Other tidbits I forgot to mention: Record your screen during the exam. Backup everything on a cloud location (private Gitlab repository). Use more than one monitor.
@LD Wyze you won't know till you actually try it. Before taking the course I had practically 0 experience. It all depends on how much time you can invest into learning and how dedicated you are to learning. It took me 3 attempts to pass the exam, but I kept at it till I did.
@TaStiCle_S Just jump in thats what I did. I have a background in networking, no cybersecurity experience. The course is designed for you got into the lab and make mistakes. Its honestly a really good place to learn. If you start and feel like your not getting anywhere, buy more lab time. I did 30 days and just extended another 15. It's all on you. If you really want to do it just do it. The worst case scenario, you have to try again.
Congrats! I just received the news that I passed this morning :) You have one of the first cybersec YT channels that I watched when I started playing CTFs.
Congrats and good luck on OSCE. You should be aware that the OSCE doesn't have a lab they let you play around with; it's just machines on which you can replicate what you see in the videos.
Congrats! I just enrolled int the PWK and hope to take the exam by the end of the year. I also noticed that exercises take a long time to complete, mainly due to taking a shit load of screenshots - good to know that your lab/exercise report can be so big.
Thank you! Yeah, the exercises were grueling. A lot of it was things I already felt comfortable with, so yeah, TONS of screenshots and it took a long long time. I had much more fun just doing the lab machines for the sake of actually hacking. My lab report was 240 pages, and exam report was 60 pages (forgot to mention that in the video). Thanks for watching!
I love you man, you just boosted me up. I get depressed easy, and I wallow in it to long. You just made my month bro, thanks. Hehe I left 3 messages, lol.
The best way I have heard "Try Harder" be defined is, "Given enough time and attention, any problem can be solved." With that, I focused on fully rooting one box at a time starting from the lowest point box. Now Im moving on to OSEP.
Congratulations! I am testing in a couple weeks and trying to keep track of my journey. Hope to do one of these soon on my RUclips channel and Blog site.
What was your study schedule like when you were preparing for OSCP? I am trying to figure out how to practice around my job as well. Did you study during the weekdays and weekends? I am surprised you went with 30 days of lab time unless you felt pretty confident with your current skills; I did not think that would be enough time for a full-time employee. Just wanted to hear your thoughts.
Very encouraging, thank you for sharing. I had originally given up because I didn't feel good enough, but I'm going to pick it back up again since I already have all the PWK materials, minus the new stuff which I may purchase. -Thanks!
Yeaaah there was *way* more exercises than I was expecting. They took a lot more time than I was expecting. I have 5 of the nodes hacked just need 5 more! Congrats on your test!
Thanks so much! You can definitely beat up those other 5 boxes -- remember it's fine to use Metasploit and SQLmap and other quick wins in the lab environment. If you want to run through those just to get the lab report done, it is fair game!
@@_JohnHammond Yeah I've resigned to start doing that now. I spent the first month of the lab with the "train like I fight" mentatlity and stubbornly went through without touching metasploit but now I just want to finish. My test is on the 8th so I just need to get 'em done!
Great video John, thanks a lot. Which tools do you need to avoid using in OSCP exam? Their documentation only mentions msf, openvas, nessus "or similar tools", but that "similar tools" might be a bigger scope than we think (I.e. Nmap vuln scripts). Can you elaborate on which tools you totally avoided? Thanks.
Informative, Thanks for sharing John. I have only CCNA and LPI Linux baisc and some basic Python knowledge , is it good stright into the OSCP course with 3 months lab ?
Dang, that's so reassuring to hear you can do it in like 4-12 hours. Ya hear so many horror stories.I start my 30 days of labs day after tomorrow. Only been studying pen-testing for 4-5 months. Never programmed or anything before hand, didn't even have a computer and some of my study buddies have 10+ years in the industry and failed.
