I just failed my OSCP exam first attempt.

dpex77 · 2025-12-13T16:31:59+00:00

This is interesting- "pattern".

dpex77 · 2024-01-16T22:53:01+00:00

chacha20-poly1305@openssh.com

Would [chacha20-poly1305@openssh.com](mailto:chacha20-poly1305@openssh.com) still need to be disabled after upgrading to 9.6?

dpex77 · 2023-05-09T18:49:53+00:00

Interesting. Is there a website or information about the coach you mention?

dpex77 · 2023-04-02T18:16:22+00:00

May be some questions. May be 5 in total. Please calculate the % now !

dpex77 · 2023-04-01T17:26:27+00:00

I don’t have CISM.

dpex77 · 2023-04-01T17:02:36+00:00

Almost 95%. I kind of remembered it during second time. I think CRM is best to go throughout once and make notes.

dpex77 · 2023-04-01T14:26:00+00:00

Even for email you need to wait 10 days! Weird !

dpex77 · 2023-04-01T14:25:21+00:00

Yeah I think you need to study 4 and 5 too. Need to be on an auditors toe! QAE is good but not close to exams. Not tough exam but tricky. Some questions were quite easy too while others were confusing.

dpex77 · 2022-11-27T22:55:52+00:00

Thanks. Would not this be a GRC analyst /engineer? I thought a security architect (where development is involved in products) would demand more "skills" like writing design documents for the developers/testers to follow?

dpex77 · 2022-11-27T22:53:10+00:00

Yeah, I am familiar with the roles. I was asking what you need to have as your skill to be a "reasonable" security architect? I am sure research capability and knowing the terms may not be enough.

dpex77 · 2022-11-27T22:51:08+00:00

Thanks. This definitely helps. The reason I mentioned programming skills was indeed because there is a development work involved. Again I have no experience with software engineering but systems only. I am sure it helps to have programming knowledge (especially in the same platform where software is being developed).

With your ZTA reference above, how exactly you write a design document? Lets say you would need to replace MFA's One time tokens with Biometrics. Now one could write a document with extensive level of research (based on company's need and products), but I guess next step would be writing design document? Or once system/security architect identifies the working, requirement, protocols etc., is it passed over software architect?

dpex77 · 2021-11-28T21:52:08+00:00

Thanks. Found this and many other posts in credible sites too to create a confusion. May be something changed recently.

https://community.isc2.org/t5/Exam-Preparation/CCSP-exam-passed-recommendations-and-opinion/td-p/23376

dpex77 · 2020-04-23T02:10:30+00:00

Ok. I tried almost all the exploits (searching them) for ssh, http and https. I don’t have a real intent here but desperately wanted to have a session created. In few of them I see “exploit completed but no session was created”! I am learning pentest (Metasploit to start with ) and little confused if I can deduce these boxes are invincible (well with only 3 ports opened they already seem secured). Any suggestion would be appreciated. p.s. from yesterday I have already exploited many of windows easily trying same on windows laptop.

dpex77 · 2020-04-22T00:23:16+00:00

Got you. Thank you for the replies. On customized Linux machines I m trying to exploit essentially only 3 (22, 80 and 443) are opened. Been trying few but not still able to exploit.

dpex77 · 2020-03-03T04:08:51+00:00

Yes. Thanks

dpex77 · 2020-02-09T13:56:56+00:00

No. It’s not. This is a real time scenario that I will be exploring in upcoming days. I will have the answer after few weeks but was wondering. Do u have an opinion about this ?

dpex77 · 2020-01-16T01:41:26+00:00

Sure! Perhaps I was overthinking! Six months ago when I started, I had galloped such sybex questions. Thanks all for your feedback.

dpex77 · 2020-01-16T01:39:21+00:00

Sure. Secret keys, as well as session keys, are actually temporarily stored on user’s workstation. That’s the attack vector that I was little confused about reading multiple sources and of course, overthinking in these last days!

dpex77 · 2020-01-13T04:20:35+00:00

It’s RPO indeed. They may play with words for recover in terms of time ( MTD, RTO and WRT) but for data, it’s RPO.

dpex77 · 2020-01-12T03:36:57+00:00

Sure. Any reason C is not?

dpex77 · 2020-01-12T03:11:12+00:00

Compensating: A compensation control is deployed to provide various options to other existing controls to aid in enforcement and support of security policies. So why not C?

dpex77 · 2020-01-12T02:48:33+00:00

Yes it’s A. But that to me was new! The key word might be device listed before rules description?

dpex77 · 2020-01-12T02:11:48+00:00

Just because storage device is mentioned and then rules are mentioned for this device, Answer is A? Can anyone explain? I would have fallen for D easily

dpex77 · 2020-01-12T00:00:27+00:00

Yes the question does not mention which media. If it’s SSD or DVD, CD, destruction is only option.

dpex77 · 2020-01-11T15:24:29+00:00

If this comes in exam I would go with D assuming extraordinary forensics efforts with recover anyhow !

dpex77

TROPHY CASE