After far too long I am again going to return to my OSCP studies with an aim to retake the exam in either September or October. My initial plan is to review all OSCP materials and try to come up with a comprehensive list of my deficiencies and skills I would like to build on. Once I am feeling fairly confident these have been worked on sufficiently I will move on to another lab period and test out what I have learned and then re-access where I’m at.
Maybe one of the biggest challenges of OSCP for me so far is accepting failure and how to move forward from it. With a lot of leftover perfectionist tendencies I need to get away with the feeling that I need to do something in an all-or-nothing faction, that incremental steady improvements are key, and that I need to become more comfortable…being uncomfortable. There is little growth or opportunity in taking things on that you know ahead of time you can easily do well.
This will be a placeholder for thoughts and additional items of study.
- I absolutely need to improve Windows pen-testing familiarity + identifying avenues for privilege escalation. Unsure if this is due to mostly doing Linux lab machines, or living too much in Linux-land in general but those machines always feel unnatural difficult to get traction on.
- After initial enumeration I need to develop good methods (maybe just practice) of separating out what services to focus on and devote most of my energy to. In both lab and exam machines I tended to waste too much time on things that did not pan out.
- Outside of pure technical knowledge also would like to pick up a good general hacking theory book to get me thinking more laterally.
- Of less importance directly but I’m going to try to embrace vim as main text editor and try to get better with shortcuts/etc. (VIM Adventures is pretty awesome!)
I’ll continue to update this as I think of additional items… (last updated 7/13/2019)
The Web Application Hacker’s Handbook – Finding and Exploiting Security Flaws (2nd edition)