So it’s been just about 2 weeks since I registered for my training for the OSCP. My training won’t start until July 13th, but in preparation for that training, I’ve decided to do some pre-training to get myself ready.
The preparation phase so far:
- PentesterLab (https://pentesterlab.com/)- Paid subscription
- OverTheWire WarGames (http://overthewire.org/wargames/)- Free CTF like challenges
- Codecademy (https://www.codecademy.com/)- Free coding tutorials
- Taking Notes/Organizing Bookmarks
PentesterLab:
I have to admit, I haven’t done as much on here as I planned to. Prior to starting this journey, I already had the Intro, Unix, Essential, PCAP, White, Serialize and Yellow badges completed.
So in the past 2 weeks, I’ve mostly been going back through some exercises I’ve already completed and taking better notes on what did and didn’t work and recreating some scripts I used to complete different labs.
OverTheWire:
So on OverTheWire, I’ve been focusing on the Natas challenges. The first 10 were pretty much a breeze, aside from some difficulty finding a directory on Level 10.
11 is where things jumped in difficulty by quite a bit. With some PHP tutorials, I was able to scrape my way through it, but I realized that I am missing out on a huge skill set by not knowing PHP. Yeah, I understand code to a point, I have written a number of scripts in Python, but I could not make heads or tails of some of the stuff I needed to do in PHP.
Because of this, I started taking a PHP tutorial course on Codecademy and was able to make it through Natas 12 and 13 without too much trouble. But for now, I’m pausing on doing too much more work on here until my PHP skills are stronger.
Codecademy:
I’ve used Codeacademy in the past to get some basic primers on stuff that I was doing in Python and to get a basic syntax understanding of Ruby and C#. Because PHP is so prevalent in web design though, and in the Natas challenges, I decided to kick off the course for PHP.
PHP has a number of similarities to Python, but there are some logic things that I’m definitely struggling with when differentiating between the two languages. So I think after I finish the Codecademy course, I’m going to kick over to some of the books I’ve gotten from various Humble Bundles to get more comfortable with the language.
Though I will say, I prefer the PHP interpreter to the Ruby one in Windows.
Notes/Bookmarks:
I have a pretty solid set of notes that make sense to me, but are really poorly organized. It’s a cheat sheet of commands I use on a regular basis for my normal job, but also a number of commands I’ve picked up over various CTFs, labs and research projects over the past few years that I’ll find useful on occasion.
The same goes for my collection of bookmarks, I have them broken down into various ‘attack’ and ‘defense’ categories, with links to all different articles and sites with theory, practical usage, exploit PoC and frameworks for different tools. This is a really nice list, but I’ve noticed that over the years a few of the links have gone dead and I end up needing to research them from scratch again.
Because of this, I’m making an effort to put all my notes into a wiki type format that is available to my team at work, but also something that I can eventually share with the community. My goal is that by the end of this journey that I will have a curated list of attacks, articles and links that are not only good for the OSCP, but anyone working in the InfoSec field.
Gobias Infosec Blog 