localhost exposed

« Previous | Next »

Path to OSCP - Part 16, The Day Before

https://www.youtube.com/watch?v=FnsS7ebDm3w

I managed to finish the lab report. You might thinkĀ it ain't exactly a miracle and I would agree with you. BUT. For some reason I had a really hard time trying to get my mind focus on the documentation as I started of with the PWK Lab Report template that had plenty of pre-filled text as boilerplate to show what is expected of a good report.

For some reason the wording, structure and overall form just didn't fit with my own way of organizing my thoughts so I had a tough time getting to it. After a few hours of struggling I decided to switch to our company's blank Word template and copied the structure of a recent(ish) security audit I have done.

This familiar structure and form made it a lot more approachable and I was able to plough through the documentation in almost one go with the aid of some hard bpm tunes.

Since then I have been crafting my game plan for tomorrow as I am expecting a definiteĀ deer in headlights moments when I start. So I will just run the first hour on auto-pilot with the plan I have come up with.

My current schedule looks like this:

ss 2016-03-31 at 21.12.02

I am still torn between whether I should follow this schedule tightly as not to slip into a 4-hour long tunnelvision trip down the deep rabbit holes as I have done on several nights in the labs. Obviously I cannot know what I am doing tomorrow at 14:30 and whether I am in a good spot to have a break. That is of course the tricky part as I doubt that there will be many 'good spots' during the exam to not be hacking away.

23 hours and 45 mins to do the exam. Then another 24 hours for the documentation deadline (given that I have enough machines breached).

Out of that exam time I am currently planning on devoting 3 hours for breaks/food and 4 hours for sleep. I expect to be mentally shredded after the exam ends. We'll see.

For the past 3 days I have mostly been focusing my learning on these sites (old and new):

http://pwnwiki.io/#!index.md

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

https://isc.sans.edu/diary/Windows+Command-Line+Kung+Fu+with+WMIC/1229

https://www.offensive-security.com/metasploit-unleashed/introduction/

Oh and please, if you have any tips for the exam besides 'take breaks and follow your plan' do not share any specifics you know or have heard online. I do not want the slightest sliver of doubt in my mind or anyone else's mind that if I pass that I have done this 100% on my own. I understand that it might be out of the kindness of your heart, but giving anything except very very generic advice is just very shady territory right now before my exam.

« Previous | Next »