The journey begins: Preparing for Offensive Security

maybe like five or six people would just show up but I guess everybody's really interested in this so let me go ahead and just get started so who am i exactly some of you guys know me online some of you guys know me a person but my name is Tony pond or arrow also known as TJ now online I'm the community manager for offense security I'm also the admin professor at French community college I like to teach a lot of the ethical hacking courses that are there and I also run the cyber team there I also am the moderator at net sec focus comm we have an online information security community platform we always communicate and collaborate with one

another it's really fun platform if you have a chance go ahead check it out and and see if you want to get into it so I got a couple hobbies right I like the compete and cyber competitions for the past five years of computer Lin's a total of 245 favorite ones I gotta say gotta get props to Stan's net wars tournament champions say it's how they hack challenge is not on there sadly sorry Edie MACC DC CyberPatriot and I also enjoyed attending security conferences I think two years ago is my first year attending abbé sieyès DC and actually surprises my first talk actually to be here so outside of InfoSec because you got to have hobbies

outside right hiking traveling play lacrosse and I love to play video games so what are we going to talk about today right so how many you guys are familiar with the fence security you know the osep by showing hands okay pretty much 80% of you guys right you're here for this it makes sense so my other question ask you is how many you have it is it just okay three four okay I'm okay with that that's good so for some of you that are interested in taking it we're going to go over the prerequisites for the course overview of the course lab environment I'm gonna give you some tips about how to prepare for those the exam

as well too and also tips for taking it and have some resources I want to give you guys to help you guys up prepare for it because it's not an easy course and it's also not an easy exam and any questions or feedback you guys have we can if we have any left over time you guys can certainly ask me about it so for those of you don't know what the LCP is the offense security certified professional is one of the most technical and most challenging certifications in order to become certified you must complete the penetration testing course that they have they offer a 30 60 90 day course right and the hands-on exam is actually

a 23 hour 45 minute exam that you have to do and if you get a total of 70 points or more then then you also have 24 hours to write the report itself people who usually pass the exam will usually can be able to prove that they have the knowledge and ability to actually identify vulnerabilities and also to successfully execute attacks as well so why did I pursue that OCP so when I was a senior in high school I was taking computer classes at the career Technology Center that we had and it was my first security class I was really excited and I knew this was something I wanted to do and during one of those classes my teacher

actually dropped the backtrack five cookbook that it was there and also a CD of backtrack 5 or 3 I I just fell in love with it I fell in love with the book I fell in love with going through the tools the resources understanding the tak methods and I wanted to actually like learn more about how to get into pen testing how to actually use backtrack more comfortably and so this is really old back we're on the senior high school I found the penetration testing with backtrack off SEC had this as a course I was like sweet I'm gonna go ahead take this this is me 16 years old at the time and unfortunately object

doesn't allow you to take the course unless you're 18 so I thought all right I'm gonna go ahead try to take the PWB you know in a couple years a couple years later PWB you know decides to get replaced with pwk afterwards and of course when I go through the course itself in that little Valley that I have I try to go ahead and do the try harder stuff right go through the city go through the lab itself in the content just to get to that top of the mountain to get my osep right so in order to prepare for the course right all-sec has already a couple different things that they talked about that they want you to

focus on before you start it right tcp/ip networking fundamentals right know how to do subnetting learn how network traffic works identify different types of protocols right know your operating systems windows operating systems Linux also understand how the different architectures work 32-bit and 64-bit as well programming languages now it's recommended to have an understanding of bash and Python some other things I also would recommend is Perl Ruby and C++ as well - if you have some time to learn about those and also note-taking documentation is really important when you're going ahead and doing these when you're going through the pwk itself so there's a couple tools that are out there that I like to use cherry tree and OneNote those were my

really big tools that I use for a lot of things and I know I've seen a lot of people in the security field that taking these courses they also like to use markdown editors type hora is actually a really cool tool you can actually download for Windows and Mac that you can use to do marked out anything to write your reports and write your lab guides as well so what does the course go through right we go through passive information gathering we go through active as well vulnerability scanning buffer overflows this is going to be really important and I think that's probably one of the biggest chapters that I went through to really help me with the exam

understanding Windows 32 buffer flow Linux working with different exploits transferring files it's another key important thing you know when you have to do a proven escalation scenario you're gonna have to learn and actually understand how to transfer those specific exploits to escalate your privileges over all right learn about the different tools that are there there actually could be some really interesting things that you'll find as well privitization escalation of attacks client-side web app has four attacks you you guys get the rest I'm gonna read the rest of slides so the lab environment this is probably the most fun part about the course and this is what I probably really enjoyed a lot so when you go

ahead and register for the course get signed up you go they give you a VPN pack and they give you the course materials right in that VPN pack you have the ability to connect it to their lab that they have set up in that lab environment they have a total of sixty machines I believe that may change so they have an IT department they have a development network an administrative network each of them have their own different systems that you're gonna have to try to find ways to pivot into to access those networks so my recommended lab setup for you guys is have VMware Workstation or VMware Player I have noticed that people have tried to use

