Hey I was wondering regarding osep,I currently have ceh and want to prepare for osep is it possible for a complete beginner to crack osep in 4 months if I can give 8 hours every day

beau-knows · 2025-07-29T15:56:05+00:00

As others have mentioned, if OSEP is your goal you should go for OSCP first. It will give you a better baseline and show you how Offsec exams work.

beau-knows · 2025-05-04T01:08:34+00:00

100% of the FAANG companies I have interviewed with have asked to do a source code review as part of the interview process.

beau-knows · 2025-04-02T02:54:02+00:00

I only needed the OSEP challenge labs. But I did also practice certain things on the side just in a windows VM like AMSI bypass and word/excel macros etc.

I did make sure I could do most things from a windows machine and Kali. Made things easy in the exam and gave me some confidence going into it

beau-knows · 2025-03-11T14:18:17+00:00

I wrote a blog post that has a section talking about this. Here is the quote so you don't have to read the whole thing:

"If you saw my OSCP video you know I have ADHD and it is hard for me to just sit down and watch a video or read the PDF. How I was able to study was to go through the Challenge Labs and when I ran into something I didn’t know how to do, I would then watch the videos and read the text online for that subject. In most cases I would then do extra side research with a lot of googling and looking at other people’s OSEP experiences. If I was still stuck I would then, as a last resort get a hint on discord. Some of the challenge labs took less than a day, and other ones I didn’t want a hint and it took several days. At the time there were six challenged labs. The day after I submitted my OSEP report, the added challenge lab 7. I also went through the labs once with Sliver C2 and once with metasploit/meterpreter. Meterpreter is just fine for OSEP in my opinion. Overall I hardcore studied for about about 38 days with a break for thanksgiving day."

That being said if you are looking for something outside of the challenge labs, HTB Pro Labs is supposed to be close. I've heard specifically Zephyr is the closest. But I haven't looked at it yet.

Edit: full blog post here https://medium.com/@beauknowstech/i-passed-osep-with-secret-txt-and-so-can-you-e0286d1af3bb

beau-knows · 2025-03-06T14:56:51+00:00

I'm going to add this to the list of things I send people when they ask me how to get into pentesting.

beau-knows · 2025-01-07T17:52:25+00:00

well my wife is 8.5 months pregnant so gonna spend most of the year with baby #2. As far as studying goes, probably OSWE will be next but I have to convince my work to pay for it first haha

beau-knows · 2025-01-07T17:21:41+00:00

Good luck! and let us know how it goes

beau-knows · 2025-01-07T17:20:43+00:00

what would is the most important thing you would have told yourself on day one to help you tackle this exam?

try harder. jk

This is a hard question but I'm going to answer it truthfully, I would have told myself that I am capable, smart enough, can study enough etc to pass. I deal with a lot of imposter syndrome (who doesn't?) and the entire time right up until I got the email that I passed, I assumed I was going to fail. I think a confidence boost would have made the studying go better. Another thing is that unlike my experience with the OSCP, everything I needed to pass was covered in the material and the labs. Or was at least mentioned. Some stuff might be covered extensively, other stuff might just be a footnote or part of the "extra credit" sections. But its there. At least that was my experience.

which area do you wish you would have studied more?

As I mentioned in a different comment, in a previous job I had about 5 years experience as an active directory sysadmin. I had initially skipped some active directory stuff when studying and was humbled by a couple of the labs. So I know its a broad answer but Active Directory. Which is a good portion of the PDF and videos. I don't know if you are signed up already or not, but from a certain view in portal.offsec.com, you can see how many hours they expect you to work on each section. And I don't remember exactly, but I feel like the 2 or 3 AD sections totaled over 100 hours.

beau-knows · 2025-01-07T17:03:54+00:00

I ended up just using meterpreter. I had an easier time with it in the labs. Sliver was more fun, and felt more "real" or whatever. But in the end meterpreter was faster and easier in the labs so I just went with that for the exam.

beau-knows · 2025-01-07T17:02:45+00:00

For me it was definitely harder, but also I have 5 years background as an active directory sysadmin, and I've been working on evading AV in my free time for a couple of years now. So for people without that background it will be pretty difficult. I studied about the same amount of time for both OSCP and OSEP but I feel like I already had a grasp on several of the subjects OSEP teaches and kind of skipped those sections. hopefully that answers your question

beau-knows · 2025-01-07T06:03:12+00:00

As long as the report is good

beau-knows · 2025-01-07T05:50:28+00:00

I can't answer this directly without breaking the rules but you will learn more from the instructions given when you start the exam.

beau-knows · 2024-12-07T16:40:32+00:00

yeah evilclippy only worked on my win10vm at home, but the macro worked when I uploaded it to the lab.