@Gordon Smith There's a whole story... but I took the test once, knew I would have failed and did not turn in my report. Then there was an investigation cause I didn't read a single word of the testing policy and thus had pulled some half-baked shenanigans and I got perma-banned. If you're considering doing it.. don't.. JUST DO IT. Nike that shit, Gordon. The value of that personal challenge is incalculable no matter the outcome but I'd imagine it's very personally and financially rewarding to have achieved the certification as well. The people at Offsec are pretty cool as well, including the investigations team even though they kinda ruined me a little bit. Thanks for asking by the way!
@@zezimadude13 Lol sorry to burst your bubble but pentesting for 4-5 months wouldnt get you close to the OSCP skills. You would've been better off practicing HTB boxes
Hey this was really helpful, quick question though, can we refer to our notes / document or google things? I am planning to take exam soon, currently going through the study material
I realize this video is over 2 years old, but I am hoping someone can connect with me on how to approach the OSCP. I am currently finishing my final courses towards my degree in Cybersecurity, I have my CEH along with some other smaller programming certifications. I do spend my free time on HTB and Pentesterlabs to further my understanding of vulnerabilities and what methods are available to me to exploit them. But I'll be honest, this OSCP exam is scary. I don't feel confident enough for it, but want to try anyways. For those that have achieved this milestone and earned the certification, what pointers can you offer me to better set myself up for success?
Did you have to do the 24 hours straight through, or can you take it in sections? They dont give you enough information. I have the videos and book and exercises. Just have to get the labs when I'm ready.
@@lampmanjosh Only from what I have heard from co-workers and friends. From what they have said, it's like OSCP on steroids -- crazy hard, tons to do, heavy stuff. But I'm sure you will crush it! Best of luck, let me know how it goes! :D
@@_JohnHammond Will do, man! I will say the same thing as far as the coursework. Very in depth, and addicting. I plan on taking the OSCP after this, so I should be well prepared
you mentioned that there are alot of exercises on the machines, do they give points per exercise? Or do you get full points for a box as soon as you get root access to the machine? Starting my OSCP in 3 weeks. Little bit nervous already ._.
The "exercises" are standalone questions or tasks to complete. They are "pass or fail" -- you either have all the challenges completed (with 10 lab boxes compromised), and you get five bonus points..... or, if you DIDN'T complete all the exercises, you get nothing. For the lab machines, you do need to get root access and document/write your report with information to solve that machine. Is that what you were asking? Or were you referring to the exam machines? Thanks for watching!
Hi @John Hammond I'm trying to pass PWK lab but I have stuck for several days in some issue and I don't know how to deal with it. may ask some questions? I really need it, it depends on my job, there is a possibility I lose my job.
Nice video!! I want to start OSCP course but I don't have a lot of money to begin on the official site. Is-it possible to stat with free ressource and just take abonnement for 3 months and passe? I have basic notion on security and i have attempt the UDACITY Nano degree - Security Enginneer. Thanks
Another amazing video brother, just what I needed. This is so ironic, I just started my PWK on monday. I needed to hear all this. Is there a community you would recommend I get plugged on with for some camaraderie/support? It would be awesome to have some like minded people to bounce ideas off?
Thanks so much! Have you joined the Discord? :P Also monitoring the r/oscp subreddit is great. There is another more formal "OSCP study group" somewhere I think. Thanks for watching!
Hi John.. I am a very big fan of your videos... Congratulations on obtaining the OSCP certification, I am preparing myself to take the test but and I want to know what can I do in preparation... I am doing the OverTheWire Challenges... Do you think they work as a preparatioin?
Thanks so much! Appreciate all the kind words! From what I understand (and I could be very wrong here), the eLearningSecurity one is like "more" OSCP -- a longer test, more to hack, more in-depth. Honestly though I have only heard of it via word of mouth and have not done my own in-depth research.
