Thought I'd say Hi

General technological topics without their own forum go here

Thought I'd say Hi

Post by Jbraithwaite on Tue Apr 25, 2017 5:07 am
([msg=93634]see Thought I'd say Hi[/msg])

Hi....

Some may remember I was quite active on here a while ago and then dropped off the face of the earth. Back then I was kind of new to hacking, and tried to participate in CTF's and just ended up embarrassed by my efforts. Felt that being a member of a hacking site was a step up from where I was so I went away and hit the books.

I studied for the OSCP, passed it, and ended up getting a job as a junior Pen Tester. I'm also a member of HackOne and Bugcrowd an hopefully SynAck Red Team. It's been a pretty steep learning curve but determination won out in the end. Little tasks I had trouble with before just get wiped out, and now I'm writing Python scripts to do web app tasks. Something I never thought possible.

I've found a few bugs on bug bounties for kudos so far, and I'm sure that'll get better. There's a massive gap between vulnerable programs like DVWA and bug bounties. Don't let anyone tell you that it's the natural progression from entry level programs, it's not. Anyway, I wanted to list a few resources that have helped me so far

Infrastructure Testing

Vulnhub.com (Thee premier place for vulnerable VM's)
Metasploitable 2 & 3

Web app Testing

Webgoat
Damn Vulnerable Web App
Mutillidae
bWAPP

Privilege Escalation

g0tmilks blog (Linux)
Fuzzysec 16 (Windows)

General

That's a good starter with a hell of a lot of content to keep anyone busy for months. There's a few things that I wish I had learned before heading into everything and it kind of held me back a bit during OSCP.

Linux file permissions can make or break you. If you don't have a clue what they are about, you have no chance of attempting most manual privilege escalation route. Also how to navigate around the Linux file system and find things quickly. Not all Linux kernels have a local root exploit.

All in all I'd strongly agree that hacking is a journey. There is no end to it. The more you learn, the less you know, and it kills you, which is why you keep pressing on to learn. I wouldn't say I was a hacker even at this point. There's still a ton to learn and I'm sure it'll get to a respectable level one day but keep your mind open, hit the books and only after you've exhausted all avenues should you ask anyone.

Build up a trusted set of friends and participate equally to gain trust. Don't be a help vampire and leech off more experienced people. They'll just dump you quick.

Anyway I'm out so keep learning, and stay safe :)
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


Re: Thought I'd say Hi

Post by ghostheadx2 on Wed Apr 26, 2017 11:41 pm
([msg=93637]see Re: Thought I'd say Hi[/msg])

How long were you practicing hacking for before you took the OSCP course? What did you study before that? It requires a high amount of skill doesn't it? I want to one day be able to do it myself.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Thought I'd say Hi

Post by Jbraithwaite on Thu Apr 27, 2017 2:55 am
([msg=93641]see Re: Thought I'd say Hi[/msg])

OSCP is regarded as entry level to get into Pen Testing. Anyone can start it. Just be good with Linux. Most of it is just self discovery. Nothing is straight forward as you see in proofs of concept. Alteration of exploit files is required. Creating your own scripts isn't necessary. Everything is there for you. You just need to learn, apply, learn apply, and try harder :)
In training....
Jbraithwaite
Poster
Poster
 
Posts: 198
Joined: Tue Nov 10, 2015 4:35 am
Location: Whatever my VPN says.
Blog: View Blog (0)


Re: Thought I'd say Hi

Post by ghostheadx2 on Sat Apr 29, 2017 12:52 am
([msg=93649]see Re: Thought I'd say Hi[/msg])

Could someone with a Linux Essentials cert do OSCP?

-- Sat Apr 29, 2017 12:58 am --

I mean I'm still working on my CCNA and then I'm going to do Security+ soon but I was just wondering because I thought that would make sense to do that as soon as I have my Security+ and someone at 2600 (not my school this time, but a hacker group online) told me that it wasn't possible to do OSCP without years of experience based on talking to his friend.
ghostheadx2
Contributor
Contributor
 
Posts: 728
Joined: Wed Nov 19, 2014 1:19 am
Blog: View Blog (0)


Re: Thought I'd say Hi

Post by pretentious on Tue May 02, 2017 5:24 am
([msg=93659]see Re: Thought I'd say Hi[/msg])

Jbraithwaite wrote:Privilege Escalation

g0tmilks blog (Linux)
Fuzzysec 16 (Windows)

Thanks for this. I've always been curious about local privilege escalation and you've reminded me to look into it
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1217
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests

cron