Just wanted to add my support for writing things down *first* . If it works, awesome, it's a little less for you to write later, if not, you at least know what steps *didn't* work. It's really helped me to slow down.
I got one question, do you think I should learn for the CCNA First before learning for the OSCP? I know some networking already, but I'm just wondering if I should dive deep into CCNA, networking in general?
@@ziomeq8141 if you absolutely zero networks knowledge at least TCP/IP basics then yes you'll need to do some extra learning before the oscp. The ccna is more focused on Cisco systems which isn't a bad thing if the job you want is in networking. From a pentester perspective, knowledge of the systems you're attacking is crucial so the ccna could definitely help with that if attacking those types of systems. I'd say not overly useful for the oscp, and definitely not required, but furthering your knowledge of networking protocols is definitely a benefit for the oscp. Network+ is a great alternative to the ccna if you want something more generic. To answer your question, no it's absolutely not required and a deep dive in the ccna will not help you for oscp prep, pentesting machines will be your biggest aid.
Thanks for the comment. To be honest I didn't complete a lot, but I've dabbled in a lot of stuff on there and it's a fantastic resource. Focus on the ad enumeration and attack modules, the advanced modules are a little out of scope for OSCP. Whatever you struggle with, make it your focus, don't know something and it's on there, give it a look!
I feel like i can ask this question tk you and you will be the perfect person to answer, feel free tk make a video later but i am looking for answer to get direction ASAP. I have already bought LearnOne. Don't have any previous experience, now while preparing for OSCP what additional studd should I learn amd places that would help me increase my chances of clearing the exam? And how should i proceed with the study material with the aim to learn as much as possible and clear the exam?
Right so I'll give you an ordered list and how I would do things. HTB Tryhackme Vulnhub HTB academy Ippsec Cybermentor priv esc courses Proving grounds practice / play You absolutely need lab time, if you're very new get your head into the HTB labs and follow the beginner pathway and get an understanding of things. While you're doing that go over the PEN200 course contents and thing should hopefully start clicking. It's a majorly steep learning curve if you're an absolute beginner it will be difficult and frustrating but keep persevering. Everyone takes in information differently so try different things and see what works, but more than anything get your head in the labs!! Do as many as you can and focus on your weaknesses! Get AD labs in, I highly recommend the pro labs from HTB, do dante and other beginner AD lab sets, they will really help you. I am releasing more videos soon about specific attack chains for active directory, so subscribe and stay tuned. It's made for OSCP / CRTP students to learn from.
I didn't really complete any specific courses I just had at very basic courses, as they're very in depth. Active directory enumeration and attacks are a good module, all in all anything on there you're struggling with, will definitely help you on your journey
How did u handle consulting writeups when doing practice boxes, be it PG or HTB etc. At what point should I throw in the towel and just consult some answers. I feel like im spending too much time just banging my head against the wall trying to find stuff when I'm still not very familar with in actually doing hands on (vs knowing in theory)
If you don't know something you don't know it, you've got to learn somehow by using the various tools you have. Looking at hints and writeups is great and as long as you do it correctly you will benefit from it. For me personally I noticed a theme, and for most I think this is the same, lack of thorough enumeration, and the times when it wasn't related to my enumeration I simply had no idea what this exploit or attack vector was, but that comes with experience and that is when writeups are useful. Set a timer, e.g. 3 hours for local and root, 1.5 for each or whatever you need. If by that time you have set you haven't got anywhere, use a hint or look at a writeup SPARINGLY. I cannot stress this enough, if you crutch and rely on others for your thought process, you will never develop. So to answer it depends, heavily on you as a person and what task you are faced with. My only advice would be, to try and limit your writeup usage, only when absolutely necessary and utterly stuck.
From somebody who did all of TJ Nulls PG Practice recommended boxes and failed the exam.. I’d say the #1 thing I did wrong was jumping too quickly to writeups. It’s weird but troubleshooting and getting used to searching through a ton of pages for your answer is a muscle that’s very much needed on the exam
@@gunnar-ai Yes I'd agree. Train and practice how you fight, if you absolutely rely on writeups and don't have a developed understanding or methodology you will not succeed.