This is great. However, one obvious question. Do they "magically" put a debugger on your target machine, or do you have to somehow get a debugger uploaded onto your target machine? (I assume this is to get root from a low priv interface?) I can't even do BO without a bugger, UNLESS I download the same program and run it in a lab environment with a debugger attached to the running program. Then if everything works, launch my exploit at my target machine, cross my fingers, and hope for the best.
I don't think it is any wrongdoing if I explain (I think the BOF is common knowledge for most people now) -- you have a separate machine that includes the binary itself and a debugger, so you can test and troubleshoot your attack script. Once you have your script crafted and ready to go, you point it at the remote machine and ideally you'll have root right away.
@@matthewpahl7516 Thanks! I scheduled OSCE already and should get started with that next month :D I do absolutely want to go through AWAE and OSWE though, for sure. I'll try and keep them coming!
I think the issue most people are having with the BO machine is not who is calling who (I did a reverse shell no prob), people are just forgetting that OffSec isn't trying to make this easy. If your shell code isn't working there is a very obvious reason why, test test test what techniques might be affecting your shell code. I think the most important tip when it comes to the shell code part is: RTFM. It took me one try to get get the "clone" machine to call back, and then one try to get the test machine to call back as long as you follow what you've been taught.
Hi, can you tell if one can pass the exam without trying the BO machine at all? I think I can take on other challenges but I can't wrap my head around BO and couldn’t find a good resource for novices to learn BO from the basics. TIA.
@@fahimahmed7915 each machine is assigned a certain number of points. The BO machine is only worth 10, so technically yes, you can pass without the BO but that's assuming you can get the hardest machine. If you cant get the 25 point machine, then you're really going to need to get all the other machines to pass.
I did not, in my case-- I was worried that I would and I asked if I could test the proctor software early (before the exam), but they didn't allow it. In my case, it went smooth, but I needed to tell Firefox to repeatedly allow the webcam and screen sharing. Thanks for watching!
Can you tell me if you used pwntools in the exam ? im still trying to get someone to tell me but most people who have OSCP channels dont seem to know it well and refer me to the OSCP terms and conditions.
@@UnknownSend3r Agreed-- anything you can do to specifically put the words "cyber security" on your resume is USUALLY a good thing to head into the infosec field.
I have 60 boxes rooted on HTB and Elite Hacker Rank, fairly familiar with the exploit writing stuff. Doing HTB for over a Year now. I should be ready to plunge into the OSCP right?
Oh I was going to ask, did you get the klcp cert? I was told by offsec to get that first to boost my confidence. That was I'll know Kali in and out. I guess it's a prerequisite for all the other certs they have.
Are you planning on writing the lab report? If so, do a little bit of the lab machines first (break into maybe 2~3 boxes, even with Metasploit, if you want) and THEN get started on the exercises. Power through the exercises and keep track of all the new access you figured out (take notes on the vulnerabilities you can throw at the new machines) and once you are done, switch back to the lab machines. Honestly I do recommend using Markdown so you can very easily and quickly crank out your lab report (exercise answers and machine documentation). That should make it a breeze. Thanks for watching! :D
@@_JohnHammond Thank you thank you!!! Co grats on the 100%, by the way. I'm definitely planning on writing the lab report. Not simply for the 5 extra points (that definitely will help), but so that I can have the records as well.
Damn congrats. I recently (a few months ago) decided that infosec was the path I wanted to go. Still in school as well so there's a long way I need to go and a lot left I need to learn before taking the OSCP but hopefully I'll get there eventually.
Whooa! You said that you don't use metasploit (8:02)? I don't understand how yo exploit the machines then.. I've some questions here 1. Is it enough for us to practice just on tryhackme and metasploitable machine? 2. Is it prohibited to use metasploit during OSCP training and exam? By the way, thanks for all of your videos! They all are great! Inspire me to be a hackerman like you too..👍
Honestly I felt like I learned more from the exam than I did the labs, because I really forced to research. The labs were great for exposure and showing some new things, but I definitely felt the exam was more valuable. Best of luck to you dude! Thanks for watching!
