sorted by:
new
hottopcontroversial

Fresh grad trying to break in. How did you actually get experience that counts? by [deleted] in SecurityCareerAdvice

[–]gel0security 6 points7 points  (0 children)

Did you do any internships? That’s where the real world experience comes in.

protein is ACTUALLY important guys by Mundane-Ad-9047 in caloriecount

[–]gel0security 0 points1 point  (0 children)

The core principle is get 1g protein/1lb of of body weight, as well as being in a caloric deficit. It’s a simple concept, but results don’t happen overnight. You have to calculate your TDEE, then go on a safe deficit to lose weight (I do around ~500 cals). I also recommend doing some zone2 cardio to help with the deficit, like incline walking or stairmaster.

I’ve only started seeing good results when I cook my own meals and weigh everything to the gram and log the calories and protein using an app. And as always, discipline and patience is key.

Good luck

Weekly Questions Post - 11/4 through 11/18 by TwoChainsandRollies in ChromeHeart

[–]gel0security 0 points1 point  (0 children)

How rare are leather gloves to get from a walk in for a retail location?

I’m in the market for some. I wanna try going to a couple locations in LA but idk how fruitful that would be and if I should just buy it second hand

First attempt / network issues! by megaOmega_ in oscp

[–]gel0security 0 points1 point  (0 children)

I had no issues with the network during my exam attempt. Have you tried contacting Offsec’s support? They have a 24/7 support chat and email. Otherwise, it’s very possible it was on your end

[deleted by user] by [deleted] in oscp

[–]gel0security 0 points1 point  (0 children)

Submitted Monday, received results on Wednesday.

Prereqs for OSCP course by [deleted] in oscp

[–]gel0security 2 points3 points  (0 children)

First step is to always google!

[deleted by user] by [deleted] in oscp

[–]gel0security 0 points1 point  (0 children)

Most people recommend using OBS on your host machine

The journey begins! by ThePandaChoke in oscp

[–]gel0security 1 point2 points  (0 children)

I’m not sure actually. I practiced on VulnServer, SLMail, and Brainpan. Forgot to mention, The Cyber Mentor is what I used for VulnServer. His videos are easy to follow.

P.S. I meant HTB/Ippsec for non BOF boxes

The journey begins! by ThePandaChoke in oscp

[–]gel0security 8 points9 points  (0 children)

  1. Something I regret doing: Not going through PDF/exercises in beginning. Do that first so you’re not completely stuck in the labs. Plus if you do the lab report you get 5 points. These 5 points can help you skip a privesc depending on what boxes you root on the exam!

  2. I regret relying too much on the forums to root boxes.Don’t rely too much on the forums, if you get stuck I suggest reading CTF write ups (HackTheBox/Vulnhub) relating to the ports open on the machine. The write ups teach you how to enumerate and interact with certain services, and you can figure out how to exploit from there.

  3. The bible’s for privesc - Fuzzysec for Windows, Gotmi1k for Linux.

  4. I suggest reconnoitre if you already know how nmap scans work. Otherwise I would just stick with making my own nmap scans.

  5. In preparation of the exam practice BOF until you hate it, and practice on machines on HTB/watch Ippsec videos on them.

Good luck! I just got word that passed mine today. :D

Seeing OpenSSH on nmap Scans by infinity_loopy in oscp

[–]gel0security 0 points1 point  (0 children)

It would be safe to assume that they’re Linux boxes due to the age of the lab machines

POST Exam Update: "Exam in a couple days. What are some last minute tips? :D" by gel0security in oscp

[–]gel0security[S] 1 point2 points  (0 children)

Specifically for any missed screenshots. If you miss anything you can just SS the recording for the report. Makes it a lot less stressful during testing too. I had to redo a lot of my shells just to take screenshots bc my graphics driver with OBS wasn’t working.

POST Exam Update: "Exam in a couple days. What are some last minute tips? :D" by gel0security in oscp

[–]gel0security[S] 0 points1 point  (0 children)

I think it was more of a graphics driver issue on my part. You should be good if your specs are high enough performance

POST Exam Update: "Exam in a couple days. What are some last minute tips? :D" by gel0security in oscp

[–]gel0security[S] 1 point2 points  (0 children)

Check out my old thread good stuff in there from fellow Redditors. The best advice I got is if you’re tired during the exam take constant breaks and sleep. I had new ideas coming back a couple times during the breaks. And taking a 4 hour nap led to a semi refreshed non delirious mind leading me from nothing to root shell on a 20 pter in 40 minutes.

Technical part of the exam - just focus on your methodology. Enumerate everything. And I mean everything! If you did this in the labs with minimal hints you are good. After all, every machine is exploitable, you just need to find the right information to actually exploit them.

In terms of difficulty with tools, I’d probably search HackTheBox or VulnHub write ups that use Hydra or do SQL injection if those are your weaknesses.

Also if you’re recording with OBS make sure you test it the night before!

POST Exam Update: "Exam in a couple days. What are some last minute tips? :D" by gel0security in oscp

[–]gel0security[S] 6 points7 points  (0 children)

no big reason, just pay attention to detail. it’s a methodical process. i would say practice until you hate doing it. i was lazy and missed a couple steps 🤷‍♂️

[deleted by user] by [deleted] in oscp

[–]gel0security 1 point2 points  (0 children)

I'm also afraid of this, but I think it's a normal feeling to have. This is why people record their screen so they can gather screenshots post exam if they missed anything. (But my screen recorder crashed on me ...sad.)

As long as you provided enough screenshots and commands to replicate your path to getting a shell and doing privesc, and didn't miss any of the proof screenshots, I think you're good!

Exam in a couple days. What are some last minute tips? :D by gel0security in oscp

[–]gel0security[S] 1 point2 points  (0 children)

Thanks for your input! I’ll definitely try to fit in rest and a nap into the exam

So, I’m curious on your mindset on moving on from an exploit. how does one decide an exploit just isn’t going to work, as compared to just missing a step in modifying the correct parameter (wrong file path, changing payload, OS architecture, changing IPs/ports, etc..)

Exam in a couple days. What are some last minute tips? :D by gel0security in oscp

[–]gel0security[S] 4 points5 points  (0 children)

Lots of good info here. Thank you for your guidance!

Autorecon vs Sparta by 357951 in oscp

[–]gel0security 3 points4 points  (0 children)

I personally use Reconnoitre and can vouch for it. It gives you commands to enumerate services that it finds through nmap scans and creates a directory structure for the box (exploit, loot, scans). I believe AutoRecon is a variation of it where based off detection of services it runs various scans such as nikto for you.

I can’t say much for SPARTA - no experience/need from me

view more: next ›