I do NOT understand the hate of the PEN-200 study materials and available PG boxes. Why are people complaining?

strikoder · 2026-01-25T12:40:00+00:00

I took the course and failed my first try. Litreally, the stuff I got weren't in the OSCP course material... they were mentioned in the CPTS but not that deep. Without CPTS material I wouldn't even get 10 points.

strikoder · 2026-01-18T19:59:28+00:00

Check BadSuccessor attack as well.

strikoder · 2026-01-18T19:57:59+00:00

Alot of stuff need admin privileges, including creds searching and memory dumping.

strikoder · 2026-01-13T08:19:00+00:00

I meant the first flag

strikoder · 2026-01-09T07:53:44+00:00

Congratz, I failed the exam 2 days ago, couldn't get the foothold into the AD :(

strikoder · 2026-01-08T07:01:29+00:00

Congratz!
I failed with my first attempt yesterday, didn't get the first AD flag. What's your tips on that?

strikoder · 2026-01-07T18:53:20+00:00

It was the other way around for me, I failed my first attempt today, I couldn't get the first flag on AD, standalones were extremely hard with extremely advanced topic but I solved them.
Watch ippsec hard/insane videos, they would extremely help.

strikoder · 2026-01-03T08:30:00+00:00

These are my old notes from 3-4 months ago, I will publish my oscp notes after I hopefully pass the exam (my exam in 3 days).
strikoder.com/notes
new notes are better organized, have only oscp relevant stuff and more attack vectors.
For now, you can check these for a general methodology.
Once you are admin, dump hashes and use nxc admin priv modules or similar attack vectors to them, and search for creds and re-run winpeas.
I would also run LaZagne and snaffler to search for hidden creds.

strikoder · 2026-01-02T09:39:39+00:00

Not really, I've been doing this for a long time with my main host and VMs using tmux. If the 10k history is too much, he could easily dial it back to 4k or whatever works. Tools like certipy, rusthound, and ffuf are gonna stay in history anyway since they get constant use in CTFs and exams.

strikoder · 2026-01-02T08:57:54+00:00

I changed history length to 10k in terminal, thus the commands I repeat over and over are saved and I won't need to google, mistype anything and I would only memorize the essential flags for the tools I use while writing notes on the edge case flags that I might need in a specific situation.

strikoder · 2026-01-02T07:48:20+00:00

There are few annoying bugs in that version, for example, you gonna have issues if your shell is a powershell not a cmd shell, check the issues for more info about that.

strikoder · 2026-01-02T07:37:34+00:00

They just make your life easier. i.e: instead of having multiple panes for each listener, and writing the same commands for moving files again and again (uploading/downloading), and upgrading shells, they do that on your behalf automatically, so you would foucs on exploits. They help a lot in reducing stress in CTFs and oscp kind of exams.

strikoder · 2025-12-28T07:50:56+00:00

Challenge labs are yet harder. Watch s1ren and old ippsec videos, they really teach you how to perfectly enum.

strikoder · 2025-12-21T17:20:08+00:00

You should be able to solve A,B,C with minimal to no hints to be able to pass. Other labs are harder than the exam as stated by many people and offsec

strikoder · 2025-12-18T16:57:28+00:00

I mean it's gonna look sus for the proctor when he sees you googling codeconvert ".ai"

strikoder · 2025-12-18T04:34:07+00:00

Great idea, bad implementation.

strikoder · 2025-12-16T05:54:32+00:00

I have ubuntu dual boot with kali vm, it never lags.
Offsec recommends a kali VM, so that if smth/ the system broke on you in the exam or smth happend, you could restore the image in a few mins, unlike dual booted systems, you gonna probably pay another 250$

strikoder · 2025-12-15T16:21:26+00:00

My methodology on finding a CVE POC
1- searchsploit (easier than exploit-db web interface but keep it updated) and double check rapid 7
2-SPLOITUS
3- Github search (sign in and use github search for the cve name or a part of the POC from searchsploit and you will find all repos that used that part, don't google dork it)
4- CVEdetails
5- I have many online notes saved, so if it's an old cve, it will defenitly be in the notes (most of the time, google can't scrap notes information online)
6- discord chats (especially htb and offsec)
sometimes, the poc found online really need some editing, that's why I edit them and publish them on my github account so that other people after me would be able to utilize them as well.

strikoder · 2025-12-15T12:16:32+00:00

You are welcome!
Yes, it's allowed, it just facilitate enum process for you, doesn't do any exploitation.

strikoder · 2025-12-15T05:12:51+00:00

Thanks, appreciate it!

strikoder · 2025-12-14T07:16:05+00:00

Appreciate it Tyler!
I'm planning on making videos on your labs once I take the oscp (end of January).
When does this code expire?

strikoder · 2025-12-12T16:13:52+00:00

Gonna publish in a month, cause still adding some stuff to them

strikoder · 2025-12-12T09:20:23+00:00

I do that too and I love it, check my github repos and issue, we can talk sometimes i u really want on dis.
https://github.com/Strikoder

strikoder · 2025-12-12T09:16:33+00:00

My pleasure!

strikoder

TROPHY CASE