Other tidbits I forgot to mention:
Record your screen during the exam. Backup everything on a cloud location (private Gitlab repository). Use more than one monitor.
You're not the boss of me
John Hammond this. I lost everything during my first exam attempt due to a corrupt cherry tree file.
@LD Wyze you won't know till you actually try it. Before taking the course I had practically 0 experience. It all depends on how much time you can invest into learning and how dedicated you are to learning. It took me 3 attempts to pass the exam, but I kept at it till I did.
@TaStiCle_S check out Pentestin' for N00bs by The Cyber Mentor here on RUclips. He's basically doing a PWK primer course for free.
@TaStiCle_S Just jump in thats what I did. I have a background in networking, no cybersecurity experience. The course is designed for you got into the lab and make mistakes. Its honestly a really good place to learn. If you start and feel like your not getting anywhere, buy more lab time. I did 30 days and just extended another 15. It's all on you. If you really want to do it just do it. The worst case scenario, you have to try again.
Hammond has a solid radio voice, should think about a podcast brah.
I really liked this video, just breaking it down and keeping it real. Thanks for being an awesome influence in the security community.
Congrats! I just received the news that I passed this morning :) You have one of the first cybersec YT channels that I watched when I started playing CTFs.
Hell yeah! Congratulations man!
Ah thank you so much, I am super grateful!
Watching this video gives me more motivation to take the OSCP exam. Thank you John!
Helpful 4 years later man the test may have changed but the feedback is still gold! Thank you!!!
Your a legend john, you inspire me to go and try for the oscp. Your vids are insightful great all round.
Thanks for the kind words, I really appreciate it! You should absolutely go for it, I'm sure you can do it! Thanks for watching!
Congratulations 🎉🎈! Welcome to OS club!
Thank you for setting the bar, I look forward to seeing more content from you.
Congrats and good luck on OSCE. You should be aware that the OSCE doesn't have a lab they let you play around with; it's just machines on which you can replicate what you see in the videos.
This is great information to have! Thank you
Congrats! I just enrolled int the PWK and hope to take the exam by the end of the year. I also noticed that exercises take a long time to complete, mainly due to taking a shit load of screenshots - good to know that your lab/exercise report can be so big.
Thank you! Yeah, the exercises were grueling. A lot of it was things I already felt comfortable with, so yeah, TONS of screenshots and it took a long long time. I had much more fun just doing the lab machines for the sake of actually hacking.
My lab report was 240 pages, and exam report was 60 pages (forgot to mention that in the video). Thanks for watching!
Thank you for the tips John! I have started the Lab Sunday :)
CRUSH IT! YOU GOT THIS
Did you get it?
Hello John,
Thank you very much for this advice and encouragement, you still give me the strength not to give up. Thank you!
I love you man, you just boosted me up. I get depressed easy, and I wallow in it to long. You just made my month bro, thanks. Hehe I left 3 messages, lol.
Hell yeah, that is excellent to hear! Love you too dude!
@@_JohnHammond Get a room!!!!! lololol
The best way I have heard "Try Harder" be defined is, "Given enough time and attention, any problem can be solved." With that, I focused on fully rooting one box at a time starting from the lowest point box. Now Im moving on to OSEP.
Thanks for emphasizing note taking, my favorite way of doing things.
Thank you for the candid talk, appreciated!
Also please post the ctf boxes that you think its same with oscp box based on your feedback and exam (htb and vuln )
Ty for the informative video on the oscp. This was pure gold!
I wish you success .. Your followers from Saudi Arabia 💚💚💚
Congratulations! I am testing in a couple weeks and trying to keep track of my journey. Hope to do one of these soon on my RUclips channel and Blog site.
Thank you so much! Appreciate it! You should absolutely do it -- it is like an obligation once you finish hahaha. Thanks for watching!
Excellent video. Thanks so much for sharing.
I could watch this over and over again, very inspirational and looking to take this Cert soon
Congrats John. Great Video. Thank you for sharing your experience.
