Home page logo
/

basics logo Security Basics mailing list archives

Re: Re: About to start PWB - Any tips?
From: Mustafa Qasim <alajal () gmail com>
Date: Fri, 6 Jul 2012 14:44:02 +0500

On Fri, Jul 6, 2012 at 11:07 AM,  <amol.dabholkar () gmail com> wrote:
Hi
I would also recommend visiting the ethical hacker.net forums to get good study and exam tips. The exam is very tough 
(at least for me, i took the full 24 hours to pass the first time) but the course itself is a LOT of fun and learning 
(and pain). You need to take atleast 2 months (assuming you are not an uber hax0r in which case 1 would do) and you 
need to manage your time properly. There are arround 50 machines waiting to be pwned and there is a lot of learning 
associated with each one so you will have a lot of fun and learn a huge amount of practical pen-testing knowledge at 
the same time.
Check the course syllabus as well on the offsec website.
regards
Amol

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


I will share my perception and plan for OSCP in coming months. My
perception might be wrong but that's what I've observed after reading
he reviews and stuff about OSCP and it's course outline.

I've realized that the first 15 days of your lab time are mostly not
used "up-to required level" because folks do encounter many things
which require reading and spending time in understanding the tech. The
required essential exercises at that level can be done on your own PC
easily.

The LAB is not for learning how to compile an exploit or practice the
features of nmap. You can do those things on your personal BackTrack
VM. The LAB is intended to practice the ninja skills and penetrate.

So, I feel that most candidate do kind of "waste" the precious LAB
time in early two weeks. What I've planned is that I will get the 30
Days labs with course at first and will assess my knowledge and try
hard in that time. At the end I would have completed my training and
also get familiar with LAB.  After those 30 days I will take a break,
make a list of all the stuff which needs attention and will harden my
knowledge offline using my own VMs.

After two or three weeks I would have hardened the required skill set
to practice penetration in the LAB. I would have saved some money also
for the lab extension and will then purchase more 30 or 60 days of LAB
and will do my best.

I feel we shouldn't rush towards exam. The experience of penetrating
boxes in LAB itself is an awesome experience which one shouldn't
waste.

Remember that after the last day of your Lab (30/60/90 Days) which you
purchased with course you've maximum of 90 days. You need to schedule
your exam or purchase another LAB extension before the end of those 90
days.

Also don't get confused by what other say about how they did OSCP. One
friend told me he spent 18 hours daily in LAB. Of course everyone have
different opportunities, situations and learning capabilities. So,
don't plan your moves on behalf of other. Assess your self maybe you
can do the same in just 10 hours/day or maybe you need more time.

Any suggestions are welcome!
-- 
Mustafa Qasim

me () mustu info
http://blog.mustu.info

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault