Congrats Andy on your OSCP...excellent explanation and detailed timelines you took towards your accomplishment means a huge encouragement for the OSCP aspirants that help and refine the steps needed ahead before taking the exam. Well done mate .
Thank you for sharing this with us. I enjoy the success stories as it helps me visualize my future success. Knowing that I'm not the only one who has prepared for over a year is very encouraging.
Congrats Andy! Been waiting for this update. Would you mind joining me for one of my live streams and talk about the oscp prep, challenges, etc? It will be a fun informative discussion
Since I am starting fish my cyber sec field, this video has helped me a lot in terms of how to keep myself motivated, and following a path which will fit my needs. Great video.
I haven't seen all the video at the moment but I want to say thank you I think it will help me and other people to get more motivation work harder for the exam. I am scared of this exam but I will be ready for that now!
Congrats Andy on your OSCP ! Truly happy for you , from following your page I know you prepared many hours for this. I’m actually taking my OSCP in 2 weeks, & I’ve been doing PG practice to prepare. I’ve already completed most TJ nulls HTB list. Sometimes I do look at the write ups on PG when I’m stuck. I just wanted to ask if that’s ok ? I’m always hearing mixed feelings about looking at write ups. But one thing I do is always note what I didn’t know before or I got stuck on
Yeah that sounds fine man. I was looking at walkthroughs too when I was going through PG. You are taking notes on what you didn't know before, so that is great.
It's totally ok. The PG practice can exceed in difficulty the exam. Exam is more about time management than difficulty of the machines. A (kind of generic) tip is to not waste time. If you dont see a way in from a port, move on. Get a sense of the box as a total and the versions running
About the job w/ oscp people want to hire people in OSCP level, either having the OSCP or if the company pays you the OSCP you can get it first try, and you have to show that you are at that level
Awesome video, great experience and detailed recommendations. I too ended up quitting the PWK labs as I found it to be way too dated. I owned around 20 machines, one of the new AD domains, then stopped altogether for about a year to get in a better mental space. I'm back at it now in OSPG and owned a couple of machines last night granted I needed writeups, mostly to knock the rust off. The two machines I've done so far really reminded me of the labs, so I think I'm going to follow your tip on doing everything community-rated Hard and below, then try to take a stab at the exam.
Congratulations and a huge respect Andy! Query: As I am also prepping for OSCP and would like to move on to offensive side post the OSCP, is it possible to share your CV with confidential data redacted or do a video on how you built your CV with OSCP experience ?
Hi Andy, great video mate!! Once I pass my OSCP, even I have decided to go in the path of red teaming and CRTO. I am really excited to see some of the CRTO stuff at your channel. If its possible, do some walk through too of using cobalt strike and other C2C framework tools.
I agree on the HTB that can be hit and miss. Nevertheless, just watching ippsec's videos is absolutely amazing. Sometimes I do that just as a "relax" time, because he always explains the thought process and I definitely used his way of thinking in the exam as well.
Would love to do the pen-200 but i'm priced out at the moment. Might have to save up before committing to that program. Pen-210 which is an entirely different track used to be easier on the pocket but the fine folks at Offensive Security found a brilliant way to make even more money by making it available ONLY through a learn subscription, which of course is just an easy 2000. Great stuff from them as always. But i hope at some point to add them to my CV.
I would recommend start on TryHackMe. Look into the beginner learning path and just go through some modules. Let me know how that goes and if you have any further questions.
Congrats on getting a new job, Andy . i am myself seeking a junior pentesting job as well . I was pretty scare to apply , i thought I would only start applying once I have the oscp. Given your story that you got a job before passing the exam give me some hopes. I wonder what are all the materials you put on your resume, do you mention that you are indeed in middle of getting the oscp ? And your tryhackme stuff ? Because I really feel I don’t have much real life experience to show for on my resume without an OSCP. That’s why I am hesitant to apply , I am not sure what are the expectations for a junior pen tester when companies are hiring ?
Have you got any general IT experience? If so, you can try and apply before passing OSCP. I had about 1-2 years of experience at a MSP. I plan to make a video related to CV soon.
@@andyli I do have about 3 years of experience working in IT in electric utilities field . Deployed software and troubleshooting stuff (network/db/configuration/software bugs etc) raise during deployment.