Thanks for tips, I like too to understand different expressions like "try harder" with another sense and its help me to make out the "big picture".
your work is just incredible
What was your study schedule like when you were preparing for OSCP? I am trying to figure out how to practice around my job as well. Did you study during the weekdays and weekends? I am surprised you went with 30 days of lab time unless you felt pretty confident with your current skills; I did not think that would be enough time for a full-time employee. Just wanted to hear your thoughts.
Keep Working Brazil is watching you!
Love your website bruh😅😅
Congrats man !! I know you are excited 👍
Very encouraging, thank you for sharing.
I had originally given up because I didn't feel good enough, but I'm going to pick it back up again since I already have all the PWK materials, minus the new stuff which I may purchase.
-Thanks!
Happy to hear that! I'm sure you'll breeze through it. Thanks so much for watching!
@vmn512 can u help me with the oscp?
Congrats John !
Thank you so much, and thanks for watching!
5:00 are you saying to make it a bind shell instead of a reverse?
He didn't want to point it out but yeah it's clear
Yeaaah there was *way* more exercises than I was expecting. They took a lot more time than I was expecting. I have 5 of the nodes hacked just need 5 more!
Congrats on your test!
Thanks so much!
You can definitely beat up those other 5 boxes -- remember it's fine to use Metasploit and SQLmap and other quick wins in the lab environment. If you want to run through those just to get the lab report done, it is fair game!
@@_JohnHammond Yeah I've resigned to start doing that now. I spent the first month of the lab with the "train like I fight" mentatlity and stubbornly went through without touching metasploit but now I just want to finish. My test is on the 8th so I just need to get 'em done!
Very helpful, Gonna prepare for OSCP
Congratulations and thanks for the tips.
Great review. Very encouraging. Thanks.
Thanks for a great video full of excellent advice, John.
Congratulations ❤️
Congratulations! That's an awesome achievement. I'm on the journey to OSCP and hope I can do the same. :)
Thank you so much! I'm sure you can do it! Keep after it. :D
Wish you good luck and great success
Great one! I would love to hear your opinion and tips for OSWE course and exam
Congrats John
Thank you so much, and thank you for watching!
Thanks John.
Great video John, thanks a lot. Which tools do you need to avoid using in OSCP exam? Their documentation only mentions msf, openvas, nessus "or similar tools", but that "similar tools" might be a bigger scope than we think (I.e. Nmap vuln scripts). Can you elaborate on which tools you totally avoided? Thanks.
Congratulations!
Thank you so much, and thanks for watching!
Thanks for this video. Love from India🇮🇳🇮🇳🇮🇳
Great video as always thanks
great job
Can you share your Sublime Text Markdown reporting workflow please.
Absolutely. I can get that video up for the weekend! Thanks for watching!
Is it allowed to use the enumeration scripts like linpeas or the windows one?
Great job man ! Thanks
Informative,
Thanks for sharing John.
I have only CCNA and LPI Linux baisc and some basic Python knowledge ,
is it good stright into the OSCP course with 3 months lab ?
Thank Your for elaborating on not using MSF because It said you want to focus on manual exploit not auto.
Now I know its possible.
Dang, that's so reassuring to hear you can do it in like 4-12 hours. Ya hear so many horror stories.I start my 30 days of labs day after tomorrow. Only been studying pen-testing for 4-5 months. Never programmed or anything before hand, didn't even have a computer and some of my study buddies have 10+ years in the industry and failed.
@Gordon Smith There's a whole story... but I took the test once, knew I would have failed and did not turn in my report. Then there was an investigation cause I didn't read a single word of the testing policy and thus had pulled some half-baked shenanigans and I got perma-banned.
If you're considering doing it.. don't.. JUST DO IT. Nike that shit, Gordon. The value of that personal challenge is incalculable no matter the outcome but I'd imagine it's very personally and financially rewarding to have achieved the certification as well. The people at Offsec are pretty cool as well, including the investigations team even though they kinda ruined me a little bit. Thanks for asking by the way!
