Blog changes and other updates

I haven’t posted in a while, so I thought I’d clear the cobwebs by posting about some recent changes to my site and an update on what I’m working on now. Blog changes When I first started publishing to this domain a little over a year ago, I was running Ghost on a Digital Ocean droplet. This would typically cost me between $5 and $15 per month, depending on the amount of traffic the site received.

My OSCP experience

This morning, 7 days after submitting my exam and lab reports, I received an email from Offensive Security letting me know I had successfully completed the OSCP exam. I wanted to close out this series of posts by providing a recap of my exam experience. Sorry - no exam spoilers - just a look at how I handled the exam and some thoughts looking back over it and my time in the course/lab.

PWK: Weeks 9-11

My OSCP exam is in 72 hours. If all goes well, next week could be the end of this 12-week journey. I wanted to go ahead and post a write-up of the last few weeks. My goal when I started the lab was to complete 30 lab machines and I hit that mark in week 11. Day 59 Completed host #24. Here I learned not to trust pre-compiled exploit binaries from GitHub.

PWK: Weeks 7 & 8

It’s hard to believe I’m already starting my ninth week of the PWK course, it’s gone by extremely quickly. I took a few days off at the end of week 7 for some time away in Arizona with my wife, but I’ve been back at it for a few days now. Here’s an update on my progress. Day 44 Rooted box #16. Recon, enumeration, and attempted (read: failed) exploitation of #17.

PWK: Weeks 5 & 6

Last week was pretty busy and I didn’t get around to writing my week 5 recap. So, I decided to cover both week 5 and week 6 in one post. In the last two weeks I have completed several more lab machines including one of the ‘big 4’, gh0st. Here’s the daily breakout for week 5: Day 30 Recon and enumeration against box 06. Tried exploits against a couple of services with no success, but think I have it narrowed down .

PWK: Week 4

It’s already been a month since I started the PWK course, and this past week was my first week fully dedicated to lab machines. Some have been easy, some difficult, but all have taught me at least one takeaway lesson. Here’s what my daily time commitment looked like in week 4: Day 22 It seems I chose (at random) a machine in the top half of the difficulty spectrum for my first target, yay.

PWK: Week 3

I’m a couple of days into my fourth week of access to the PWK labs and course material, so here’s my recap of the previous week. Highlights include completing the videos, PDF, and exercises and getting started on lab machines. Keeping with tradition, here’s my daily time breakdown: Day 15 More work on chapter 13 exercises. I knew web app attacks would be one of my weak points, and that has been reflected in the time spent on this chapter.

PWK: Week 2

I’m starting my third week in Offensive Security’s Penetration Testing with Kali Linux (PWK) course, which means it’s time for a quick look at how my second week went. I’m still working through the exercises and should wrap up chapter 13 tonight. Here’s a pretty chart thing: And here’s a look at what I accomplished each of those days: Day 8 Chapter 8 exercises. Reminder: The “" character is important when working with hex characters.

PWK: Week 1

I started working on Offensive Security’s Penetration Testing with Kali Linux (PWK) course last weekend, and thought I’d write a quick post to recap my progress so far. Most sources I’ve come across recommend going through all of the reading, videos, and course exercises before tackling lab machines, so I decided to go that route. In the first week I finished the reading and videos through chapter 9, and completed exercises through chapter 7.

Common question: What certs should I get?

I recently had a discussion around certifications with one of the people I’m mentoring, and thought it might be worth summarizing here. Certs can often be a polarizing topic in the information security world, so let me preface this post by very clearly stating my opinion about certs: I believe certs are a great way to get past HR filters or to send certain signals to a hiring manager, but are not necessarily indicative of (or a replacement for) hands-on experience.