Hey Andy , congratulations! Huge accomplishment ! Whilst doing your machines did you always manually exploit them or did you find it easier doing it using automated tools then doing it again manually ?, as far priv esclation do you think tiberius' windows and linux courses are sufficient for OSCP prep or would you recommend other resources ? Thanks for the advice and well done again !
It is good practice to do it manually. You should know how it works then after that it is fine to use auto tools. Avoid using sqlmap though, because that is not allowed on the exam.
Congrats on the pass! I’m testing this Friday. I got a question for you. For the screenshots, did you only take shots for the for the actual way you got in, similar to a regular write up? Or did you take screenshots of every single port you went through and show all the enumeration? I felt like I went a little overboard on my last attempt with the amount of screenshots didn’t know if that was necessary. Thanks.
Yeah it definitely sounds you went overboard on the screenshots. For nmap, I just took a screenshot of the port that was vulnerable and the banner/service page. Also refer to the writeups on PG, I assume that is the amount of detail they are looking for. Good luck on your exam!
I watched your first attempt in OSCP video, That you said it not about we broke a lot machine LAB and could pass the exam, Yes actually we can't I failed yesterday, I really know myself in exam that i shouldn't sit here with almost weakness thing.
@@eanglyroeurn8255 ok, at least you got a shell on a box. That info might be helpful for you next time. Have you done much practice on proving grounds? If not, I suggest more practice on that platform
I have done around 30 machine on pg, thm offensive path, tjnull list and so on. But yes in this video I understand what I should I do and re-take, As you mentioned about portswigger
Hello Andy. Congratulation and thank you very much for your video! I heard that it is necessary to study several programming languages, like Python, C, PHP are required to pass the test,. Do you think those skills are necessary? If you have an opinion or advice of it, I would like to hear that, thank you!
You might need a little bit of programming knowledge. Only to modify small parts of code. So you can pick this up as you go through exam prep. You don't need to develop full exploits.
Respects! Great video One question: I'm not from cybersecurity field but i recently passed sec+ and net+ I am free for the next six months and want pass OSCP during that time , question is that can i able pass the exam in 6 months?
It might be possible, start working through boxes and see how far you get. I would probably focus on PG and some other resources, don't worry about doing too many machines on the PWK labs, perhaps just the retired exam machines.
Nicely articulated. I was confused from where I should start. it gives a great confidence after watching this video. One question : do I need to know basic scripting ?
Yep, Go lang is pretty good. Even if you find yourself using a different language later down the road, programming skills are transferable, so I won't worry too much about it
Congrats! I just finished VHL doing the 20 boxes. The initial access was usually PHP manipulations… priv esc was typically always dirty cow. I know dirty cow won’t work on OSCP but is the web exploits of php and such similar? Like the lucky box etc? I’m debating doing 120 PWK exercises… I feel my time would be better spent doing actual boxes in PWK which I started recently.
I don't want to reveal too much on the exam, just that VHL is great practice for initial access. Do more boxes is probably the way to go. Have you done the retired exam machines in the PWK?
Hey I wanted to ask when going through the TJnull list what was your rule of thumb when it came too walk throughs I know it would take a long time to do all of the boxes with out hint but I dont wanna abuse it either what are your thoughs?
@@Trent_111 There is Proving Grounds (Play) which is free and Proving Grounds (Practice) which is paid. The free platform is essentially machines from vulnhub. The paid platform is the one I used (machines made by offensive security). I probably should have made that clearer in the video.
@Andy Li may I know how is the setup for the proctoring? How many webcams do I need? I’ve read that I need to show my screen to the proctor at the same time while showing myself to the proctor as well. Do I also need to use a headphone with mic or can I just exchange messages with the proctor?
You will need to share your screens and the webcam will be on the whole time. The proctor cannot hear you. There is a chat window to exchange messages. I also have another video "What to expect on exam day" if you want more details
@@andyli I just finished watching that. It's great! Thank you for that. I saw on that video that "No electronic devices near workstation". Does it mean that you can't check your phone while doing the exam? What about when you want to connect your laptop to a larger screen monitor and do the job there? Do I need to show that my laptop is closed? Because I've read that only one screen is allowed.