VirtualBox in situations and it can work you know Kali Linux is the main operating system used some people try to use peridot less and other different operating systems but I want you guys to keep in mind is that if you try to use these different operating systems or try to use a different hypervisor offense security may not be able to help you with that support may not be able to help you with your troubleshooting your situations that's why we recommend that you have VMware Workstation or player or Kali Linux so that we can be able to suit you guys and help you guys when you're going through the course or having any troubleshooting issues with

your VPN connection pact or with the tools itself the next thing I also recommend is have a Windows 7 32 bit 64 bit system for on your system it's this is really important and the reason why I say that is because there are going to be some exploits that you try or there's gonna be some applications that you're trying to exploit that may not work in the lab for some reason it's always good to have those on either the Windows 7 system you have or maybe even a fresh Linux system as well too so that you can be able to Reese emulator or try to understand why the exploit that you're using is not working make changes

to the code or make that a change to the file itself so that you can be able to find that attack vector that you need to get onto that system and last thing I also recommend is on those windows 7 system that you have have immunity debugger with you - I really liked reverse engineering and I like trying to understand how programs actually work in their instructions in their processes and it also kind of really helped me out during the exam as well so especially the pwk Network so how long did it take me to go through this network well it took me 28 days to go through all 60 systems that they had it took me a

hundred 27 hours to go through this I had an excel sheet and I took this from another offense security student and he tracked his hours and his time of how long he went through each box how long he went through each lab assignment and it really gave me a better understanding of how well I was using my time and how I could actually improve that there were some days where I would be able to pone systems in less than five minutes and then there'd be some systems and some of you guys know about the big four they would take probably about two to three days for me to actually try to assess and break in those systems so keep in

mind that each system they have have different types of difficulties some systems you'll have to pivot into them others you have to actually review the course material to run the specific attacks you need to and also use the reverts that they give you it's really important that you actually touch those reverts because a lot of the boxes that people are going into the pwk could also be already broken or some of the exploits might not work so whenever I was trying to do when I was actually whenever I was in the lab we went through the pwk Network I would always try to pick a target box that I was trying to look at I would always revert that one first so

I know I would have a clean box to be able to test go through and also be able to understand if I was missing some type of concept instead of we in 30 40 minutes of my time you know troubleshooting someone's issue or what thing they did to break that box right which leads to my next part here right please don't be this person please don't be that person right the pwk lab network is there some is there to help everybody learn and understand all the different ways to break in the systems right find out the different type of attack vectors and if you go out and patch which i've seen a few people do it really can

frustrate a lot of people right you're taking a course to learn not to make it hard on others so please keep that in mind right so there's a couple tips I want to give you guys enumerate a numerator numerator you've probably heard this so many times and numeration is key right it's a serious thing and when you're going to enumerate check out the different types of services you're looking at do a port scan on everything right if you just do only TCP you may be missing something on the UDP side that's a huge key thing on even some of the exam systems you may see also understand what the system does who uses it why was

it created right you're gonna have different users that are on there they're gonna have specific roles on why they're using that system track your hours like I said do not skip the lab exercises and use the reverts that are there so the exam as I said before right you're gonna have a total of 23 hours of 45 minutes to do the exam you will be proctored during the exam if some of you have known or realized back a few years ago that offense security decided to do practing on their exams because they saw an effective amount of cheating the reason why the proctoring is place is course to monitor those people and also find those people who do cheat because

it's not fair for the others that actually are trying they actually go through the course that actually put their time into it you know so in the exam it consists of five target systems each of those target systems are going to have different points and I'm not going to be able to tell you the point values because a lot of that information is already online but you need a minimum of 70 points are hired to pass the exam and like I said before if you believe you have enough point you then have that 24 to write that report an extra five points will also be given to you if you write a lab report so ten systems that

you actually pound in the network and also you go through the entire course exercises I recommend that you do this and reason why is because that five points can either really help you on the exam and if you don't do it you may have lost yourself an attempt and you may have to go back through that exam again so keep that in mind and I really recommend that you go through the course material itself so during the exam there are some restrictions that are in place you can't use any following tools spoofing tools commercial tools right miss blade Pro burp suite pro auto automatic exploitation tools ADB Auto pwned brow browser out of bone mass

