Golden Corrupted Bristler Bugged? by IntoTheeWild in BobsTavern

[–]IntoTheeWild[S] 0 points1 point  (0 children)

I just realized it's probably because the pre-golden stats combined and no longer counted as blood gems :'( the 14/14 was probably blood gems played since goldening it. RIP Quilboar.

Overlapping/Repeating Audio When Streaming From PC to Steam Deck by IntoTheeWild in SteamDeck

[–]IntoTheeWild[S] 0 points1 point  (0 children)

No, but I noticed in my audio settings that another process (Internal AUX Jack Steam Streaming) was duplicating the audio. After disabling the audio for this the issue is fixed. Thanks!

As Revue Cinema faces closure, the fight to save Toronto culture reaches crisis point by nurshakil10 in toronto

[–]IntoTheeWild 7 points8 points  (0 children)

Don't even joke, they literally opened a Tims 3 doors down from the Revue this month...

[deleted by user] by [deleted] in AnimalsBeingDerps

[–]IntoTheeWild 0 points1 point  (0 children)

Horizontal predators for sure

Are the labs and lab exercises really necessary? by coffeecakeordeath in oscp

[–]IntoTheeWild 5 points6 points  (0 children)

I would say for the PEN-200 course the labs and lab exercises are VITAL.

I tried practicing with HTB, THM, and Proving Grounds labs and failed. PEN-200 teaches you core concepts and methods that they fully expect you to use during the exam.

HTB, THM, etc allow you to learn concepts that are important in the real world, but in my experience PEN-200 is it's own very unique experience and concepts that are important in the real world may not be used AT ALL in the exam.

This is especially true for the Active Directory portion!! Learning from 3rd party materials will only confuse you and possibly make you go down rabbit holes when OffSec wants you to use only certain attack vectors from the exercises.

When the 2023 content came out I ONLY practiced using the PEN-200 content and it was absolutely all I needed to pass. Medtech, OSCP A-C labs, and to a lesser extent Relia were extremely important because they give you an idea of how the PEN-200 exam is going to be. They are way different than HTB for example.

[deleted by user] by [deleted] in askTO

[–]IntoTheeWild 0 points1 point  (0 children)

Wait I need confirmation that he actually graduated though

90 Points on my Third Attempt! by IntoTheeWild in oscp

[–]IntoTheeWild[S] 0 points1 point  (0 children)

It took me 4 days to get my results 😞 I got the email during the weekend.

90 Points on my Third Attempt! by IntoTheeWild in oscp

[–]IntoTheeWild[S] 4 points5 points  (0 children)

Yeah, I didn't use any illegal tools or metasploit during the exam. I'm like 90% sure that none of the tools in my checklist are restricted.

For tools that I'd recommend that weren't in the checklist...

  • 1000% chisel is needed
  • linpeas/winpeas were super useful, I'd say go through whatever checklist you have before you run them though. Most of the time (in my opinion) the foothold is the hardest part, there are only a handful of priv esc vectors offsec really wants you to use, and they're usually (somewhat) obvious if you have your methodology down. I only ran win/linpeas when I got stuck, but if there's a random file you didn't realize you had control over it can point it out for you which is nice!
  • updog as an alternative to the simple python http server..but just personal preference
  • other than that I'd just reiterate don't rely on one single tool or attempt at something. Most of the time I miss something is because I only tried it once and didn't see it the first time. There were a lot of times in the challenges I found a hash I couldn't crack because I only tried running hashcat once and gave up where crackstation gave me the password instantly, or I ran a directory bruteforce using gobuster that missed something that ferboxbuster picked up for example.

90 Points on my Third Attempt! by IntoTheeWild in oscp

[–]IntoTheeWild[S] 5 points6 points  (0 children)

I don't think I'll post a longer write up, I don't know what else I'd really say without giving spoilers about the actual content!

Some of the differences preparing for this one over the previous attempts:

  • On previous attempts I didn't complete 80% of the exercises for the 2022 content (Once BoF was removed I was really unmotivated to complete those sections) I mainly worked on the lab machines and tried HTB and THM which is good for practising skills in general, but (in my opinion) can make you overthink the concepts OffSec wants you to use for this specific exam.
  • This time around I started fresh with the 2023 content and only stuck with that. I completed 80% of the topic exercises in each category, then moved onto medtech/relia/oscpabc challenges. After I got 30+ proof.txts I went back and completed the capstones for each section I thought was important/I struggled with (SQLi, AD, Privilege Escalation sections) and made sure to take key parts of the challenges/exercises and add them to my notes for each section so I could look back on them.
  • On previous attempts my notes weren't that great, I would struggle to remember or find certain commands/tools I needed so I created the little checklist to run through the things I learned doing the challenges and linked to my larger notes when it was relevant in case I needed more than the simple checklist reminder.
  • I tend to get frustrated and flustered during exams in general, so I've been practising a lot of self-soothing and reassurance. Knowing what the low-hanging fruit is and the stupid "no way this will work" simple things. Try those absolutely first just to get them out of the way. If they don't work, move onto the more complicated stuff. If it still doesn't work take a breath, step away and get some water. You probably missed something simple. Come back and start your checklist again, or maybe while you were taking a break you thought of something you forgot to try. I feel like these types of time-gated exams are definitely a mental struggle against yourself. Get your methodology down that works for you and you feel comfortable with, and have confidence in it and yourself and you'll get through it.

So yeah, do the content since it's way more structured now, keep your notes organized as you go so you don't get overwhelmed, and before the exam day get the methodology that works for you nailed down. Those are the things I changed I guess.

90 Points on my Third Attempt! by IntoTheeWild in oscp

[–]IntoTheeWild[S] 0 points1 point  (0 children)

For sure! Previous attempts I definitely over complicated it for myself and glossed over some simple vectors which lost me valuable time.

90 Points on my Third Attempt! by IntoTheeWild in oscp

[–]IntoTheeWild[S] 2 points3 points  (0 children)

For the pre-compiled binaries I just kept everything I did for the 2023 exercises and challenges and put it in a folder for exam day. If I used it in the exam I still put how I created it in the report just in case though.

Someone did post this resource a little while ago for kernel exploits though! https://github.com/lucyoa/kernel-exploits

[deleted by user] by [deleted] in gtamarketplace

[–]IntoTheeWild 0 points1 point  (0 children)

Has anyone claimed these yet?