@@Joseph-rs2ij at any time you can type in the chat you want to take a break, then you can step away from your computer and do whatever you can use multiple screens, just need to enable screen share for all of them
Nice video!! I want to start OSCP course but I don't have a lot of money to begin on the official site. Is-it possible to stat with free ressource and just take abonnement for 3 months and passe? I have basic notion on security and i have attempt the UDACITY Nano degree - Security Enginneer. Thanks
I am preparing for oscp exam. My basic is clear. I have solved the Dvwa and Picoctf. I am currently solve vulnhub machine. am i the right way.plz reply
Hi @Andy Li I haven’t through all of your videos but do you have a video where you discribes the list of tools that you used for the entire oscp exam? Not for the prep. Just for the exam. If you don’t have, may I know if you can tell me what are those tools? Thank you so much in advance!
I cannot really answer this question without spoiling the exam. However I would say that there are no special tools that you will need, only the normal ones you will come across during exam prep.
Hey Andy thanks for the video! i got a question about learning python as it relates to pentesting/red-team/OSCP etc As of right now, im taking an INTRODUCTORY comp sci course that involves a little math such as bisection searches and approximate solutions of sqaured numbers. Also, the course is going to teach things like 1D arrays and 2D arrays, algorithims and big O notation ( i have no idea what any of this means). are these necessary for writting python scripts,exploits, and automating tasks ? i was thinking of dropping the course since i dont necessary need it for my degree lol
Great Videos Andy! I appreciate your videos and your videos really they encouraged me to start my journey but the main problem I am facing , which tools they allow to use and which they not and other thing I want to ask you if they allow to copy commands and search over google???
Hello Sir, Do you need to study programming before even attempting this certification. I am not sure if I need to be familiar with programming so I'm kinda confused. Thank you for your help sir.
@@andyli also, I'm a complete beginner, never had a pentestin job or any experience in the field, is this test meant for beginners who plan to study or do you need that experience. Thank you for your help, a lot of us are getting motivated for this
I had some IT experience when I started (not too much and not in cyber security). If starting from no experience it will be hard but it doesn't really matter if you actually like doing this stuff because you will be able to push through it. Start on TryHackMe and do some exercises on there, see how you go
Do you have Network+ or Security+ certification? I am totally new to penetration testing, and I was going to get these certifications before working on OSCP. Do you think I should forget about these certifications, and only work toward OSCP using the websites and learning resources you listed?
I have both net+ and sec+, they are very theoretical certifications, just multiple choice exam. So it won't help much for OSCP. If OSCP is the certification you want, then start on tryhackme and you will pick up the equivalent knowledge from net+ and sec+ during OSCP prep.
@@andyli Okay thanks for the quick response! I will be starting my journey towards OSCP in about two months using the resources you mention in this video.
I see that many people do this certification and I wondered, how many actually pay for it themselves and how many receive it from their company? Just because it's more then 1k dollars..
I have no data, but anecdotally, at my company I think it is about half/half. Still much cheaper than a degree though, and imo you get more practical skills from this compared to a degree.
@@andyli Yeah.. I agree with you considering I got a degree in cyber security and I can confirm that on beginning I had 0 practical skills. That's why even If I already have a degree I would like to take this certification. I already done eJPT, too easy. My next cert is PNPT and OSCP.
Great video Andy!
I'm currently studying for the OSCP and this really helped a lot! Thank you 😊
Thanks! Glad it helped, good luck on your exam 💪
@@andyli Thank you! And congratulations on getting certified! I'm sure it was a great jorney! ☺
Finally ⚡Congrats Andy!!! will be enrolling in a few months
Thanks! Best of luck ⚡
Congrats Andy on your OSCP...excellent explanation and detailed timelines you took towards your accomplishment means a huge encouragement for the OSCP aspirants that help and refine the steps needed ahead before taking the exam. Well done mate .
thank you, glad you find this video helpful
Yeah..my boy finally pass oscp 🎉
@@iknow078 🎉
Thank you for sharing this with us. I enjoy the success stories as it helps me visualize my future success. Knowing that I'm not the only one who has prepared for over a year is very encouraging.
Awesome, don't worry about the length of time. You will be much better prepared than most people
Well done mate! Keen to see the channel grow
thanks I appreciate it!
Congrats on ur OSCP! also the videos is very neatly formed and well explained , can say this vid gonna help me alot while my OSCP prep 😁
Glad to hear it! Best of luck
Congrats Andy! Been waiting for this update. Would you mind joining me for one of my live streams and talk about the oscp prep, challenges, etc? It will be a fun informative discussion
Yeah I'm keen to do that, will be fun. We will need to work out the timezone difference etc.
