passed on my first attempt last week. Most of what you said is what I did. Pwk lab was fine for about 20 boxes, then after that moved to PG practice and HTB.
I appreciate this so much! I'm pretty new to all of this. These are great tips, and I will definitely note them down. I'm currently taking the Practical Ethical Hacking from The Cyber Mentor on RUclips, and I'm learning a lot. After that I'm planning on just doing as many boxes as possible until I feel more confident with applying my skills in different environments. Then I'll sign up for the OSCP pen-200 and get that certificate, and hopefully it'll open up doors for me so I can start working with this stuff as a career ^_^ Sounds like great fun!
In my opinion, there are multiple things you can do that will help you out. 1) Know your basic commands, shortcuts and noticing the obvious. By that I mean, knowing your ports as JSON SEC mentioned. Is it normal to have anonymous login on an SMB share? Definitely not, this means that it's most probably there for a reason; however don't overthink much stick to the workflow, otherwise it's a rabbit hole. Don't confuse this with efficient enumeration tho. 2) Automating things locally / Shortcuts. An example is instead of launching a local http server using 'python3 -m http.server'; alias it! 3) Memorize or keep your VPN IP in sight. I noticed every time I need my IP for something I would run 'ifconfig tun0'. You can add a gnome shortcut to keep it in sight in the toolbar or alias it. 4) Keep in mind there are no 'crazy tricks' that are to be done. Anything you have access to right now is there to help you move on to the next stage. If there is a service that's known to be vulnerable and is vulnerable but not exploitable at the moment, then you should know that previous enumeration should have uncovered it for you, thus, enumerate more. 5) Any form of access that has been found by you like credentials will most probably be used at a later stage throughout the machine, you'll barely have 'useless' credentials. Other than that; thanks @JSON SEC for your videos! Great tips!
thank you , this was helpful , i liked the idea of creating a game plan. I'm now crafting a game plan for the OSCP exam. But i would also encourage crafting a study plan also.
Hey JSON, Im extremely new to “red team” things (i only just learned about tunneling). I feel like a lot of stuff covering OSCP is under the assumption that someone has been doing exploitation for a bit. Are there any resources you recommend for getting my feet wet so I can learn the fundamentals?
I think I want a Full longer then 20 minutes video on linux file system. Explain it as better as you can. The person who really wants to become a hacker or gain knowlage will definitly watch full video.
I don't really know a lot about those certs, but if you've got a good understanding with linux as well as Networking. You'd be in a strong position to start
I'd actually disagree. My first approach was to do everything manually, which I suppose was good to learn./ But enum scripts just made things SO much quicker and easy to decipher. I'll always do a bit of situational awareness, but very limited.
passed on my first attempt last week. Most of what you said is what I did. Pwk lab was fine for about 20 boxes, then after that moved to PG practice and HTB.
Nice work man and well presented!
I appreciate this so much! I'm pretty new to all of this. These are great tips, and I will definitely note them down. I'm currently taking the Practical Ethical Hacking from The Cyber Mentor on RUclips, and I'm learning a lot.
After that I'm planning on just doing as many boxes as possible until I feel more confident with applying my skills in different environments. Then I'll sign up for the OSCP pen-200 and get that certificate, and hopefully it'll open up doors for me so I can start working with this stuff as a career ^_^ Sounds like great fun!
This is inspiring . Thanks man!
Good luck!
In my opinion, there are multiple things you can do that will help you out.
1) Know your basic commands, shortcuts and noticing the obvious. By that I mean, knowing your ports as JSON SEC mentioned. Is it normal to have anonymous login on an SMB share? Definitely not, this means that it's most probably there for a reason; however don't overthink much stick to the workflow, otherwise it's a rabbit hole. Don't confuse this with efficient enumeration tho.
2) Automating things locally / Shortcuts. An example is instead of launching a local http server using 'python3 -m http.server'; alias it!
3) Memorize or keep your VPN IP in sight. I noticed every time I need my IP for something I would run 'ifconfig tun0'. You can add a gnome shortcut to keep it in sight in the toolbar or alias it.
4) Keep in mind there are no 'crazy tricks' that are to be done. Anything you have access to right now is there to help you move on to the next stage. If there is a service that's known to be vulnerable and is vulnerable but not exploitable at the moment, then you should know that previous enumeration should have uncovered it for you, thus, enumerate more.
5) Any form of access that has been found by you like credentials will most probably be used at a later stage throughout the machine, you'll barely have 'useless' credentials.
Other than that; thanks @JSON SEC for your videos! Great tips!
This was a fantastic video Jason. It would be great if you could do a video on spotting the "false positives" you mentioned. Thanks
thank you , this was helpful , i liked the idea of creating a game plan. I'm now crafting a game plan for the OSCP exam. But i would also encourage crafting a study plan also.
Good luck!
Thanx man , reallly helpful
Congrats bro.....
Hey JSON, Im extremely new to “red team” things (i only just learned about tunneling). I feel like a lot of stuff covering OSCP is under the assumption that someone has been doing exploitation for a bit. Are there any resources you recommend for getting my feet wet so I can learn the fundamentals?
Yep, go to tryhackme, it's your one stop Shop
@@JSONSEC Thank you. Been on it for a few hours now, its great!
Imagine getting a heart ❤️ from json🙏
Granted❤
@@JSONSEC Thank you sir Big fan
Jason ... Please tell us about more about practice exam and free material for OSCP
I used 3 PWK machines + a BOF to do set a 'practice exam' for myself.
@@JSONSEC how can I prepare for oscp with free resources.. please recommend some free resources
I think I want a Full longer then 20 minutes video on linux file system. Explain it as better as you can. The person who really wants to become a hacker or gain knowlage will definitly watch full video.
Thanks for the video idea, but this guy has already done it much better than I ever could!
ruclips.net/video/HbgzrKJvDRw/видео.html
@@JSONSEC buddy netowork chuck also made video on it but still everything is not covered😭😭😭😭😭
Buddy your content is awesome and you should upload more videos. Soon you gain more subscribers then John Hammond
John's an awesome dude, he's been watching my stuff since I first started on YT
@@JSONSEC wait what you know JOHN HAMMOND personally ?
@@dhruv9618 Its basically like, everyone watch everyone XD
@@yourfellowhumanbeing2323 he said John Hammond is watching his stuff right?
@@dhruv9618 yep
your discord link is not working
Apart from having good knowledge of linux and networking, we give that for granted, how much would ccna and linux+ help in the OSCP?
I don't really know a lot about those certs, but if you've got a good understanding with linux as well as Networking. You'd be in a strong position to start
I think CCNA is overkill dude for OSCP. ..Basic networking, then do the boxes listed by Tiberius & others...
And always do basic enumeration manually on Linux/windows before just dropping enumeration scripts...
I'd actually disagree. My first approach was to do everything manually, which I suppose was good to learn./ But enum scripts just made things SO much quicker and easy to decipher.
I'll always do a bit of situational awareness, but very limited.
Do some stuffs manually. Make methodology for this with a small list. Lin/Win enum scripts throw alot of data.
You great
Are we allowed to use our notes during exam?
Absolutely
crisp.....common practices and common mistakes in a single video under 7 mins !!
JSON - ‘How are your emotions?’
Me - 😭😭😭😭
JSON - ❤️❤️❤️❤️
Sir i want talk ippsec
Go check out his channel then 🙂
1st cmt