vulnerability scanners features and other tools that either utilize either forbidden or restricted exam limitations I have seen a lot of students in the past try to run responder in their labs and some of you know where responder does right when it captures ntlm hashes what is it will do it's a spoofing tool right and the way you use that tool itself can actually maybe ban you from taking the exam or even ban you from all set courses so keep in mind about what type of tools and what type of programs you are using in the exam and if you have any questions ask support they're there for you guys to help you so preparing for the exam when you think

you're comfortable schedule it three or four weeks in advance off seconds and slots fill out fill up really quickly and once you book the time or the slot for your exam make sure that you think about these things before you start write complete the lab report class exercises write read the guideline requirements and I mean every little detail about it because there's some things that you may slip or miss that may lose your ability of taking that exam or it may fail you for that attempt have an area space where you need to work with right don't be in a distracted area being a quiet comfortable space that you're actually gonna be taking the exam don't forget to eat or drink that's

a huge thing some people really like to try to iron man through the test not take drinks not take breaks not have food and that really really will hurt you so make sure you prepare your time accordingly you know make sure that if you have any issues or you're having frustrations going through the lab going through the exam itself take a step back make sure you have your system set up this is a big thing for me so when I was taking my exam the day of my exam my entire Cali system broke I had all my cheat sheets I had all my scripts I had all my programs I was like ready to go I

got this fortunately I took a snapshot right before I actually turn off the system itself reverting my snapshot I had everything back to normal you don't want to go in the exam having no systems ready or not having a backup in place it's very important to have those things when you're doing that also during the time when you schedule your exam start working on that exam report have a little draft ready write if you've already gone through and done the lab report it's kind of almost the same as when you're writing the same type for your exam report anything that you have to fill in is during the exam itself this goes ahead and gives you a

little bit more time during your 24 hours to go ahead and fill anything in that you were missing and make sure that you get some rest spend some time with family friends go out get your snacks go out get your drinks any caffeine that you need sufficient things that you need to prepare yourself for that exam so there's a quote that I really want to bring up that really helped me there in this exam you're going to run out ideas before you run out of time take breaks walk away for a bit don't be afraid to go to sleep for a few hours especially if you're stuck but don't give up I've seen a lot of people

like I said Ironman through the exam and not pass get frustrated and they don't understand what they missed it's always good to take those step backs so that you can have a refreshed mind and also to look at different approaches as well to when you go back into it when you're comfortable and when you're ready you know check your systems and the technical requirements as well - for your exam and also of course never give up try harder right so I get I've also create some resources after I took my exam and this is one of the big resources that I want to give you guys so I've created this really huge guide I studied osep for almost a year and went

through different courses to help me prepare and I try to find as much open resources as I could to help those in need who or really want to take the exam but don't want to be able spend the money right you know sans has a lot of crazy amazing courses they had Stan's five sixties Saints 542 right but who has the budget to be able to spend any thousand dollars in a course right Alert security right they got some good courses too as well who wants to spend $2,000 on a course maybe right oh you know a fence security right the course itself is 1154 a 90 day lab access with the exam voucher itself but

there are a lot of free resources online that you could use to your ability to prepare for it itself you don't have to look at paying for a course or trying out a different course and then you know wasting the time and the effort that you need so if you guys have a chance take a look at this guide and for those of you that fail don't worry about that use that moment with when you failed to go ahead and reassess what you missed brush up on the stuff that you need a lot of stuff that I've also provided really helped me out kind of brush up on some things that I really need to focus on my

biggest weakness going through the course and through the exam which privilege escalation I suck at it I really do still and a lot of the guides that we're out there really helped me for what I was doing and of course this course itself is not you know your multiple-choice exam kind of like CSS P or you know the stance courses itself with G ax certifications this is a full hands-on practical exam so how do you build that skills well there's a lot of places online that have hands-on machines that you can actually prepare for so before hack the box came around I prepared mostly with Vaughn hub and there's a lot of big different vulnerable systems that were out there

that really helped me out prepare for the exam so I've created a list of osep like VMs on valen hub and hack the Box on the bitly link you see up on the screen here that can really help you guys out go through those download them test and play with them and also I've also worked with epic and for some of you guys that are more of a visual learner and like to watch f6 videos there's a playlist for that what has all a different type of systems that I've seen in the pwk lab network and also through the exam that could definitely help you out also prepare the process in your methodology and your concept for

