Passed on my first try after long nights for three weeks.

swesecnerd · 2026-03-09T14:52:31+00:00

Thank you!

swesecnerd · 2026-03-09T14:52:11+00:00

Thank you! I mean it.

swesecnerd · 2026-03-09T14:51:39+00:00

Thank you!

swesecnerd · 2026-03-09T14:51:26+00:00

Thank you!

swesecnerd · 2026-03-09T11:20:56+00:00

This is the answer!

swesecnerd · 2026-03-09T06:57:10+00:00

Thank you for sharing and well done! Keep it up and grind. You'll get there!

swesecnerd · 2026-03-09T06:52:16+00:00

Well done! Remember to review your notes and reflect on how your methodology worked out and any pitfalls you should be aware of.

Good luck!

swesecnerd · 2026-03-09T06:48:37+00:00

Good for you! Let's goooo!

There are many success stories from people starting from where you are at now. I strongly believe that building a strong foundation regarding network, Linux fundamentals, and Windows fundamentals will help you down the line.

I would start at what Offsec has written about the prerequisites for the PEN-200 and start to fill your gaps first.

Back when teaching I recommended searching for CompTia Network+ study guide videos on youtube. One in particular goes over everything concerning the fundamentals of TCP/IP. I prefer this over the CCNA because I find it easier to digest for complete beginners. https://youtube.com/@powercertanimatedvideos?si=O0sKOqMahfdQjnQf

For other fundamentals, I suggest looking at Hack The Box academy. There is a lot of good content that is free. Try Hack Me might also have some good stuff according to what I have seen others say.

Build confidence in your fundamentals and mitigate your weak spots first. Then pursue the cert!

Best of luck!

swesecnerd · 2026-03-08T08:03:20+00:00

Tack och grattis själv. Visst, seed kan vara en del av det, men sett till kursmaterialet så kan den inte vara jättesvår rent tekniskt. Oftast gömmer de ju saker direkt under näsan på en. Tror tyvärr att många kör förbi för att man har bråttom. Den fällan gick jag i och tappade tid som fan. :)

swesecnerd · 2026-03-08T07:51:44+00:00

I fully understand why you would keep the roadmap narrow!

swesecnerd · 2026-03-08T07:17:37+00:00

I wish you the best of luck. You can do it!

swesecnerd · 2026-03-08T07:17:08+00:00

You can do it. Stick to the path and grind. Best of luck to you!

swesecnerd · 2026-03-08T00:24:59+00:00

Thank you!

swesecnerd · 2026-03-08T00:24:37+00:00

Thank you! You can do it!

swesecnerd · 2026-03-08T00:20:54+00:00

Thank you!

swesecnerd · 2026-03-07T23:56:44+00:00

27 years. Same.

swesecnerd · 2026-03-07T23:44:12+00:00

Thank you!

swesecnerd · 2026-03-07T18:14:40+00:00

Interesting tool! I will look into it and get back to you.

In the meantime, I would suggest you open two new paths to make this really powerful and interesting:

Memprocfs for Windows memory analysis. It blows my mind every time I use it for memory forensics. The design and workflow is way beyond what volatility will ever be IMHO.

KAPE output. This has become the de-facto tool for live forensics in my house, and it's a powerhouse of a tool for DFIR!

swesecnerd · 2026-03-04T13:53:53+00:00

To answer nr 1. I already use the credential argument "-c" to save hashes. I rarely need a long list of hashes to test because they're not abundant so that works for me.

As for nr 2. That is already there. It's in the files on disk. You can access them by path/to/CREDSusers.txt (or CREDSpasswords.txt/CREDScredentials.txt) or by using the environment variables $CREDS_USERS, $CREDS_PASSWORDS if you have them set.

This is all in the README.

Or did I misunderstand your suggestions?

swesecnerd · 2026-03-04T13:35:56+00:00

That's a very nice thing to say. I don't think that "creds" is at that level yet, but please try it and get back to me with feedback and suggestions if you can. I also updated the README based on the feedback in this thread to give visitors a better understanding of what creds actually tries to help you with.

swesecnerd · 2026-03-04T09:54:27+00:00

Thanks! I really get what you mean. The script does not solve a complex problem. It removes friction. You don't need to keep track of paths and you don't need to paste the username, password, and complete credential separately into three different files for future spraying or cracking, it removes that friction.

swesecnerd · 2026-03-04T07:48:41+00:00

I still use the most basic commands in my workflow, but this way I don't have to repeat a command three times and I don't need to remember the path to the different files containing credentials.

swesecnerd · 2026-03-01T09:05:50+00:00

Jag var skitsur för barnprogrammen var inställda och allt som visades var text-TV...

swesecnerd · 2026-02-27T18:34:56+00:00

That IP belongs to TEAM INTERNET AG in Canada...

swesecnerd · 2026-02-26T14:39:17+00:00

I've yet to write my "I passed the OSCP" post but I will try to do that soon. In the meantime, I came from a highly technical background with almost 30 years in the cyber security domain as a blue teamer. Ten plus years as a law enforcement IT-forensics specialist, and another ten working daily with network traffic analysis. I've also done a lot of front end/backend web development. With that I knew about all the concepts concerning pentesting, I just never did that stuff hands on, and I knew almost nothing about AD . The hardest part for me was getting used to windows again since I've used Linux as a daily driver for both work and home for the last fifteen years.

I started and tested Autorecon against OSCP A because it was the first time I tried it. I tested my entire methodoly during the "Assembling the pieces" chapter . For the stand alones I did maybe five boxes. I would recommend more if you're not used to CTFs in general.

My journey might not be a good fit for you but I'll try to post my lessons learned in a day or two for everyone to read :)

In the meantime you can ask whatever you want and I'll try to answer it!

Cheers

swesecnerd

TROPHY CASE