This has to be one of the best resources I have ever seen!! Thank you so much!
Glad it was helpful!
Congrats Andy. I am glad that you made it! :)
Thanks! 😃
Since I am starting fish my cyber sec field, this video has helped me a lot in terms of how to keep myself motivated, and following a path which will fit my needs. Great video.
Great to hear!
I haven't seen all the video at the moment but I want to say thank you I think it will help me and other people to get more motivation work harder for the exam. I am scared of this exam but I will be ready for that now!
Awesome, that is great to hear!
It’s here!
first!
Congrats Andy!!!! You're my inspiration!
😎
Thanks for getting back to the community, nice tips! :)
No worries!
CONGRATULATIONS!!!!!!! i am happy you passed it
Thanks!! 🙏
Graet! I’m preparing my OSCP and it is very useful!
Glad it was helpful!
Great job Andy! Second time is a charm! You are an OSCP for life now!
yeah!
Congrats and thanks for this video.
thanks for watching
Starting my journey officially today
I'm proud of you my boy, your journey is truly inspiring
Thank you!
Congrats Andy on your OSCP ! Truly happy for you , from following your page I know you prepared many hours for this. I’m actually taking my OSCP in 2 weeks, & I’ve been doing PG practice to prepare. I’ve already completed most TJ nulls HTB list. Sometimes I do look at the write ups on PG when I’m stuck. I just wanted to ask if that’s ok ? I’m always hearing mixed feelings about looking at write ups. But one thing I do is always note what I didn’t know before or I got stuck on
Yeah that sounds fine man. I was looking at walkthroughs too when I was going through PG. You are taking notes on what you didn't know before, so that is great.
@@andyli thank you Andy ! I appreciate it sir.
It's totally ok. The PG practice can exceed in difficulty the exam. Exam is more about time management than difficulty of the machines. A (kind of generic) tip is to not waste time. If you dont see a way in from a port, move on. Get a sense of the box as a total and the versions running
About the job w/ oscp people want to hire people in OSCP level, either having the OSCP or if the company pays you the OSCP you can get it first try, and you have to show that you are at that level
That is very true, you need to demonstrate OSCP level knowledge
good job man . thanks for the video .
No worries, thanks for watching
Someone said that the perfect guide doesn't exist. I will show them this.
Lol thanks!
Awesome video, great experience and detailed recommendations.
I too ended up quitting the PWK labs as I found it to be way too dated. I owned around 20 machines, one of the new AD domains, then stopped altogether for about a year to get in a better mental space. I'm back at it now in OSPG and owned a couple of machines last night granted I needed writeups, mostly to knock the rust off.
The two machines I've done so far really reminded me of the labs, so I think I'm going to follow your tip on doing everything community-rated Hard and below, then try to take a stab at the exam.
Nice, that sounds like a good plan. Good luck!
Congratulations and a huge respect Andy!
Query: As I am also prepping for OSCP and would like to move on to offensive side post the OSCP, is it possible to share your CV with confidential data redacted or do a video on how you built your CV with OSCP experience ?
Yeah I actually have it on my to-do list to make a CV video, thanks for reminding me
Hi Andy, great video mate!! Once I pass my OSCP, even I have decided to go in the path of red teaming and CRTO. I am really excited to see some of the CRTO stuff at your channel. If its possible, do some walk through too of using cobalt strike and other C2C framework tools.
Cool, cobalt strike is pretty new to me, I am actually going through the CRTO course now. Will do some videos on it after I learn more about it
I agree on the HTB that can be hit and miss. Nevertheless, just watching ippsec's videos is absolutely amazing. Sometimes I do that just as a "relax" time, because he always explains the thought process and I definitely used his way of thinking in the exam as well.
yeah same, and on the exam I was like "what would ippsec do?"
@@andyli haha indeed. From memory i think i checked his website at some point during the exam :D
What a journey! Thank you very much for such a detailed video.
Congrats Andy! You did it!!
Thanks!!
Would love to do the pen-200 but i'm priced out at the moment. Might have to save up before committing to that program. Pen-210 which is an entirely different track used to be easier on the pocket but the fine folks at Offensive Security found a brilliant way to make even more money by making it available ONLY through a learn subscription, which of course is just an easy 2000. Great stuff from them as always. But i hope at some point to add them to my CV.