It comes with time and experience the more you do something the better you will become. Although it is a bad mindset, a lot of CTFs run fairly similar and some just have patterns, it's the nature of the beast. It more comes with experience overall, a developed knowledge and understanding to think a little differently. Watch videos of different hackers, Offsec videos, s1ren, ippsec etc they all will really help you. Different perspectives is crucial as that diversity will introduce new concepts and ways of thinking to you.
In my experience if I had just taken the course content as gospel and not done my own research and preparation, I would have failed. Some attack paths although very very basic, are not directly taught by the course curriculum (as far as I remember). As stated in the video I did not use very many resources from the course due to development before purchasing, but after looking at the course contents, specific attack chains are not mentioned. You can never over prepare and I highly recommend doing as much as possible to prep for the exam.
you really need to speak slower and more clearly. Other than that, great video. Don't speak like you are explaining something to your mates. Speak like you are explaining something to a much wider audience, whose first language may or may not be english.
Thank you for the critique this is a recurring thing for me. I've recorded some material last night and will go and reassess to try and improve my dialect and speech work. Thank you
@@SecTricks2023 all good buddy. On my own channel, It took me a while to get it down but with time its not a problem. @BytesizedSec btw if you fancy giving it a follow. It's also all about hacking.
Yeah, I'm American and speak incredibly fast, but damn I had a hard time following some of this. I think if you're a Brit it might be easier to pick up
Oh, look. I subbed!
The meme themed thumbnail is on point. Great explanation.
Thank you! More coming soon
Just wanted to add my support for writing things down *first* . If it works, awesome, it's a little less for you to write later, if not, you at least know what steps *didn't* work. It's really helped me to slow down.
Good practice for most things, especially things which require a logical process. Thanks for your comment
@@SecTricks2023 congrats on the cert, sir.
I got one question, do you think I should learn for the CCNA First before learning for the OSCP? I know some networking already, but I'm just wondering if I should dive deep into CCNA, networking in general?
@@ziomeq8141 if you absolutely zero networks knowledge at least TCP/IP basics then yes you'll need to do some extra learning before the oscp. The ccna is more focused on Cisco systems which isn't a bad thing if the job you want is in networking. From a pentester perspective, knowledge of the systems you're attacking is crucial so the ccna could definitely help with that if attacking those types of systems. I'd say not overly useful for the oscp, and definitely not required, but furthering your knowledge of networking protocols is definitely a benefit for the oscp. Network+ is a great alternative to the ccna if you want something more generic. To answer your question, no it's absolutely not required and a deep dive in the ccna will not help you for oscp prep, pentesting machines will be your biggest aid.
Doing ccna first in my case
No, this is a Cisco exam, there are better networking exams if you feel you need to get one. Maybe the first part of CCNA would not be bad.
Hi SecTricks how long, or much of of HTB Academy did you do? Did you do the CPTS from HTB.
Great job on your OSCP 👍🏼
Thanks for the comment. To be honest I didn't complete a lot, but I've dabbled in a lot of stuff on there and it's a fantastic resource. Focus on the ad enumeration and attack modules, the advanced modules are a little out of scope for OSCP. Whatever you struggle with, make it your focus, don't know something and it's on there, give it a look!
Amazing video
Thank you, more to come subscribe to stay updated
I feel like i can ask this question tk you and you will be the perfect person to answer, feel free tk make a video later but i am looking for answer to get direction ASAP.
I have already bought LearnOne.
Don't have any previous experience, now while preparing for OSCP what additional studd should I learn amd places that would help me increase my chances of clearing the exam?
And how should i proceed with the study material with the aim to learn as much as possible and clear the exam?
Right so I'll give you an ordered list and how I would do things.
