Previously I talked about enumeration being the most important stage of any penetration test. Building on this, my opinion is that the next most important stage of a penetration test is post exploitation. Simply running an exploit and gaining access or a shell on a system can be valuable, but finding out what you can do … Continue reading OSCP Prep – Episode 10: Exploits (Part 2) →

This week, I decided to take a small detour and study web application testing before continuing to post exploitation techniques. Like any software, web applications may have a range of vulnerabilities when secure coding methods are not followed. Vulnerabilities in web applications are most commonly associated with improper input handling, allowing attackers to inject malicious … Continue reading OSCP Prep – Episode 9: Web App Attacks →

This was a fun chapter to study, learning about password and the methods that can be used to crack them. Although the awareness regarding the need for password strength appears to be increasing, there are still an overwhelming number of cases where weak passwords are used, or even a general lack of password policy in … Continue reading OSCP Prep – Episode 8: Password Cracking →

Finally, after studying a range of theoretical concepts and collecting even more information, I began to exploit my virtual machines. Some of the exploits are complicated whilst some are as simple of abusing default configuration passwords, but all exploits are dangerous in the wrong hands. This section about running the exploits almost exclusively uses vulnerabilities … Continue reading OSCP Prep – Episode 7: Exploits (Part 1) →

A bonus second post for the week this time around, mainly because I had some extra time to study and this is only going to be a short post briefly covering a couple of traffic capture tools. This is because I have tried to keep my study as specific to the OSCP exam as possible … Continue reading OSCP Prep – Episode 6: Sniffing Traffic →

This post is a direct follow up to the previous one, and is also considered part of the Enumeration phase of penetration testing. After gathering general information, the next step is to start searching for vulnerabilities that might exist on a system. Any potential vulnerabilities are then noted down to provide a starting point for the … Continue reading OSCP Prep – Episode 5: Searching for Vulnerabilities →

Backtracking a little bit from the Metasploit framework I covered last week, I decided to spend a significant amount of time on information gathering, otherwise known as Enumeration. There are plenty of methods you can use to find out information, with some pieces of information more valuable than others. Nevertheless, it is important to take due … Continue reading OSCP Prep – Episode 4: Searching for Information →

After a few weeks of set-up and familiarizing myself with the basics, this week I began to do what felt like some actual penetration testing. Although I do not feel as though these previous weeks were in vain, I'll admit that it at times it has been a grind to get through. I was therefore … Continue reading OSCP Prep – Episode 3: Baby’s First Pen Test →

After setting up my virtual labs, I decided to go back and read Chapter 0 of Gerogia's book titled Penetration Testing Primer. Although I already had a fairly good understanding of the penetration testing basics, I figured extra revision wouldn't hurt. The primer chapter covered the different types of penetration tests, as well as the stages … Continue reading OSCP Prep – Episode 2: The Basics →