The results
As I posted previously, I was taking the PWB course from Offensive Security. I am happy to report that I passed with flying colors (100%)! This is the best email I've ever received:
Advice for new students
During the course, I learned several things, including many things about myself.- Do the PDF/Video work first. If you wait until the end, you will hate your life. It's so droll and boring. At least if you do it as you go, it won't be as bad.
- If you've never done pentest reports before, as I hadn't, leave plenty of time. They do take a while more than you think.
- As you're breaking into machines, take screenshots as you go. I unfortunately captured the text on the screens as I went along, and because the report requires screenshots, you'll find yourself hacking every machine a second time.
- During the course and the exam, it's super important to take breaks. For example, after hacking all the machines in the lab, I took 1-2 weeks off of the class, to spend time with my wife. During the exam, I worked for the first 18 hours, then slept for 4, and woke up in time to finish the last machine. A refreshed mind is super important!
What's next?
I was super lucky. I talked to my employer, Leaf Software Solutions, (we're hiring by the way) who reimbursed me for the PWB class. I was originally just doing it for the fun. Now my work is paying for me to have fun! Next on the list for me, will be the CTP course (for the OSCE certification). However, this probably won't be for a bit, maybe not until next year. This is simply due to the patience of my wife, who waited on me for 3 months to finish the last course, spending every evening alone. We're in no hurry to do that again, but eventually will. In the meantime, I've been working on a few fun projects:Metasploit Post modules, such as iPhone enumeration
Thanks g0tmi1k for the idea! All the phone numbers are blacked out, for the protection of my friends and family.
Password Cracking Web GUI
https://github.com/mandreko/pwcrack-webguiThis is a project for me to tinker more with Ruby on Rails and password cracking. The main idea, is to take all of the leaks that I've been archiving for some time now, and crack them all at once, instead of running the same wordlists and rules through every one in serial. I plan on storing all all the hashes in a MongoDB database, and then I can, for example, dump all MD5 hashes that are currently uncracked, making one big super-leak. Then, once complete, it'll update the MongoDB database.
I have tons of fun ideas on this project, but development is slow, as rails is not my primary language. It's more of my tinker project. Feel free to fork it if you want to make it better.
do you plan on releasing the enum_iphone module?
ReplyDeleteI had been working on it at one point, then saw apple_ios_backup.rb already in the msf framework. It doesn't specifically read the SMS messages, but you can derive it from the files it backs up.
DeleteI just pushed the most recent version of my module to github if you want to look at it/use it:
https://github.com/mandreko/metasploit-framework/tree/iphone_enum
I haven't been able to complete work on it as of yet, due to finally breaking into the InfoSec field. New job has had me quite busy. I hope to get back to it once I get used to it.
Hi there,
DeleteJust one question : how do you know that you obtained 100% of the score ?
I got the OSCP last week, but, haven't found a way to know the score...
Thanks in advance for your answer!
@WCuestas: You don't actually get your score returned to you. I meant it more that I solved 100% of the challenges.
Delete