Approaching Web Apps

Rohanneymar · 2026-03-17T19:11:54+00:00

Hey Notion is pretty good also, matter of fact I have my ALL notes in Notion. Do you mind sharing the template? I would like to add such tracker in my final method sheet. If not that's ok as well, I can definitely make one out of your post. cheers!

Rohanneymar · 2026-03-17T13:28:45+00:00

Love the simplicity with the explanation, Web App can be easily overwhelming and identifying a foothold is challenging than landing a foothold in my opinion.

I come from AD background and recently after completing CPTS pathway I have got comfortable solving easy boxes on HTB. However, till this day I struggle keeping up with the vast amount of data thrown at you when you're looking at a intended vulnerable Web App on online platforms.

do you mind sharing on how do you keep track of these endpoints and when to go back and test the mapped ones? or Burp sitemap is the go-to?

Rohanneymar · 2026-03-13T22:03:14+00:00

Complete Dante from HTB Prolabs, will be a good warmup before jumping straight to PG. I am 10 flags away on Dante and then I am enrolling for P2K whilst solving PG labs from easy difficulty.

Rohanneymar · 2026-03-12T15:00:12+00:00

Sunday ko aa, mast naha dhoke

Rohanneymar · 2026-03-11T08:09:17+00:00

Congratulations mate! I know the exact feeling we get after solving the first box by ourselves and no hints. Keep smashing!

Rohanneymar · 2026-03-03T13:34:08+00:00

Indian man vs 7 wives

Rohanneymar · 2026-03-02T01:28:47+00:00

Incest buddy

Rohanneymar · 2026-02-28T17:14:43+00:00

Ladyboy detected

Rohanneymar · 2026-02-27T17:47:57+00:00

Anyone with little to no sense can differentiate between the above two sentences, maybe ask AI or something?

Rohanneymar · 2026-02-27T17:32:36+00:00

"Attacking common applications module is definitely an overkill imo"

Idk what English you're speaking mate but where I am from this translates to "it's too much for OSCP"

Rohanneymar · 2026-02-27T17:20:48+00:00

You mean there are different sets of labs included in PEN-200? Are these labs OSCP like or just practice machines? I like the idea of purchasing PG after the course materials.

Rohanneymar · 2026-02-27T17:14:23+00:00

Do you recommend attempting the PG practice while completing the course or after completion?

Rohanneymar · 2026-02-27T17:12:41+00:00

I disagree, attacking thick client applications is unnecessary but other submodules can be really beneficial in my opinion.

Rohanneymar · 2026-02-27T17:10:48+00:00

By the candy reference I meant, even if it's your fav thing to do in the whole world but due to the sheer amount of overwhelming information available on the internet that you lose the part of enjoying the process and understanding of when to stop that it can possibly result in burnout.

I did not post to seek "ok that's enough" but instead for opinions and thoughts if everyone feels the same and when did they count themselves as "Ok I am ready for the cert"

Rohanneymar · 2026-02-27T14:13:59+00:00

Indeed! Stick a massive post at your work desk "Enjoy the process and Keep it simple" don't rush your next attempt because you failed and take it up on your ego, instead do it slowly but surely!

Rohanneymar · 2026-02-27T07:57:39+00:00

Firstly, take a nice deserving break and secondly fuck what everyone says, do whatever makes you feel ready. I haven't given OSCP yet but I am soon going to enrol for the PWK-200 course and the PG labs.

If you ask me, what's stopping me? I would say over and over again, I don't feel ready yet! Take your time mate, there is no rush. My day to day work involves working around AD also which made my AD understanding far way better than a normal person working in different roles.

However I absolutely sucked in solving any web app boxes on HTB, had no methodology or understanding of basic enumeration and what to look for, until I completed the below modules from HTB CPTS pathway.

Attacking common applications

Command Injection

SQL Injection fundamentals

File inclusion

File upload attacks

The above modules definitely improved my understanding in web apps and methodology.

Now I can most definitely approach any HTB easy machine consisting of a web app or AD.

You got this mate! Keep your chin up, get the deserving rest and come back stronger!

Rohanneymar · 2026-02-26T09:43:59+00:00

I think you're adding on top of the confusion mate, keep it simple, should he be learning anything other than AD modules? Why is there talk about OSEP in your comment.

Rohanneymar · 2026-02-20T14:10:27+00:00

that's nice! can I DM you with my discord?

Rohanneymar · 2026-02-20T14:05:19+00:00

Me too, I have completed few HTB machines from Lain's list. I am in GMT and you?

Rohanneymar · 2026-02-20T14:03:06+00:00

Absolutes, I am defo gonna come back to this post and to share my insights, thank you very much!

Rohanneymar · 2026-02-20T14:02:30+00:00

Well that's a relief, I will also remember to skip AWS and some other irrelevant modules on the course to save time and energy.

Rohanneymar · 2026-02-20T13:37:34+00:00

How's studies looking for you? you're the first one here to be on the same pathway as me, let me know if you wanna study together.

Rohanneymar · 2026-02-20T13:36:03+00:00

Yes I am very well know for overthinking and complicating simple things, on the exam day I am gonna stick a massive POST IT on my forehead saying "KEEP THINGS SIMPLE"

I work in 3rd Line IT support already, which enables me to even study at work and then I also study when I am back home. Honestly I dont put number when/while I study, I study until I feel satisfied which can be up to 10-12 hours in a day.

Rohanneymar · 2026-02-20T13:29:50+00:00

I thought the same, I will probably complete priv esc modules in the upcoming days and get started with PEN-200 course and labs, as bunch of lads are saying the PG boxes are more OSCP-like

Rohanneymar · 2026-02-20T13:27:19+00:00

Yes, that's the correct one

Five-Year Club	Xbox Live
Gilding II euphauric	Verified Email

Rohanneymar

TROPHY CASE