Category: OSCP Prep

OSCP Prep Episode 15 – HackTheBox and a Confirmed Start Date

So the title basically gives the crux of this post away. My OSCP course start date has been confirmed for October 21st! After months of preparation, I'll finally be starting the OSCP PwK course exactly a week from today. I'm extremely excited at the prospect of getting stuck in with both the course and lab … Continue reading OSCP Prep Episode 15 – HackTheBox and a Confirmed Start Date

OSCP Prep Episode 14 – HackTheBox and Reconnoitre

Continuing on from last week, this week I owned more machines on the HackTheBox platform. I have been a bit lost as to what the best way forward is for me at this stage, as I personally feel ready to start the OSCP and don't feel I can gain too much more from theory in … Continue reading OSCP Prep Episode 14 – HackTheBox and Reconnoitre

OSCP Prep Episode 13 – HackTheBox and Back to Basics

Having done the Kioptrix series of vulnerable machines, I decided to head over to HackTheBox and attempt some of their beginner machines. I had heard good things about the HackTheBox platform in the past, and having now used it, I can't stress enough how amazing of a resource it is. After signing up, you are … Continue reading OSCP Prep Episode 13 – HackTheBox and Back to Basics

OSCP Prep: Episode 12 – Kioptrix 1-4 Vulnerable Machines

I gave some thought into how I wanted to approach these next few weeks after finishing the Hands on Introduction to Hacking book. My main toss up ended up being between attempting beginner boxes and gaining some practical experience or reading another book for more theoretical knowledge. Ultimately, I decided to just give some boxes … Continue reading OSCP Prep: Episode 12 – Kioptrix 1-4 Vulnerable Machines

OSCP Prep – Episode 11: Client Side Attacks

Client side exploitation is penetration testing from a different perspective. The other attacks I have covered so far have all required direct access to a network to be successful, which has become increasingly difficult as network engineers and software developers strengthen their 'perimeter' defenses. As a result, client side attacks, where users unwittingly open the … Continue reading OSCP Prep – Episode 11: Client Side Attacks

OSCP Prep – Episode 10: Exploits (Part 2)

Previously I talked about enumeration being the most important stage of any penetration test. Building on this, my opinion is that the next most important stage of a penetration test is post exploitation. Simply running an exploit and gaining access or a shell on a system can be valuable, but finding out what you can do … Continue reading OSCP Prep – Episode 10: Exploits (Part 2)

OSCP Prep – Episode 9: Web App Attacks

This week, I decided to take a small detour and study web application testing before continuing to post exploitation techniques. Like any software, web applications may have a range of vulnerabilities when secure coding methods are not followed. Vulnerabilities in web applications are most commonly associated with improper input handling, allowing attackers to inject malicious … Continue reading OSCP Prep – Episode 9: Web App Attacks

OSCP Prep – Episode 8: Password Cracking

This was a fun chapter to study, learning about password and the methods that can be used to crack them. Although the awareness regarding the need for password strength appears to be increasing, there are still an overwhelming number of cases where weak passwords are used, or even a general lack of password policy in … Continue reading OSCP Prep – Episode 8: Password Cracking

OSCP Prep – Episode 7: Exploits (Part 1)

Finally, after studying a range of theoretical concepts and collecting even more information, I began to exploit my virtual machines. Some of the exploits are complicated whilst some are as simple of abusing default configuration passwords, but all exploits are dangerous in the wrong hands. This section about running the exploits almost exclusively uses vulnerabilities … Continue reading OSCP Prep – Episode 7: Exploits (Part 1)