the course into the exam other resources that I also include and this is gonna be a huge list will be prepared these are all my guide don't worry but I wanted to also you know give a shout out to these three people that really helped me out a batteries osep guides Grund or any consulting these were really helpful guides on preparing me for the exam for the course itself because originally when I went through the course I was nervous I was stressed I didn't feel like I was gonna pass on the first time I didn't think I would be able to go through the course but with their mindset with their opinions that they've had really helped me get a better

understanding of what I need to prepare for what did I need to focus on books as well to really help me out penetration testing by Georgia Lyman yes it's an old book I know she has she also has a cyber e class as well too but a lot of those concepts that she has in that book really relate to what goes through in the course Callanetics revealed if you really want to know more about Chi Linux Raphael I'm trying remember the other three Maddie and I think maybe Jim really wrote a awesome book it's free it's open source it's on Callie's website as well too that you can actually download and go through and learn more about Kali Linux and then I

have some other books as well too that really kind of helped me out and for those of you that are really stuck on Windows privilege escalation or liquid escalation these are the guides that I used to really help me out as well too got milks for Linux and I really have to give him props as well to really really is a awesome resource and I feel like a lot of the automated tools that are out there like Lindy gnu/linux exploit suggester and also some of the live projectors out there we're really just based off his guide a lot of stuff that you'll see in the course you'll go through the course when the Linux side

when you're trying to escalate your privileges through those Linux systems we'll go back to him GTFO bins is another great place LFO I bins I should have add that on Windows and I didn't and the buffer overflow part because you will have that in the exam and will tell you what system it is you can probably find that out online itself but quarantine Sirius has a really good guide on how to get a basic introduction of doing a buffer overflow itself and the last thing I want to point out is this the mindset of try harder I know this is a probably a difficult topic to talk about and I know some of you guys

probably think that this could be a negative thing but I want to try to reiterate something and what try harder really means to me when I went through this course so try harder really to me means to be persistent when something does not work like for the first or a second or third try and you hit a brick well take a step back remember the mistakes and the failures are part of the process not just the course but in life right we have to go through failure to achieve our accomplishments we have to take time to understand those right having this mindset will really lead you to creating new ideas and new approaches but remember to also have patience being

creative we have to go through different types of exploits right we have to go through different types of mindsets and also different approaches on things that we see there's always a second or a third way to go through different things there's always other ways to try different things haven't imagined about it go through different ways on it and being perspect perceptive I hear this motto a lot and everyone says oh I don't like try harder either one I do try smarter how can you try smarter if you don't put the effort into it how can you try smarter if you actually know what you're really going to go through or how are you gonna be able to

find it going back with try harder about being perceptive is that we have to go through rigorous different challenges we have to go through rigorous different changes especially what we're doing here in the field itself there's a lot of things that we need to look at and we need to understand not just in the courses that we go through and not through the challenges we do but even through general in life so make sure that you kind of have this mind set you want to be able to build this mind set and also the one thing is too is that this doesn't come naturally so it's not gonna happen tomorrow it's not gonna happen the next day or next week this is

something that's going to just take time for you to build and grow and I just want you guys to keep that in mind when you're going through the course itself or through the material or anything you do so with that I have in place that's really all I have does anybody have any questions and this is gonna be a lot of questions going through probably so for the guy in the back

so to reiterate the gentleman's question in the back you were talking about the penetration state standards report you think it's gonna model model the actual pen test report you do in the pwk or are you trying to model to that so offense security actually gives a report template and that report template goes ahead and gives you step-by-step instructions on how a pen test report should look now everybody's different report is going to be different and make sure it is make sure if you're going through the course itself as well to that you have the ability to work with others but make sure that your writing is totally different from others you can go ahead and try to follow that method

you can follow the standards but I'd say go through the pwk course just to start and just understand that report itself and there's also a variety different online pest pen testing reports that you can actually look at online to help you out try to get a better understanding of how your report should be written any other questions over here good question I'm gonna post them off at Security's website so they will be there any other questions that anybody has going once going twice is everybody just here for the callee stickers I have that is great that is great well one more question in the back

that's very good question so online and in the past it really depends huh-oh to repeat the question the gentleman the back just asked how many lab or pwk systems should a user go through that they think they're comfortable for the exam honestly that depends on you people recommend online that you should at least go through 30 systems I say go through as many as you can they're there for you right there's different networks that you need to go through to understand the lab environment self you're paying to go ahead and actually go through that lab network take the time in the effort and the patience to go through all of them and when you feel comfortable and ready

