Page 1 of 1

Thought I'd say Hi

PostPosted: Tue Apr 25, 2017 5:07 am
by Jbraithwaite
Hi....

Some may remember I was quite active on here a while ago and then dropped off the face of the earth. Back then I was kind of new to hacking, and tried to participate in CTF's and just ended up embarrassed by my efforts. Felt that being a member of a hacking site was a step up from where I was so I went away and hit the books.

I studied for the OSCP, passed it, and ended up getting a job as a junior Pen Tester. I'm also a member of HackOne and Bugcrowd an hopefully SynAck Red Team. It's been a pretty steep learning curve but determination won out in the end. Little tasks I had trouble with before just get wiped out, and now I'm writing Python scripts to do web app tasks. Something I never thought possible.

I've found a few bugs on bug bounties for kudos so far, and I'm sure that'll get better. There's a massive gap between vulnerable programs like DVWA and bug bounties. Don't let anyone tell you that it's the natural progression from entry level programs, it's not. Anyway, I wanted to list a few resources that have helped me so far

Infrastructure Testing

Vulnhub.com (Thee premier place for vulnerable VM's)
Metasploitable 2 & 3

Web app Testing

Webgoat
Damn Vulnerable Web App
Mutillidae
bWAPP

Privilege Escalation

g0tmilks blog (Linux)
Fuzzysec 16 (Windows)

General

That's a good starter with a hell of a lot of content to keep anyone busy for months. There's a few things that I wish I had learned before heading into everything and it kind of held me back a bit during OSCP.

Linux file permissions can make or break you. If you don't have a clue what they are about, you have no chance of attempting most manual privilege escalation route. Also how to navigate around the Linux file system and find things quickly. Not all Linux kernels have a local root exploit.

All in all I'd strongly agree that hacking is a journey. There is no end to it. The more you learn, the less you know, and it kills you, which is why you keep pressing on to learn. I wouldn't say I was a hacker even at this point. There's still a ton to learn and I'm sure it'll get to a respectable level one day but keep your mind open, hit the books and only after you've exhausted all avenues should you ask anyone.

Build up a trusted set of friends and participate equally to gain trust. Don't be a help vampire and leech off more experienced people. They'll just dump you quick.

Anyway I'm out so keep learning, and stay safe :)

Re: Thought I'd say Hi

PostPosted: Wed Apr 26, 2017 11:41 pm
by ghostheadx2
How long were you practicing hacking for before you took the OSCP course? What did you study before that? It requires a high amount of skill doesn't it? I want to one day be able to do it myself.

Re: Thought I'd say Hi

PostPosted: Thu Apr 27, 2017 2:55 am
by Jbraithwaite
OSCP is regarded as entry level to get into Pen Testing. Anyone can start it. Just be good with Linux. Most of it is just self discovery. Nothing is straight forward as you see in proofs of concept. Alteration of exploit files is required. Creating your own scripts isn't necessary. Everything is there for you. You just need to learn, apply, learn apply, and try harder :)

Re: Thought I'd say Hi

PostPosted: Sat Apr 29, 2017 12:52 am
by ghostheadx2
Could someone with a Linux Essentials cert do OSCP?

-- Sat Apr 29, 2017 12:58 am --

I mean I'm still working on my CCNA and then I'm going to do Security+ soon but I was just wondering because I thought that would make sense to do that as soon as I have my Security+ and someone at 2600 (not my school this time, but a hacker group online) told me that it wasn't possible to do OSCP without years of experience based on talking to his friend.

Re: Thought I'd say Hi

PostPosted: Tue May 02, 2017 5:24 am
by pretentious
Jbraithwaite wrote:Privilege Escalation

g0tmilks blog (Linux)
Fuzzysec 16 (Windows)

Thanks for this. I've always been curious about local privilege escalation and you've reminded me to look into it