True, Offsec have definitely become more "corporate" recently with all the subscription changes and the new courses. It is unfortunate
Great video. I hope you can make more comprehensive videos about cybers security and what certs to take and the amout of time required to take it.
yep, more to come!
its very helpful, thanks.
glad it was helpful
A video on managing job and Oscp prep will surely be helpful
Good idea, thanks for the suggestion
great video, I am going to take my 2nd attempt too.
nice, good luck!
I failed too I will re-take it
Thanks very much for the great content. I am currently entering cyber and studying for Security+ and Pentest+ certs. Will hopefully do the OSCP next.
glad it was helpful
I think a follow up Q&A would be useful.
Yeah there seems to be a lot of questions already, will do a follow up Q&A
congrats bro! awesome achievement
Cheers!
Great video!
Thanks!
@@andyli How many boxes have you solved on HTB before moving to proving grounds?
@@renz6010 around 50 or 60
Hey Andy, im changing career. I dont know anything about cybersecurity but want to end up with my OSCP. Where should I begin? Great video. Love it.
I would recommend start on TryHackMe. Look into the beginner learning path and just go through some modules. Let me know how that goes and if you have any further questions.
Hey is there a way I can follow your journey. Your story sounds familiar to mine
Congrats on getting a new job, Andy . i am myself seeking a junior pentesting job as well . I was pretty scare to apply , i thought I would only start applying once I have the oscp. Given your story that you got a job before passing the exam give me some hopes. I wonder what are all the materials you put on your resume, do you mention that you are indeed in middle of getting the oscp ? And your tryhackme stuff ? Because I really feel I don’t have much real life experience to show for on my resume without an OSCP. That’s why I am hesitant to apply , I am not sure what are the expectations for a junior pen tester when companies are hiring ?
Have you got any general IT experience? If so, you can try and apply before passing OSCP. I had about 1-2 years of experience at a MSP.
I plan to make a video related to CV soon.
@@andyli I do have about 3 years of experience working in IT in electric utilities field . Deployed software and troubleshooting stuff (network/db/configuration/software bugs etc) raise during deployment.
@@qifanguo5549 That is plenty of experience, put some CTF experience and "Studying for OSCP" on your CV and you should be ok
Great Vid Andy and thanks for sharing
Hey Andy , congratulations! Huge accomplishment ! Whilst doing your machines did you always manually exploit them or did you find it easier doing it using automated tools then doing it again manually ?, as far priv esclation do you think tiberius' windows and linux courses are sufficient for OSCP prep or would you recommend other resources ? Thanks for the advice and well done again !
It is good practice to do it manually. You should know how it works then after that it is fine to use auto tools.
Avoid using sqlmap though, because that is not allowed on the exam.
Congrats!!
thanks!
Congrats on the pass! I’m testing this Friday. I got a question for you. For the screenshots, did you only take shots for the for the actual way you got in, similar to a regular write up? Or did you take screenshots of every single port you went through and show all the enumeration? I felt like I went a little overboard on my last attempt with the amount of screenshots didn’t know if that was necessary. Thanks.
Yeah it definitely sounds you went overboard on the screenshots. For nmap, I just took a screenshot of the port that was vulnerable and the banner/service page. Also refer to the writeups on PG, I assume that is the amount of detail they are looking for.
Good luck on your exam!
@@andyli Thank you very much!
I watched your first attempt in OSCP video, That you said it not about we broke a lot machine LAB and could pass the exam, Yes actually we can't I failed yesterday, I really know myself in exam that i shouldn't sit here with almost weakness thing.
Sorry to hear you failed, how many points did you get?
@@andyli Really little, Just BOF and initial shell on machine2 20p. I really embarrass.
@@eanglyroeurn8255 ok, at least you got a shell on a box. That info might be helpful for you next time.
Have you done much practice on proving grounds? If not, I suggest more practice on that platform
I have done around 30 machine on pg, thm offensive path, tjnull list and so on. But yes in this video I understand what I should I do and re-take, As you mentioned about portswigger
Hello Andy. Congratulation and thank you very much for your video!
I heard that it is necessary to study several programming languages, like Python, C, PHP are required to pass the test,. Do you think those skills are necessary?
If you have an opinion or advice of it, I would like to hear that, thank you!
You might need a little bit of programming knowledge. Only to modify small parts of code. So you can pick this up as you go through exam prep.
You don't need to develop full exploits.
