OSCP diary – week *cough, cough*

February 14th, 2023

A long overdue update… I lost count what week I am in but I’m happy to report that I’ve continued working through the PEN-200 course at a steady pace and by now, I’ve finished all reports up to and including chapter 19 (password attacks).

This means I have four more chapters to go for the reporting. Maybe three because I have not been able to get PowerShell empire working properly. Which will leave the flags and the labs. As it is February now, completing the course around July or August still seems realistic.

ISC2 CCSP

February 14th, 2023

Last week (first week of February 2023), I took and passed the ISC2 CCSP exam (Certified Cloud Security Professional)

As usual, I watched all relevant videos I could find on pluralsight.com and used to the included practice exam until I consistently got a (very) high score. Additionally, I read thumbed through the All-In-One series book on the CCSP exam.

The actual exam was quite hard and I was surprised to learn I passed. Pleasantly surprised, obviously. The provisional result was printed out at the test center as is usual with ISC2 exams.

There is a reddit sub-thread where a lot of test-takers complain about this exam. Usually I don’t pay those people too much attention since I passed all these exams at first try so far (10-ish exams so far) but I have to admit, some questions left me troubled and confused. The bewildering questions did not seem relevant to the exam topic at all.

If somebody came here hoping for some useful advice on this exam, I’m sorry, I can’t give you any. I can’t give you any meaningful advice on what else to study apart from the above. Obviously, learn the basics by heart (shared responsibility model, threat models, data life cycle, SLDC, risk mitigations etc.) but beyond that, I am not sure what to recommend.

If you are taking the exam soon: don’t panic, stay concentrated, give it your best shot and best of luck!

OSCP diary – week 06

September 4th, 2022

Hrmpf…. Seems I forgot to write an update on week 05. In that case, I’ll have to summarize two weeks in this post.

I’m still studying buffer overflows, in particular Windows buffer overflows and trying to find my around the debugger that is installed on the offered Win10 virtual machine. I did some additional readings on other websites which explain the theory just as well if not even better.

One thing I can’t help noticing though is that the whole VPN thing is a drag. I get it, VPN is required. But I’m running Kali on Virtualbox, then I have to RDP into a Windows virtual machine. Yes, the recommendation is not to use Wi-Fi, but face it, in some rental places a wired connection might just not be possible.

The format of the OSCP website does not help much either. The notes column on the right side cannot be minimized but it takes up 25% of website’s width.

One problem that’s been bugging me for several weeks now was an update / upgrade problem with apt-get. I got an error message saying “file size is not as expected, mirror sync in progress?”

Looking this up, the solution seemed simple enough – replace the standard repo included in /etc/apt/sources.list with a mirror in your country as listed here:
http://http.kali.org/README.mirrorlist

Now this is where Murphy of Murphy’s Law comes in.

I picked one of the local mirrors, put it in the config files, ran apt-get clean and apt-get update again – but got the same error.

What happens in the background is that the default repo automatically forwards your connection to the fastest local mirror it can find. In my case, the mirror I accidentally put hard-coded into the config file. So, the main repo had a problem and the configured mirror as well. It almost drove me nuts and I was only able to solve by trying yet another mirror, carefully picked – a slower one on purpose. Then, finally apt-get update completed and I was able to catch up with a week’s worth of updates.

Blerg.

Nice to have this off my back, now I can get back to studying…

OSCP diary – week 04

August 21st, 2022

I finally finished the LFI exercise… it took a while because I was using a & instead of a ? in the wrong place in the URL. <sarcasm>Surprisingly, things don’t work properly if you do that</sarcasm>. After that, it was smooth sailing. OR SO I THOUGHT. Took some more digging and I got the flag so I’m good maybe but I certainly did not follow the instructions so I’m not sure if there is a correct way to complete the exercise. But I guess one aspect of the course is also to show that following the book/the guidelines is not always necessary or recommended.

Moving on, I made progress on the RFI exercise and continued reading up on SQL injections.

This all seems to take a long time, I wonder if I’m wasting too much on these exercises >_<

ISACA CRISC

August 16th, 2022

I got the digital certificate this week and now I can file for the reimbursement of the exam cost. This is the last step, the rest is just keeping on acquiring those CPEs

OSCP diary – week 03

August 16th, 2022

I’ve continued with the web application attacks chapter and I’m a bit ashamed to say I’m stuck on one of the LFI exercises. I try to finish all the exercises before moving on, or at least before moving to a completely new chapter.

In this particular exercise, I’ve tried a couple of things (what I could think of), watched the course videos (which I usually don’t) and did additional research but I’m still stuck. Might reach out to colleagues this week although I still have one idea that I need to check/confirm before asking others for ideas.

Meh, nobody said it’s easy.

Burp Suite Community edition – Intruder

August 12th, 2022

If you accidentally dabble with a PEN-200 course, there is an introduction to the Burp Suite Intruder feature with a lot of meat on the bones.

Alas, since the course was created, Burp Suite released a newer version with a re-defined interface (covered by Burp Suite course on Pluralsight) but it’s still possible to piece together the required components to follow the course content.

Until…. everything is set as described and you click on “Start Attack” and you get this pop-up:

Is this another “feature” of the community edition to push you towards purchasing the Pro version of Burp Suite?