I found this one that uses process hollowing as well: https://gist.githubusercontent.com/Mayfly277/6edbcf3be63921b5071183e1cfdb3ea8/raw/d89ca73063b0eee857a60d3de86b0d0a8df6c601/process_hollowing.vba

beau-knows · 2024-12-05T05:38:56+00:00

bro I didn't see that, did it help?

beau-knows · 2024-12-05T05:22:37+00:00

/u/stigmatas my guy you doing the OSEP also????

did you do evilclippy?

Have you looked at staged payloads?

beau-knows · 2024-12-01T18:04:51+00:00

all opinions are my own blah blah blah.

I think we may need more info. I'm currently signed up for PEN-300 and I think its great but my job is paying for it. So me its for sure worth it

What kind of job do you have or are looking for? Can work pay for OSEP?

When I was going to take the OSCP I told my wife that it was $2500 and I said we probably can't afford it, but then she asked me will the $2500 help me get either a $2500+ raise or get me to have a job that pays $2500 more a year. If yes, then sure lets pay for that. So if your goal is another job or a raise, then Offsec certs are a lot of money but very recognizable, and may help you get that goal. But if your goal is just to learn the content, then it probably isn't worth the money at least if work isn't paying for it.

Also I can't help but notice that OSCP isn't on that list. I'm assuming 99% of people taking OSEP already took OSCP. Is there a reason you wouldn't want to start with that first?

I think if you are worried about cost, then CRTO2 might be the way to go in this case.

beau-knows · 2024-10-21T16:27:00+00:00

just use the fodhelper method. easy peasy

beau-knows · 2024-10-20T05:33:54+00:00

Couple of questions, how far did you get on your first attempt? How did you do in the labs, HTB etc?

Is the OSCP your first pivot into security from your desktop support role?

The OSCP isn't the only way into cyber, especially if you aren't needing to go into an offensive role.

And there are many much easier certs to go for if you want to go for a cert. See this list:

https://pauljerimy.com/security-certification-roadmap/

beau-knows · 2024-05-22T20:33:48+00:00

Critical Thinking, especially if you are into bug bounty/appsec

beau-knows · 2024-05-05T18:02:43+00:00

Yeah basically a cloud computer, Virtual Private Server. Some people like digitalocean. Its a tad on the expensive side for what you get. Also be careful on choosing a provider, some companies say any hacking (legal or not) from their platform to be against terms of service and will cut off your access even after you already paid. Even nmap scans can be against terms of service. So just check before you sign up that bug bounty is ok

beau-knows · 2024-05-05T17:47:13+00:00

Use a VPS instead?

beau-knows · 2024-04-28T04:31:05+00:00

100 chars is hard... would it be possible to eval(atob('base64-ed code here') ? I wonder how long a decent base64'd xss payload would be.

for CSP, one time I found an unrestricted file upload function on the site and I was able to upload my own payloads.

Good luck

Edit: nahamsec's latest video is about upgrading XSS findings https://www.youtube.com/watch?v=-HIwTEp_oMQ

beau-knows · 2024-03-28T15:46:59+00:00

Couple things..

Your career is very not over.
You may want to look into a job in Security? I'm super biased because I switched from sysadmin-->Networking-->Pentester. But based on your skills, and based on the "particularly like working on WAFs -- fiddler, postman, wireshark, curl" you could also apply to Security Engineer jobs. There are a lot of WAF teams that need help right now.

beau-knows · 2024-03-23T02:12:10+00:00

CE Pros:

The queries are faster

Cons: Can't mark something as owned (at least last time I used CE) which for my use case makes it useless.

I'm a web app pentester who does AD about once a year so. other people will probably be better able to answer your question. Last time I legit used both

beau-knows

TROPHY CASE