For someone wanting to start my OSCP in about two weeks this info was GOLD. I may want to go with manual pivoting to really learn it and then move over to sshuttle like you did. Love your content!
I should have watched this again, getting *NO* sleep during the full 24 hour exam was really an expensive mistake that I have done, just a privesc away from passing. Going back to my privesc output the next day made me realize that the solution was really easy. If you're someone taking the exam in the future please have some time to rest/sleep.
@@JSONSEC just got my CISSP and I’ve been on the GRC side of Cyber for the past 2 years but looking at getting into the red size of the house. I’ll be following your OSCP recommendations as I start from square one. I’ll be leaving out eJPT, PTS, etc…thanks for the great videos!
That's a lot useful info love to see your videos by the way I have a question:- I want to perform a mitm attack between a TCP telnet server and client and steal the unencrypted data... So I should just do ARP spoofing and run a sniffer to get the packets If it's all we need, can you do a practical please.....
Thanks for the tips, much appreciated! Question: if your company did not require you to do the PTP, would you have recommeded the PTP as an OSCP prerequisite? Looking forward to the hacking history videos!
This is a tough question.... I don't exactly see PTP as a pre-req as it covers more or less, all the same material but BETTER than the OSCP. What it lacks is the open labs to practice and the tough exam. I kind of see PTP as your University Degree where you learn and the OSCP like your Job Placement, where you get experience. PTP is a great thing to do prior as it will teach you well and teach all the underlying tech not just security concepts, but it'll make your journey longer and more expensive. So I guess it comes down to what your priorities are...
Hello, how are you guys? So, I want to master cyber security but I have 0 experience, the only experience I have with pc is playing games, 6 weak months of mysql workbench(that made me hunger for cyber security and help others stop getting scammed, since my folks lost almost all of their 20 years of savings getting hacked last year, I had to left college and no one was able to help) and a little bit of technical assistance(Im opening my own shop soon). Which path you recommend me going?
Thanks for the tips, I really appreciate them. You mentioned OSPG Play Machines and I have experimented with them, but still cannot figure out what I need to do. So frustrating. When I did e.g. the CEH course/labs, there was always an objective, like u have to hack into this windows machine and get that secret file, etc, whereas here no info is given as to the main target. Even when I click on the Walkthrough and try to follow it, it didn't work. They showed me some IP addresses that made no sense and even Nmap displayed that the host is unreahable... Could you help me, pls? Thanks
Maybe you're skillset isn't quite ready for the PG. Check out the Offensive Path on TryHackMe, it guides you through the methodology in the beginning and gradually gets you riding on your own 🙂
@@tallst1 I won't make any recommendations for you. Your experience and learning style may benefit from it. But if I were to do it all again I'd go straight to the labs
i want to ask a silly question. you mentioned that you worked as a developer too. can you say that working as a ethical hacker is generally "better" than working as a developer in terms of stress level, work-life-balance (do you have more peace in life) and so on, as long as you are not a very passionate programmer or very passionate ethical hacker. what does your objective observation say?
Wow great question! I suppose the context of the job is different. As a pentester you tend to work as a consultant so one client to the next, everything is time boxed so not much OT and good work life balance. Sometimes client after client can get a bit exhausting when theres no down time. Working as a dev you're typically internal and part of the project team. When deadlines approach you'll likely be doing OT. Plus you get a lot of people raising defects and last minute requirements. Though, Dev work definitely feels more creative. I can't objectively say which one is better, but it comes down to your working style, what you enjoy and how you are with other people.
Do you recommend the wptx? I have the option to take it, but am weighing it against just doing the burp certification. There aren’t too many appsec certs out there.
Good question. The port swigger material is shit tonnes better than ewptx but the cert is less known. Personally I'd be a pioneer and go the burp route. The cert is currently free till the end of the year too
For someone wanting to start my OSCP in about two weeks this info was GOLD. I may want to go with manual pivoting to really learn it and then move over to sshuttle like you did. Love your content!
Any updates on this?
How did you do bro
Did you sit your exam already or are you still studying?
Thanks for sharing the sshuttle, very nice tool. Also thanks a lot for sharing the paths.
good info! I was distracted waiting for the ghost to peek out from the open door
I should have watched this again, getting *NO* sleep during the full 24 hour exam was really an expensive mistake that I have done, just a privesc away from passing.
Going back to my privesc output the next day made me realize that the solution was really easy. If you're someone taking the exam in the future please have some time to rest/sleep.
Sounds exactly like my first attempt. Rest up and hit it again in a month! You got this
@@JSONSEC
just a shameless plug,
i passed the OSCP a month ago, did take breaks and other advices. Thanks again !
@@nate8824 hey woah congrats!! can u guide me with the resources to follow /roadmap ?
I'm gonna start my prep in a month or so 😅
By ssh shadow you mean ssh tunneling ?
SSHuttle =)
@@JSONSEC thank you so much.
It seems to be more about building up your methodology and knowing when to use certain tools and being exposed to all situations when using the tools.
Great summary
@@JSONSEC just got my CISSP and I’ve been on the GRC side of Cyber for the past 2 years but looking at getting into the red size of the house. I’ll be following your OSCP recommendations as I start from square one. I’ll be leaving out eJPT, PTS, etc…thanks for the great videos!
Yeah eJPT isn't worth the effort. Could just jump straight to PTP
Thank you again, Json.
Would mind adding the proposed path on the description? Thank you!
Sure!
@@JSONSEC Thanks legend!