HTB
Tryhackme
Vulnhub
HTB academy
Ippsec
Cybermentor priv esc courses
Proving grounds practice / play
You absolutely need lab time, if you're very new get your head into the HTB labs and follow the beginner pathway and get an understanding of things. While you're doing that go over the PEN200 course contents and thing should hopefully start clicking. It's a majorly steep learning curve if you're an absolute beginner it will be difficult and frustrating but keep persevering. Everyone takes in information differently so try different things and see what works, but more than anything get your head in the labs!! Do as many as you can and focus on your weaknesses! Get AD labs in, I highly recommend the pro labs from HTB, do dante and other beginner AD lab sets, they will really help you.
I am releasing more videos soon about specific attack chains for active directory, so subscribe and stay tuned. It's made for OSCP / CRTP students to learn from.
Great Video thank you, which courses did you do in HTB academy?
I didn't really complete any specific courses I just had at very basic courses, as they're very in depth. Active directory enumeration and attacks are a good module, all in all anything on there you're struggling with, will definitely help you on your journey
How did u handle consulting writeups when doing practice boxes, be it PG or HTB etc. At what point should I throw in the towel and just consult some answers.
I feel like im spending too much time just banging my head against the wall trying to find stuff when I'm still not very familar with in actually doing hands on (vs knowing in theory)
If you don't know something you don't know it, you've got to learn somehow by using the various tools you have. Looking at hints and writeups is great and as long as you do it correctly you will benefit from it. For me personally I noticed a theme, and for most I think this is the same, lack of thorough enumeration, and the times when it wasn't related to my enumeration I simply had no idea what this exploit or attack vector was, but that comes with experience and that is when writeups are useful. Set a timer, e.g. 3 hours for local and root, 1.5 for each or whatever you need. If by that time you have set you haven't got anywhere, use a hint or look at a writeup SPARINGLY. I cannot stress this enough, if you crutch and rely on others for your thought process, you will never develop. So to answer it depends, heavily on you as a person and what task you are faced with. My only advice would be, to try and limit your writeup usage, only when absolutely necessary and utterly stuck.
From somebody who did all of TJ Nulls PG Practice recommended boxes and failed the exam.. I’d say the #1 thing I did wrong was jumping too quickly to writeups. It’s weird but troubleshooting and getting used to searching through a ton of pages for your answer is a muscle that’s very much needed on the exam
@@gunnar-ai Yes I'd agree. Train and practice how you fight, if you absolutely rely on writeups and don't have a developed understanding or methodology you will not succeed.
When you say, focus on enumeration. So how can one improve enumeration?
It comes with time and experience the more you do something the better you will become. Although it is a bad mindset, a lot of CTFs run fairly similar and some just have patterns, it's the nature of the beast. It more comes with experience overall, a developed knowledge and understanding to think a little differently. Watch videos of different hackers, Offsec videos, s1ren, ippsec etc they all will really help you. Different perspectives is crucial as that diversity will introduce new concepts and ways of thinking to you.
Do you feel the course covers the exam?
In my experience if I had just taken the course content as gospel and not done my own research and preparation, I would have failed. Some attack paths although very very basic, are not directly taught by the course curriculum (as far as I remember). As stated in the video I did not use very many resources from the course due to development before purchasing, but after looking at the course contents, specific attack chains are not mentioned. You can never over prepare and I highly recommend doing as much as possible to prep for the exam.
Dude, you sound like Liam Gallagher. You from Manchester?
Close enough
you really need to speak slower and more clearly. Other than that, great video. Don't speak like you are explaining something to your mates. Speak like you are explaining something to a much wider audience, whose first language may or may not be english.
Thank you for the critique this is a recurring thing for me. I've recorded some material last night and will go and reassess to try and improve my dialect and speech work. Thank you
@@SecTricks2023 all good buddy. On my own channel, It took me a while to get it down but with time its not a problem. @BytesizedSec btw if you fancy giving it a follow. It's also all about hacking.
you can set the playback speed to 0.75X
@@youtubeuser4236 its about giving him a tip on how to do better, not critique him or make things easier for me. I did understand him perfectly fine
Yeah, I'm American and speak incredibly fast, but damn I had a hard time following some of this. I think if you're a Brit it might be easier to pick up