Well, it might be. But you don’t have to shell out the cash quite yet.

Head over to the Resource Pool tab and you’ll see:

In fact, what you’ll have to do is this:

And obviously select this added option, then start the attack. It will obviously be slower but this chapter in the course is about the principle, not about brute-forcing cracking real passwords.

OSCP diary – week 02

August 9th, 2022

Or is it week 3 already? Haha, looks like I lost track already.

Finished that Perl script to get nameservers from a domain. Finally.
Not that Perl might be a particular scripting language, but…. not chomping an input breaks a loop because of an empty variable? Although the same variable holds a value as evidenced in the loop?
Can’t really say I understand this so far.

Got through the scanning basics but I’m undecided on the inclusion of Nessus in the ‘textbook’. Not checked yet whether you’re allowed to use Nessus during the exam, but I guess no. It was good to do some hands-on exercises with Nessus but if the basis of the coure is the open-source Kali Linux, then including tools like VMware Fusion and Nessus in the course materials feels somewhat …. off.

Anyway, moving on web application security now.

OSCP diary – week 01

July 29th, 2022

As mentioned in earlier posts, the OSCP certification is something I wanted to try for a while.

Thankfully it’s (somewhat) related to my work so the company was willing to financially support me for this course. After getting the final confirmation, I signed up for the PEN-200 course.

After signing up, students are required to hand in an official piece of identification before allowed access to the course and the labs, so I needed to comply with this as well.

Obstacle OpenPGP-encrypted emails – honestly, never used this much. Maybe shame on me? Not sure. Anyway, since I’m mostly using webmailers these days, how do I get this to work? Answer: Mailvelope, a Firefox extension.

After a couple of tries sending in the required information, it finally worked out and I was granted access to the course and the labs.

Obstacle VMware – I’m not Offensive Security so obviously it was their decision but I would have welcomed pre-prepared Kali VMs for virtualbox, not VMware. Even getting a trial version of VMware Fusion is a pain. brew.sh saved my sanity, at least until the trial period expires.

In the course (I’m doing the basics now, can’t tell about the later exercises), there are browser-based exercises [browser, openvpn, terminal] where you connect to a prepared machine but there are also exercises where you need to run your own Kali (presumably) virtual machines to do something.

Obstacle openvpn – this cost me a lot of nerves to set up because I was looking in the wrong place. openvpn itself can be easily installed but it needs a openvpn config file – which was nowhere linked on any page I browsed (introduction, help, FAQ – you name it). I had previously downloaded the config but just couldn’t find the file / link anymore – because it’s hidden – or linked – in the VPN link right at the top of every page in the course. Argh – well, I mentioned it cost me a lot of nerves. Obviously, I know now.

After all that, I was finally able to get started and I’m doing the basics now. No need to rush, I’m looking at this as a long-term project anyway.

CPE tracker

July 14th, 2022

If you are lucky enough, you are certified in some field. Very likely, you need to gather continuous professional education credit to keep the certification valid. Actually, not a bad thing in itself and it does make sense in fast-paced fields like technology.

However, if you have several certifications that you need to keep alive, then keeping track of your CPE credits can be challenging.

Enter the CPE tracker I put together. It’s free to use, obviously, but use it at your own risk.

Warning points:

  • Not all CPEs are equal. Please check with your certification organisation what is acceptable as CPE and what is not
  • Most organisations make a recommendation such as “in order to make re-certification achievable, please try to achieve <insert_arbitrary_number> CPE credits per year – this might differ per organisation and the CPE credit you can earn might differ as per definition
  • Same as with the recommended number of CPE credits per year, the cut-off date per 12-months cycle might not always be January 1st – keep this in mind

Here is the general usage:

  • Copy the 2021 and rename it to 2022, 2023, etc.
  • In the A column, enter the name of the CPE you earned, e.g. “Codecademy SecDevOps in Python”
  • In the B column in the same row, enter how many CPE credits this will give you, e.g. 3 (this might differ per organisation, see the warning points)
  • In the certification column, drop an x if you want to use the CPE with a certification. This will automatically add those CPE credits to the amount of credit you have earned for this certification
  • Most organisations require some CPE proof, like the upload of course completion certification. Once you complete the upload, you can set the UL column (stands for “upload”) to the y value from the dropdown field

Some features:

  • Left top indicates how many days are left in the current year, giving you a rough indication how much you will have to hurry.
    This is based on the Settings sheet and calculated using today’s date. The general settings is using January 1st of the next calendar year but obviously you can change that e.g. to August 1st
  • The CPE credit score is conditionally formatted in red until the score equals or becomes greater than the recommended CPE score per year, also in the Settings sheet
  • No macros are used or were harmed while making the sheet. If you are asked to activate macros, it’s not my original sheet, be very careful.

Download:

  • Zip file containing a LibreOffice Calc version and an Excel version

sha256 checksum:

shasum -a 256 CPEtrackerArchive.zip
e6370259b0be5015e85040ef5876fb5c1ee8ef94d0d323925c3f33b0e8e03629 CPEtrackerArchive.zip

Update 20220721:

Nothing like using your own tools…. I started tracking my own CPEs but also found a problem with the number of days calculation so I’ll fix that and upload the newer version. stay tuned.