That's a lot useful info love to see your videos by the way I have a question:-
I want to perform a mitm attack between a TCP telnet server and client and steal the unencrypted data...
So I should just do ARP spoofing and run a sniffer to get the packets
If it's all we need, can you do a practical please.....
Please do an exam prep guide!!
Already in the works!
Thanks for the tips, much appreciated! Question: if your company did not require you to do the PTP, would you have recommeded the PTP as an OSCP prerequisite? Looking forward to the hacking history videos!
This is a tough question.... I don't exactly see PTP as a pre-req as it covers more or less, all the same material but BETTER than the OSCP. What it lacks is the open labs to practice and the tough exam.
I kind of see PTP as your University Degree where you learn and the OSCP like your Job Placement, where you get experience.
PTP is a great thing to do prior as it will teach you well and teach all the underlying tech not just security concepts, but it'll make your journey longer and more expensive. So I guess it comes down to what your priorities are...
Hello, how are you guys? So, I want to master cyber security but I have 0 experience, the only experience I have with pc is playing games, 6 weak months of mysql workbench(that made me hunger for cyber security and help others stop getting scammed, since my folks lost almost all of their 20 years of savings getting hacked last year, I had to left college and no one was able to help) and a little bit of technical assistance(Im opening my own shop soon). Which path you recommend me going?
What my video on the Subject, How to build a cyber security Career
Tell me and what os we have learn when started hacking
You'll need to understand how to use Linux to really start
Thanks for the tips, I really appreciate them. You mentioned OSPG Play Machines and I have experimented with them, but still cannot figure out what I need to do. So frustrating. When I did e.g. the CEH course/labs, there was always an objective, like u have to hack into this windows machine and get that secret file, etc, whereas here no info is given as to the main target. Even when I click on the Walkthrough and try to follow it, it didn't work. They showed me some IP addresses that made no sense and even Nmap displayed that the host is unreahable... Could you help me, pls? Thanks
Maybe you're skillset isn't quite ready for the PG.
Check out the Offensive Path on TryHackMe, it guides you through the methodology in the beginning and gradually gets you riding on your own 🙂
@@JSONSEC Thanks
Thank you for the awesome info Json,i really love your videos, cheers from Romania!
Pleasure, I'd love to go back to Romania, I've only really spent time around Cluj-Napoca. Would love to explore more! Beautiful country!
Thanks for the information from somalia
Thanks for your insight!
So read the PWK material but skip the exercises + report and spend as much time in the labs?
I don't see much value in reading the material either. I just skimmed over it enough to satisfy the exercise criteria
@@JSONSEC oh wow, would this apply to someone who has only taken the PTS and some few HTB boxes from the Tj null's list? Thanks for the reply
@@tallst1 I won't make any recommendations for you. Your experience and learning style may benefit from it. But if I were to do it all again I'd go straight to the labs
i want to ask a silly question. you mentioned that you worked as a developer too. can you say that working as a ethical hacker is generally "better" than working as a developer in terms of stress level, work-life-balance (do you have more peace in life) and so on, as long as you are not a very passionate programmer or very passionate ethical hacker. what does your objective observation say?
Wow great question! I suppose the context of the job is different. As a pentester you tend to work as a consultant so one client to the next, everything is time boxed so not much OT and good work life balance. Sometimes client after client can get a bit exhausting when theres no down time.
Working as a dev you're typically internal and part of the project team. When deadlines approach you'll likely be doing OT. Plus you get a lot of people raising defects and last minute requirements. Though, Dev work definitely feels more creative.
I can't objectively say which one is better, but it comes down to your working style, what you enjoy and how you are with other people.
@@JSONSEC Thank you very much for the quick answer.
Do you recommend the wptx? I have the option to take it, but am weighing it against just doing the burp certification. There aren’t too many appsec certs out there.
Good question. The port swigger material is shit tonnes better than ewptx but the cert is less known.
Personally I'd be a pioneer and go the burp route. The cert is currently free till the end of the year too
can we do exam in virtual machine?
Yes
How did PTP help you with OSCP? THANKSSS
Taught the basic concepts, bof, pivoting, Linux ... Everything. OSCP was more like the work experience and ptp is like University
@@JSONSEC many thanks
@@JSONSEC hello, ptp in the one from elearning security!?
This is an amazing video bro thanks.
so between the 1st and the 2nd it was PG's? failed 1st too =(
Yeah pretty much, I think I started pg practice a week before my 1st
@@JSONSEC you meant your 2nd? id like to know what was your prep between the 2 exams
GREAT ADVICE
Did you say 39 hrs per week or 3 - 9 hrs per week?
39 per week
Good information!
Great video
Amazing video thanks very much
Sir, please share the links of vulnerable lab machines....😄
portal.offensive-security.com/control-panel
When I know I'm ready for the OSCP exam?
You never will...
Hey mate, great video. Would you still do your eptp before oscp if you were to do it for free ? Cheers
I did actually do the PTP a year prior to starting the OSCP. If I could do it for free? Hell yes!
No HacktheBox at all?
I wouldn't say none but it wouldn't be my main focus
@@JSONSEC thanks, didn't know about the proving grounds. Why not HTB as main focus? Ah, I hadn't reached 4:36 yet :)
This guy has such an Australian accent that a kangaroo jumped at me from the screen, WTF.
Oy! 🤣
I don't hear an accent
< < nom nom nom my brain can lift more lbs now with this info.
Thanks, but we use the metric system here 😂