@@zezimadude13 Lol sorry to burst your bubble but pentesting for 4-5 months wouldnt get you close to the OSCP skills. You would've been better off practicing HTB boxes
how did you get to the point in your career where you were ready to start the oscp? Whats your IT background?
Thanks for the review!
Hey this was really helpful, quick question though, can we refer to our notes / document or google things? I am planning to take exam soon, currently going through the study material
I realize this video is over 2 years old, but I am hoping someone can connect with me on how to approach the OSCP. I am currently finishing my final courses towards my degree in Cybersecurity, I have my CEH along with some other smaller programming certifications. I do spend my free time on HTB and Pentesterlabs to further my understanding of vulnerabilities and what methods are available to me to exploit them. But I'll be honest, this OSCP exam is scary. I don't feel confident enough for it, but want to try anyways. For those that have achieved this milestone and earned the certification, what pointers can you offer me to better set myself up for success?
Great video. I started my journey. I am also making videos of the boxes that I am cracking from hack the box
Did you have to do the 24 hours straight through, or can you take it in sections? They dont give you enough information. I have the videos and book and exercises. Just have to get the labs when I'm ready.
You have 23 hours and 45 minutes allotted-- whatever you do in that time is all up to you.
@@_JohnHammond Ahha, ok. I get it now. So something I should definitely plan out well, hehe.
Congrats!
Thank you! And thanks for watching! :D
@@_JohnHammond No problem! I'm gearing up to take the ECPPT next month. Do you have any experience with that course/certification?
@@lampmanjosh Only from what I have heard from co-workers and friends. From what they have said, it's like OSCP on steroids -- crazy hard, tons to do, heavy stuff. But I'm sure you will crush it! Best of luck, let me know how it goes! :D
@@_JohnHammond Will do, man!
I will say the same thing as far as the coursework. Very in depth, and addicting.
I plan on taking the OSCP after this, so I should be well prepared
This was REALLY good advice
I wish I could like this video multiple times! Oh wait, *logging into my other accounts *
Great bro
you mentioned that there are alot of exercises on the machines, do they give points per exercise? Or do you get full points for a box as soon as you get root access to the machine? Starting my OSCP in 3 weeks. Little bit nervous already ._.
The "exercises" are standalone questions or tasks to complete. They are "pass or fail" -- you either have all the challenges completed (with 10 lab boxes compromised), and you get five bonus points..... or, if you DIDN'T complete all the exercises, you get nothing. For the lab machines, you do need to get root access and document/write your report with information to solve that machine.
Is that what you were asking? Or were you referring to the exam machines? Thanks for watching!
@@_JohnHammond Thanks for sharing those valueable experiences. Yeah that was what i was asking for, thanks for the fast Response. :)
Congrats bro! :)
Congratulations
Thank you so much! Thanks for watching!
Awesome brother!
Thank you! And thanks for watching!
Hi @John Hammond I'm trying to pass PWK lab but I have stuck for several days in some issue and I don't know how to deal with it. may ask some questions? I really need it, it depends on my job, there is a possibility I lose my job.
Nice video!! I want to start OSCP course but I don't have a lot of money to begin on the official site. Is-it possible to stat with free ressource and just take abonnement for 3 months and passe? I have basic notion on security and i have attempt the UDACITY Nano degree - Security Enginneer. Thanks
"take breaks" and an add comes in :D
Congratulations🎉, having great wrightups is always great for refering back to, nailed it👍🏾 -TheGlitchKing
Thank you so much! And thanks for watching!
Another amazing video brother, just what I needed. This is so ironic, I just started my PWK on monday. I needed to hear all this.
Is there a community you would recommend I get plugged on with for some camaraderie/support? It would be awesome to have some like minded people to bounce ideas off?
