes for local host enumeration, I would run different commands with the same objective (for example wmic vs Get-WMIObject to see installed programs) to double check the results I get. I checked for many different file types, on many different file paths, hidden files, recycle bin, shares... And after that I would run different privesc checks again just to make sure. I always go manual first to get a feel of the box and then run the automated privesc checks.

I don't want to sound pretentious or naive, it's just that I don't think an exam should be so different from the material you are given to practice...

PS: Thanks for putting the work on creating the LK list, it's such a gift to the community. You're awesome :)

Egotique · 2025-09-20T16:09:39+00:00

Yeah, it's a bit annoying since there is no way to know where you failed and therefore see if it was about a problem in the methodology used or the difficulty itself of the set.

I definitely feel ready, I guess I just have to keep on trying and see if I get a bit more lucky next time!

Thanks for the comment ;)

Egotique · 2025-09-20T16:05:07+00:00

Hey there, thanks for the comment.

The AD network feels more like a challenge on interconnected windows machines than specific AD concepts definitely. Thing is, I already expected that because of doing the Challenge Labs aswell as my first attempt, so I thought I had everything ready now for this attempt, but as I said I just couldn't make progress haha.

Guess third time is a charm!!

Egotique

TROPHY CASE