@@andyli I understand, thank you very much!
Congrats!
thanks!
Respects! Great video
One question: I'm not from cybersecurity field but i recently passed sec+ and net+ I am free for the next six months and want pass OSCP during that time , question is that can i able pass the exam in 6 months?
It might be possible, start working through boxes and see how far you get. I would probably focus on PG and some other resources, don't worry about doing too many machines on the PWK labs, perhaps just the retired exam machines.
Nicely articulated. I was confused from where I should start. it gives a great confidence after watching this video.
One question : do I need to know basic scripting ?
You need to read and edit small parts of scripts, not write the whole thing yourself
I m beginner in security and going to try for oscp after 1year and I thinking of using Go lang for scripts is this good?
Yep, Go lang is pretty good. Even if you find yourself using a different language later down the road, programming skills are transferable, so I won't worry too much about it
Congrats! I just finished VHL doing the 20 boxes. The initial access was usually PHP manipulations… priv esc was typically always dirty cow. I know dirty cow won’t work on OSCP but is the web exploits of php and such similar? Like the lucky box etc? I’m debating doing 120 PWK exercises… I feel my time would be better spent doing actual boxes in PWK which I started recently.
I don't want to reveal too much on the exam, just that VHL is great practice for initial access.
Do more boxes is probably the way to go. Have you done the retired exam machines in the PWK?
thank you for the video!
No worries, thanks for watching!
I love your content :D
Need to put it on x2 speed tho ahaha
lol yeah, several people have said that
Hey I wanted to ask when going through the TJnull list what was your rule of thumb when it came too walk throughs I know it would take a long time to do all of the boxes with out hint but I dont wanna abuse it either what are your thoughs?
Give it a day or two of being stuck. I wouldn't wait too long because I did find value in reading walkthroughs
Can you make a list of machines you have done on proving ground that would be nic
I did all the machines community rated "hard" and below
@@andyli is there a list for the free boxes on that website? I couldn’t find any
@@Trent_111 There is Proving Grounds (Play) which is free and Proving Grounds (Practice) which is paid.
The free platform is essentially machines from vulnhub.
The paid platform is the one I used (machines made by offensive security). I probably should have made that clearer in the video.
Hi bro good video 16:25 how much time in a week should we spend to pass the exam in 4-5 months? Thank you
I was doing maybe between 1-3 hours a day.
You might be able to do it if you dedicate full time on studying.
@@andyli Thank you! I appreciate your opinion 😊 best wishes
@Andy Li may I know how is the setup for the proctoring? How many webcams do I need? I’ve read that I need to show my screen to the proctor at the same time while showing myself to the proctor as well.
Do I also need to use a headphone with mic or can I just exchange messages with the proctor?
You will need to share your screens and the webcam will be on the whole time. The proctor cannot hear you. There is a chat window to exchange messages.
I also have another video "What to expect on exam day" if you want more details
@@andyli I just finished watching that. It's great! Thank you for that. I saw on that video that "No electronic devices near workstation". Does it mean that you can't check your phone while doing the exam? What about when you want to connect your laptop to a larger screen monitor and do the job there? Do I need to show that my laptop is closed? Because I've read that only one screen is allowed.
@@Joseph-rs2ij at any time you can type in the chat you want to take a break, then you can step away from your computer and do whatever
you can use multiple screens, just need to enable screen share for all of them
@@andyli thank you so much! 🙂
Nice video!! I want to start OSCP course but I don't have a lot of money to begin on the official site. Is-it possible to stat with free ressource and just take abonnement for 3 months and passe? I have basic notion on security and i have attempt the UDACITY Nano degree - Security Enginneer. Thanks
Yes start with free resources, you can just get 1 month OSCP lab time. You can skip PWK labs
@@andyli Thank you for response. Please which free course can you advice me?
@@nziwouewilfried5985 start practicing on TryHackMe.com
I am preparing for oscp exam. My basic is clear. I have solved the Dvwa and Picoctf. I am currently solve vulnhub machine. am i the right way.plz reply
do tryhackme, hackthebox and proving grounds
@@andyli thanks
Hi @Andy Li I haven’t through all of your videos but do you have a video where you discribes the list of tools that you used for the entire oscp exam? Not for the prep. Just for the exam. If you don’t have, may I know if you can tell me what are those tools? Thank you so much in advance!
