Path to OSCP - Appendix A, How to ask for help
April 12, 2016
You are all spies.
There! I said it.
But what I am really saying is that due to real-life stuffs I have learned me some OpSec even though it might not look like it since I do share a lot of myself online.
And what I mean by OpSec in this context is that I expect each and every last single one of you to be a covert operative trying to get me to incriminate myself for something.
For example, OffSec clearly states that anyone caught helping another student pass the exam would be liable to get their own certificate and all future access to attempt certification get revoked.
Very simple. You are strangers with whom I do not have an established trust strong enough to bet my chance of getting OSCP and other OffSec certs on that relationship. That's just a fact of life and especially online life.
So when you ask me questions. And people do. I will treat you as if you are trying to get me to provide you with something worth screenshotting for a bounty basically.
Don't get me wrong. I will still help each and every one who happens to ask me when I am available online. But 'will help' is obviously limited. I can give you guidance on how to approach a generic problem. What kind of mindset to have while doing these labs. Remind you of the importance of proper recon and maybe even give you a pointer to fully read a man-page of some tool or read a few chapters in the lab manual.
But if you ask me a specific question that either divulges too much information to me of a server that I have not even gotten or if you are putting me on the spot where any valid advice I give will immediately reveal the plot, then no. I will not help in that manner.
And I am especially cautious / evasive if you start bringing up the exam.
I have written / talked about the exam all that I can. Any more and I would be in shady waters.
But please. Please understand where I am coming from. I want to help people, but I don't want it to cost me my certificates so I need to protect my best interest here.
I really want to help people. That has become increasingly clear for the past 1,5 months now. I have experienced the same emotional high when I've been helping newcomers to the OverTheWire wargame challenges. There I obviously have more freedom with leading questions since the stakes are less because it is purely for everyone's own enjoyment and it is freely available. But the same has applied in a more refined sense with the PWK course.
It is becoming more and more clear to me that I will probably want to spend a significant portion of the next decade helping others achieving their next level. Get the right mindset and way of thinking. I might be bold enough to say that I have a natural aptitude to explain technical issues in an easy to understand manner and help people grasp the fundamental concepts behind many tech ideas.
I am also currently quite heavily influenced by Gary Vaynerchuck who is pushing people to do what they love and to focus on self-assessment to find out what you are good at and what you should probably offload to other people.
It is starting to look like I might be a headed for a path to being a mentor, teacher, sensei. It feels absurdly pompous saying that given how highly I rank people who teach others, but it just feels right for me.
Hmm. We'll see.
I kinda posted about this aspect previously on LinkedIn: What do you want to be known for?
And I'll leave you with this non-OSCP, non-security related video below.