to take the exam try it see how you do in the exam and if you fail don't worry I've seen a lot of people fail more than once and I've seen people pass on their fifth or sixth time seriously it's really interesting to see how everybody has their different mindset and different approaches through the course itself and through the exam but just make sure not to give up and keep putting the effort into it question in the back can you repeat that again please

okay to reiterate the question that the lady asked should you reiterate the same exact lab report going through the tent systems and through the exercises you need to be able to turn in both and the best way of doing the lab report itself those 10 systems is copying the same exact report that offset gives you that report will really help you out go through the exam are sorry go through the actual lab report that you can actually use them to help apply that knowledge and methodologies and the writing that you do to your exam as well any other questions anybody has ok I wanted to make this more time for questions yes one more you could use

other skinning tools like sparta sparta is allowed in the exam to repeat the question from the gentleman the back he said that you can only use Metasploit once in the exam are there any other tools that you can use any GUI tools like sparta that really depends sparta is a network scanning tool right Sparta is okay to use but any type of like Auto Pony tools any type of auto exploitation tools they are illegal in the exam the only type of options that you can use the Metasploit is MSM venom to create your shell code I also recommend to stay away from those tools stay away from the automated ones that are out there all-sec is trying to

teach you how to do these things manually because we rely so much on the tools that we use for our daily lives and for the work that we do with them it's always good to have a different perspective of how to use different tools and how to go through things manually than just jumping into a tool and trusting and relying on that tool itself yes you know you cannot use it for the handers for the question that the gentleman just asked can you be able to use the auxiliary modules and Metasploit no you cannot you can only use misplayed exploit once and you can only use meta torpor once during that process of that stage the only tool

that's liable that you can use on the display and that option is MSM venom question

good very good question so the gentleman asked over here if you can be able to write your own scripts to do any type of scanning an enumeration I totally recommend it it's really fun because also the other thing too is that you get to understand all the different types of programming languages and also how to write your own tools how to script your own tools to do that and also you could be able to try to improve some of the actual tools that common people really use I would use that as a learning way and also I would also test that in the lab network that you have depending on how many days you schedule for it self

question here I'm sorry can you repeat that please so the gentleman asked he prepare scripts ahead of time you can try to you can definitely prepare scripts ahead of time depending on what you're using but I would really focus on your methodology and your concept understanding what approach you are gonna take for the exam itself that's what I would really focus on preparing you know I did also when I was preparing for my exam I did already craft some of the exploits and also some of the binaries that I needed but when I was going through the exam I actually really didn't have to use those for what I needed any other questions yes in the back the

gentleman asked who what person or who person I guess was be able to complete the fastest course I don't have an answer for that

I can't answer that question I apologize any other questions that anybody has yes I can definitely talk about that so the gentleman asked in the back what is the difference between OS CP and OSCE so SCP is a fundamental course to prepare you for pen testing OSCE is different it's different OSCE focuses on exploit development that will actually give you a better understand of assembly and also some advanced attacks in network pen testing as well - so for some of you guys are just starting out which I believe most of you are that want to get an OS CP that's the first course I would go through for understanding pen testing fundamentals how to do it everything

manually and then when you're ready to start learning more about the exploit development side I would definitely consider pursuing osce if you want to get into the web app section as well - oh swu has just been released that's also part of the aw AE course it's a full web app pen testing course that actually focuses on white box R sorry white app pen testing itself any other questions that anybody has yes

like I could definitely enter that one and I expected that question to come up so the lady asked is there going to be any type of proctoring or a person watching you during the exam yes there will be offence security has their own proctoring system that they use and they will have a person to monitor you you will need to have a screen connect program and also a webcam to be able to display what you are doing where you are as a person the screenconnect program is supposed to display and understand what you are doing on your system now please keep in mind as well too that you need to be able to pass the technical requirements

that they have before you take your exam otherwise when you go through the exam itself if you don't meet any of those technical requirements or you can't get your systems up all SiC well then it will revoke your exam attempt that you have and you have to reschedule for another one the other thing too that I also recommend is that if you're going to be using more than one screen make sure you tell the proctor how many screens you're using otherwise if you have three screens and you're using two other screens you can only use that one screen for the exam I have seen many students try to take the exam say that they have one screen even though they're

using three the proctor can see you moving your mouse and detecting you doing that and if they do they can suspect your cheating so please be honest with done right any other questions anybody has yes there the second time already yes I have stickers here final questions anybody going once okay one more I'm going to go home now all right Nour once going twice sold well anyways if you guys want to find me you guys can find me on Twitter I have a github page that has some of my tools on there that I used in osep or you can also chat with me on that SiC focus thank you guys for coming out I really

do appreciate this a lot I hope you guys enjoyed it