OSCP – halfway mark

So today marks the halfway point of my 90 day lab access and I have to say it is both what I expected and not… I have owned root/administrator on 21 different lab machines. My time management for the first 45 could have been better and because of life I had a week or so where I was barely able to get any time in front of a PC. So as I head toward the last half of this lab journey I really have to redouble my efforts and focus when and where I can.

Few random thoughts about my time so far that may or may not help the few of you out there that are interested in getting started.. .

Hackthebox.eu along with root-me.org have been invalueable resources without them and the communities that make them great I would have failed 100%. Special shoutout to Ippsec’s videos giving a ton of insight into the mindset needed to pop shells. Additionally I had a rudimentary understanding of buffer overflows but LiveOverflow’s videos really did a great job breaking it down and are a great resource.

I am beginning to feel MUCH more confident with attacking Windows boxes.. I think with maybe one exception when I started OSCP I had finished all the Linux machines and hadn’t touched a single Windows box on the HTB platform simply due to my apprehension and my lack of skill. HTB boxes are hard (for the most part) and require you to have a good understand of how everything works together. I have no experience as a Win Sys Admin or whatever and while I’ve used Windows most of my life since XP or so I haven’t really dug into the internals of how it worked or the major changes of how MS approached security. Still a complete Powershell and AD scrub but I am much more confident that with practice and experience I’ll be able to get into that.

I still suck at keeping notes… but I am really trying to change that. I think for the last few machines I’ve attacked I’ve actually done a half-decent job but I’d be lying if I said I could replicate getting root off my notes for all of the boxes I’ve finished up to this point. In fact looking back over my notes the other day I actually don’t have ANY useful information on one machine and only have the proof logged. So naturally I will have to go back and re-root it to be able to do my writeup. The lab has been a great help trying to fix this (especially when you find things on box A that you need for box B) still not where I’d like to be but getting there. It’s just so easy to get in the zone once you find that initial foothold and bolt down it and get to the end dumbfounded with no ability to replicate exactly what was done. A mistake I will not have time to make when I actually get down to taking the test.

One small critique (spoiler free) is that of the environment is that the lab is starting to show its age. The lab is still a great learning environment but I’d love to see it updated and running what I expect to see in a modern enterprise environment. Maybe something they are working on now for a new course?

Other than that I am pretty happy with where I am so far. I know the last 45 days will be up before I know it and will wish I had more time but life is what it is and we have to roll with it. Good luck to anyone out there that is starting the course soon. More thoughts to follow I’m sure as I finish it up.