Thanks so much! Have you joined the Discord? :P Also monitoring the r/oscp subreddit is great. There is another more formal "OSCP study group" somewhere I think. Thanks for watching!
You are really awesome
Hey thank you, you are awesome too! :D
Hi John.. I am a very big fan of your videos...
Congratulations on obtaining the OSCP certification, I am preparing myself to take the test but and I want to know what can I do in preparation... I am doing the OverTheWire Challenges... Do you think they work as a preparatioin?
Awesome video
Thanks for watching!
Thanks, great review. Can you give me any advice about elearningsecurity ejpt? Do you think it's a good starting point before OCSP?
Thanks so much! Appreciate all the kind words!
From what I understand (and I could be very wrong here), the eLearningSecurity one is like "more" OSCP -- a longer test, more to hack, more in-depth. Honestly though I have only heard of it via word of mouth and have not done my own in-depth research.
Love that hoodie. Sucks that DerbyCon is no longer.
Thanks for the video!!! Great tips!! I was wondering if you could share some of the enumeration tools you used on the test other than NMAP?
Thanks for watching! I used basically used nmapAutomater, nikto, DirBuster, and enum4linux -- that worked well enough for my needs.
what is good source to learn manual exploiting because as we know that we are not allowed to use metasploit in oscp exam?
congratulation
Thank you so much!
can you suggest anybox (ctf image) to practice dealing with rabbit hole?
This is great. However, one obvious question. Do they "magically" put a debugger on your target machine, or do you have to somehow get a debugger uploaded onto your target machine? (I assume this is to get root from a low priv interface?)
I can't even do BO without a bugger, UNLESS I download the same program and run it in a lab environment with a debugger attached to the running program. Then if everything works, launch my exploit at my target machine, cross my fingers, and hope for the best.
I don't think it is any wrongdoing if I explain (I think the BOF is common knowledge for most people now) -- you have a separate machine that includes the binary itself and a debugger, so you can test and troubleshoot your attack script. Once you have your script crafted and ready to go, you point it at the remote machine and ideally you'll have root right away.
@@matthewpahl7516 Thanks! I scheduled OSCE already and should get started with that next month :D I do absolutely want to go through AWAE and OSWE though, for sure. I'll try and keep them coming!
Can u please suggest good books for pen testing or tutorials
I think the issue most people are having with the BO machine is not who is calling who (I did a reverse shell no prob), people are just forgetting that OffSec isn't trying to make this easy. If your shell code isn't working there is a very obvious reason why, test test test what techniques might be affecting your shell code. I think the most important tip when it comes to the shell code part is: RTFM. It took me one try to get get the "clone" machine to call back, and then one try to get the test machine to call back as long as you follow what you've been taught.
Hi, can you tell if one can pass the exam without trying the BO machine at all? I think I can take on other challenges but I can't wrap my head around BO and couldn’t find a good resource for novices to learn BO from the basics. TIA.
@@fahimahmed7915 each machine is assigned a certain number of points. The BO machine is only worth 10, so technically yes, you can pass without the BO but that's assuming you can get the hardest machine. If you cant get the 25 point machine, then you're really going to need to get all the other machines to pass.
@@sh3lbst3r Thanks for the info! I'm trying my best to learn the BO. Hopefully I'll be able to crack it!
What prerequisite knowledge is recommended to start the lab time?
Could you do one on elearnsecurity PTS and PTP courses?
Absolutely! I just finished up PTS so I could help show you guys. I hope to have a video out for it soon!
John you mentioned using an ubuntu box for the exam. Did you experience any trouble with the proctor software on linux as a primary os
I did not, in my case-- I was worried that I would and I asked if I could test the proctor software early (before the exam), but they didn't allow it. In my case, it went smooth, but I needed to tell Firefox to repeatedly allow the webcam and screen sharing. Thanks for watching!
Can you tell me if you used pwntools in the exam ? im still trying to get someone to tell me but most people who have OSCP channels dont seem to know it well and refer me to the OSCP terms and conditions.
