OSCP: level up irl, and other drivel

Long-ass fucking time. Quite honestly, I’ve been busy. Still am.

Quick update:

The electric death adder has been complete for some time, and is every bit as dangerous as one would expect. It can hit 20mph with very minimal effort on the riders part, and if you work for it, you know like if you were riding a fucking bike, you can hit 30mph.

Yea, death. More details on the beast in another post.

Zombie head, on indefinite pause, although I think about it from time to time, especially when I think about the Nvidia Jetson TK1 I got and booted twice. Fuck. $150 just sitting there depreciating. That board could be used for other interesting things though.. it’s basically a dumb computer strapped onto a decent video chip. Other things like, say, password cracking.

Yes, password cracking, which brings me to the latest endeavor that’s been a humongous source of effort and stress: The premier penetration testers training (hacking) and certification The OSCP.

The Meat:

The courses motto is “Try Harder”, and you better fucking believe it. I haven’t been this challenged by a subject in some time. Maybe ever.

As part of the course materials, you receive some training on exploit development on windows and linux (not in depth per-se, but you still have to manage register pointers in a debugger), sql injection, cross-compiling payloads and exploits, privilege escalation, service enumeration and identification, it goes on and on. It’s A LOT to take in. The saying ‘drinking from a fire-hose’ is aptly applied to the situation.

There’s lots of guys (and girls) out there that manage to get through the 3 months of lab time, crack all the boxes and get the cert in one go… but most of them seem to have already done a lot of work in the security arena already. Me, I started with a general interest in security I’m 6 months in and still don’t really expect myself to pass the exam this Sunday.

It’s very easy to see why, time. I just don’t/haven’t spent enough time in the labs working on this shit. Which, obviously, fucking of course, you need to do. Like anything, you gotta do it to do it.

I started out all fucking gung-ho and quickly realized the sheer scope of taking this on. You really learn about how operating system work, shit you never really thought about before, shit that’s critically important for security but is so often fucked up.

Update:

I attempted the exam, with worse than expected results. My inadequacies were brought into ultra-fine detail… I did not expect to pass, but I was not prepared for just how unprepared I really was.

Out of 100 points, 70 are required to pass and achieve the much coveted OSCP certification. I estimate, best case scenario, I got 20. Yea.

The upside though, I had a bit of a paradigm shift. Now it’s possible that through better habits and other shit I could have reached this new perspective, but then again, I don’t know. To reach a certain point you just have to go through the fuckery, gain experience and when the time is right the pieces that you’ve gathered can finally come together.

“Well, what the hell is that supposed to mean, Aaron? What the actual fuck does that vague platitudery supposed to mean?”, you might ask, and with good reason. Up until it was too late, I had been approaching the pentest, the systems in a certian way, with a certian mindset, focusing on the tools, frantically rabbiting around, bouncing around like a kid trying to do all the rides at the fair at the same time. OK, not that spastic, I had some method to my madness, but it lacked a process. I would forget to look at the big picture and end up in a rabbit hole. It is talked about a lot in the forums, and it is very easy to do, and can be hard to recognize when it’s happening. I would forget to take a step back and perceive the whole picture and enumerate. it’s an investigation, if you don’t have a good process for it, your data will be lacking and therefore the options.

Good shit.

I’ll be getting back into the fray yet again in a couple more weeks. A break has been very, very nice. Despite the definite burnout, this has gotten into my bones. I do this shit for fun now.

Don’t believe me? I started Diablo up the other night for some old fashioned monster killing, and ended up losing interest trying instead to get hashcat  working on the TK1 I picked up for the fucking zombie head. It was a smoking disaster of failed dependencies, sure, but I did that shit for fun. That little bastard WILL do hashes for me.

What did I learn about going into this again? Here’s my thoughts:

Fails:

  1. I over used the automated tools: metasploit, sqlmap. Good useful shit, but I need to go deeper, to.
  2. I moved too fast. Haste makes waste, your fucking grandma knows that.
  3. Shitty habits. I need more structured study times, better breaks, better rest.

Next time:

  1. Focusing on making or compiling each exploit. Making will endow a better understanding. Try harder.
  2. Priv-esc. This hurt me on the exam, try harder.
  3. Build out the local test tools. Set up a collection of linux and windows VMs for testing.
  4. Loot and collect from each machine. Where to look, what matters.
  5. Re-organize. My organization for an engagement can be better. It needs to be better than the fucking junk drawer in the kitchen.
  6. Better habits: Schedule study time and keep to it, regular breaks, meditate, exercise, no more fucking sleep deprivation.
Advertisements