I cannot really answer this question without spoiling the exam. However I would say that there are no special tools that you will need, only the normal ones you will come across during exam prep.
@@andyli No problem and thank you 🙂
Have a look at this site of you need a reference cheatsheet
book.hacktricks.xyz
@@andyli thanks man!
Hey Andy, one more query regarding OSCP.
Ca we make use of API tokens in the exam . eg: WPScan ?
Yes you can use the wpscan API, make sure it is the free API. You cannot use any commercial/paid tools
Hello sir, On Dec i m going to give OSCP could you please share your notes that could help Alot for me
I will share some parts of my notes next video
Hey Andy thanks for the video!
i got a question about learning python as it relates to pentesting/red-team/OSCP etc
As of right now, im taking an INTRODUCTORY comp sci course that involves a little math such as bisection searches and approximate solutions of sqaured numbers. Also, the course is going to teach things like 1D arrays and 2D arrays, algorithims and big O notation ( i have no idea what any of this means).
are these necessary for writting python scripts,exploits, and automating tasks ? i was thinking of dropping the course since i dont necessary need it for my degree lol
It is teaching fundamental programming knowledge that should be useful in any career that involves writing code.
When did you first get an interest in cyber security? Was it an afterthought that you switched into recently, or has it always been a goal of yours?
I had the idea when I was working my first job in help desk
is it possible self learn hacking ? Or
Must go to institute ?
100% possible to learn yourself, check out www.tryhackme.com
Great Videos Andy!
I appreciate your videos and your videos really they encouraged me to start my journey but the main problem I am facing , which tools they allow to use and which they not and other thing I want to ask you if they allow to copy commands and search over google???
Yes you can google and paste in commands during the exam. Only limitation is automated exploit tools such as sqlmap
Hello Sir, Do you need to study programming before even attempting this certification. I am not sure if I need to be familiar with programming so I'm kinda confused. Thank you for your help sir.
You only need basic programming to be able to read and modify small parts of code.
@@andyli also, I'm a complete beginner, never had a pentestin job or any experience in the field, is this test meant for beginners who plan to study or do you need that experience. Thank you for your help, a lot of us are getting motivated for this
I had some IT experience when I started (not too much and not in cyber security).
If starting from no experience it will be hard but it doesn't really matter if you actually like doing this stuff because you will be able to push through it.
Start on TryHackMe and do some exercises on there, see how you go
Do you have Network+ or Security+ certification? I am totally new to penetration testing, and I was going to get these certifications before working on OSCP. Do you think I should forget about these certifications, and only work toward OSCP using the websites and learning resources you listed?
I have both net+ and sec+, they are very theoretical certifications, just multiple choice exam. So it won't help much for OSCP.
If OSCP is the certification you want, then start on tryhackme and you will pick up the equivalent knowledge from net+ and sec+ during OSCP prep.
@@andyli Okay thanks for the quick response! I will be starting my journey towards OSCP in about two months using the resources you mention in this video.
@@chancejohnson384 nice, good luck!
Hello where can I get a vocher for the oscp certification?
Check out TryHackMe, they are doing a giveaway of 5 exam vouchers in December
Guys, if anyone is currently practsing OSCP labs, pls connect let's learn together
I see that many people do this certification and I wondered, how many actually pay for it themselves and how many receive it from their company? Just because it's more then 1k dollars..
I have no data, but anecdotally, at my company I think it is about half/half. Still much cheaper than a degree though, and imo you get more practical skills from this compared to a degree.
@@andyli Yeah.. I agree with you considering I got a degree in cyber security and I can confirm that on beginning I had 0 practical skills. That's why even If I already have a degree I would like to take this certification. I already done eJPT, too easy. My next cert is PNPT and OSCP.
Sounds like a plan, PNPT is pretty good from what I have seen
Congrats! Is it able to get an entry job with OSCP without degree?
Yes I think that is possible.
I think that HackTheBox should be number 1, but however
I learned a lot of hackthebox
how would you rate oscp exam machines hard or medium
Easy to medium, but under exam conditions they all feel hard
what did you study/brush up on between 1st and 2nd exam?
Not much to be honest, just did a few basic PG boxes during the period. Because I realized that I only failed the first time due to a dumb mistake.
Can you also list some free tryhackme rooms?
Most of the tryhackme rooms are free, I recommend registering in the website and sort by free/premium once you login.
@@andyli How do I sort them?
Great Video!
Thanks!