@@sinwolf5539 I had no need to use pwntools for the exam, personally.
hey, love your vids. Just a quick question, how do we easily guess which is the buffer overflow machine and do they give immunity debugger ?
It will be made clear which is the buffer overflow machine, and they do provide the debugging tools you need. :)
So I wanted to ask I’m sixteen and looking forward to become a pentester but should I go in a IT university or a cyber security ??
Cyber security would make more sense since their modules cover both CCNA and CEH and alot more geared towards penetesting.
@@UnknownSend3r Agreed-- anything you can do to specifically put the words "cyber security" on your resume is USUALLY a good thing to head into the infosec field.
can someone recommend me cyber security universities in United Kingdom
I have 60 boxes rooted on HTB and Elite Hacker Rank, fairly familiar with the exploit writing stuff.
Doing HTB for over a Year now. I should be ready to plunge into the OSCP right?
Oh hell yeah man, absolutely! You definitely are ready for it. You'll crush it. Thanks for watching!
@@_JohnHammond Thank you for your videos. I always marvel how fast you code. I would need hours for what you do in minutes. xD
Congrats man! My lab time just started!
Also, what song is that at the end of your video?
Thank you! Hell yeah, you'll crush it!
The ending song is TULE - Fearless. It's bumpin! Thanks for watching!
Oh I was going to ask, did you get the klcp cert? I was told by offsec to get that first to boost my confidence. That was I'll know Kali in and out. I guess it's a prerequisite for all the other certs they have.
Oh, I had not! That looks interesting enough though, would definitely be good to have!
I've set the goal to begin the labs in January. Any tips for the next few months to get on the right track?
Are you planning on writing the lab report? If so, do a little bit of the lab machines first (break into maybe 2~3 boxes, even with Metasploit, if you want) and THEN get started on the exercises. Power through the exercises and keep track of all the new access you figured out (take notes on the vulnerabilities you can throw at the new machines) and once you are done, switch back to the lab machines. Honestly I do recommend using Markdown so you can very easily and quickly crank out your lab report (exercise answers and machine documentation). That should make it a breeze. Thanks for watching! :D
@@_JohnHammond Thank you thank you!!! Co grats on the 100%, by the way.
I'm definitely planning on writing the lab report. Not simply for the 5 extra points (that definitely will help), but so that I can have the records as well.
Hi Nick...i too have plans to start the lab in Jan/Feb. Let me know if you would like to team up for learning and practice for the exam.
Cheers,
Raj
Damn congrats. I recently (a few months ago) decided that infosec was the path I wanted to go. Still in school as well so there's a long way I need to go and a lot left I need to learn before taking the OSCP but hopefully I'll get there eventually.
Thank you! That is awesome news, I am glad you are starting the climb! Don't hold yourself back, you should definitely go for it soon!
John what is your path? Please can you tell me? I wanna be like you
Whooa! You said that you don't use metasploit (8:02)? I don't understand how yo exploit the machines then..
I've some questions here
1. Is it enough for us to practice just on tryhackme and metasploitable machine?
2. Is it prohibited to use metasploit during OSCP training and exam?
By the way, thanks for all of your videos! They all are great! Inspire me to be a hackerman like you too..👍
M8, u do realize that metasploit is not the only place where u can get exploits? U can get so many exploits from exploit db, that's what u hv to use
Can we use web_delivery module more time?
What should i do after doing CEH?What did you get after passing OSCP? Do you get an anonymous mask ? Are you on insta?
Awh man, if only! That would be cool!
I am on Instagram. But I barely post anything. instagram.com/_johnhammond/
Congrats! I'll soon follow your steps!
Did you learn a lot with lab and exam ?
Honestly I felt like I learned more from the exam than I did the labs, because I really forced to research. The labs were great for exposure and showing some new things, but I definitely felt the exam was more valuable. Best of luck to you dude! Thanks for watching!