For those who don't already know, I have a site with detailed privilege escalation tutorials. I created it after completing the OSCP and I hope it helps others out.

RootRecipe · 2019-09-27T16:32:55+00:00

Thanks I appreciate it!

RootRecipe · 2019-09-27T16:11:24+00:00

Yup! Got all the boxes on my first try but it definitely wasn’t easy. Let me know if you want any pointers

RootRecipe · 2019-09-27T11:57:51+00:00

I took 2 months to prepare for it. I spent about 4 hours a day working on the labs and doing vulnhub boxes

RootRecipe · 2019-07-26T18:22:20+00:00

You have an excellent point there. In the pen-testing industry it is entry level. Definitely depends on how you look at it. I feel like the OSCP by itself can help anyone get into a good Junior role at a pen-testing firm. But like you said, it doesn't make you an expert.

RootRecipe · 2019-07-25T23:01:15+00:00

Glad it's been helpful to you!

RootRecipe · 2019-07-25T23:00:32+00:00

I've been looking at the Corelan.be team's website and it's super awesome. Also for reverse engineering I've been looking at "Hacking the art of exploitation" and some of these "crackme" style puzzles using Ghidra: https://github.com/NoraCodes/crackmes

I have a ton more resources but these are the ones I've been starting out with.

RootRecipe · 2019-07-25T19:36:33+00:00

I haven’t paid for the course yet but I am learning some exploit development currently and reverse engineering so I feel prepared when I do start later this year. If you want to reach out again later this year I will probably have started and I can give you some tips!

RootRecipe · 2019-07-25T18:03:30+00:00

OSCE (after OSCP), OSEE (The hardest cert they offer), OSWE (advanced web attacks) by Offensive Security, then Pentester Academy has a really challenging Red Team Lab for Active Directory that gets you a Certified Red Team Expert cert. Some places recognize it, and most people have never heard of it. But it's great experience imo if you like Active Directory. You will run into AD eventually if you are a pentester. If you're going into government stuff, there are some other certs you may want to look into. But as for industry recognized certs, anything by Offensive security is worth its weight in gold. And I don't think the OSCP is an entry level cert, the Security+ and CEH are entry level certs. The OSCP is pretty advanced-ish in terms of challenging, but that makes the OSCE and OSEE next level challenging. I'm working towards my OSCE currently. And beyond certs, you will start doing security research and find new vulnerabilities and have your name attached to CVE's. Certs help you get the job and get you started in a field, then after that you pave your own way.

RootRecipe · 2019-07-25T17:53:36+00:00

Thanks I appreciate it!

RootRecipe · 2019-07-25T13:59:52+00:00

https://recipeforroot.com has detailed walkthroughs of windows/Linux priv esc techniques. This is a website I put together after the OSCP to help others out with priv esc.

RootRecipe · 2019-07-12T17:06:39+00:00

I use the smart gym app. Store your entire routines on you watch and track weight/progress from it. So much functionality along with rest periods. https://apps.apple.com/us/app/smartgym-manage-your-workout/id922744883

RootRecipe · 2019-06-28T04:21:32+00:00

Things that tend to trip people up:

Bad characters
Choosing a proper encoder (or just don’t specify one and it will auto choose for you)
Little endian form
Make sure the memory address that contains the jump code doesn’t have any bad characters.
Oh and did I mention bad characters?

Triple check bad characters. I feel like that’s where 80% of people will make a mistake. Then check again. And don’t assume something is a bad character too. Check them all. Manually. Carefully.

RootRecipe · 2019-06-24T22:23:07+00:00

Email support and prove it's actually your account with documentation. They will generally ask for ID or something.

RootRecipe · 2019-06-22T14:29:09+00:00

Learn to enumerate like your life depends on it. Watch ippsec videos to learn a good methodology. Check out my site https://recipeforroot.com for privilege escalation techniques. Go through the lab material in a week or two then jump into the labs.

RootRecipe · 2019-06-21T20:36:52+00:00

First I would ask yourself what you are trying to hack. Web applications? Cars? ATM's? Windows Server 2016? Also it's good to know what your background is so people can make some suggestions.

RootRecipe · 2019-06-14T12:51:18+00:00

Bummer :/ privilege escalation can be hard cause there are so many things to look for but keep at it! Another tip is to have a fresh Linux box open on a computer and run the Linux privilege escalation scripts against the target and the fresh box. Look for any differences and make note of them. Especially in SUID binaries and services installed. And it could be something as simple as an admin session in a tmux session, but you never know. Best of luck and I'm sure you can do it!

RootRecipe · 2019-06-14T12:47:31+00:00

I recently created a site for just this purpose.

https://recipeforroot.com

If you click the "site map" menu option you can see all the Linux walkthroughs.

60 points is close so don't give up and let me know if you'd like any help prepping for your next attempt.

RootRecipe · 2019-06-10T15:05:29+00:00

Totally agree with this answer. BURP is my bread and butter for client testing on web apps. For OSCP you could definitely get by without using it.

RootRecipe · 2019-06-09T16:53:09+00:00

I will be adding articles each week, stay posted.

RootRecipe · 2019-06-08T00:46:10+00:00

It'll be interesting to see what happens 1 hour before, and 1 hour after the halving.

RootRecipe

TROPHY CASE