The HASK - OSCP

Transcript

1. Presentation by: Grant Boudreau OSCP, OSWP Offensive Security Certified Professional

   Tips, Hints, and a Dirty Little Secret

2. About Me • Information Technology System Specialist in Nova Scotia’s

   public education sector • 2009 Cape Breton University graduate - Bachelor of Technology Information in Network Management • OSCP, OSWP, Security+, OCSA, MCTS, Network+, Server+, A+ • Board Member of the Cape Breton Technology Users Group • Working on being a new father =)

3. What is OSCP? • Well... before I get into details,

   let’s define some terminology and go over some prerequisites.

4. Vuln vs. Pentest Vulnerability Assessment • Is non-intrusive • Won’t

   break systems. Well, it shouldn’t... • Identifies and quantifies security vulnerabilities • Indicates weaknesses and provides information to patch and eliminate vulnerabilities to an acceptable risk level Penetration Test • Is very intrusive • Can and will break systems • Can be a white box or a black box test

5. Prerequisite Skills • Linux Administrator • Windows Administrator • Network

   Administrator • Database knowledge • An open mind • Patience!!!! >=O

6. Prep Work • Vuln Hub • Python, Perl, Shell, C,

   PHP code • Metasploit • Kali • Multilidae • Wireshark

7. So... What is OSCP? • Offensive Security Certified Professional •

   IMO – the best pentesting course • Will make you a critical thinker • Lots of real world exercises • All hands-on

8. First Things to Do... #1 – Read and go through

   all the OSCP PDF guide book and do the work #2 – Review and understand the lab network infrastructure #3 – Install KeepNote #4 – Document, document, document....

9. Welcome to the Jungle

10. Pentesting with Kali (PWK) Labs • There are ~52 machines

    within 4 networks (Public, Dev, IT, Admin). • The ultimate goal is getting and pwning the Admin Dept. • It’s completely fair game, do what you need to do to pop a box. • There is no right or wrong way to pop a box, as long as you get the root/admin shell.

11. PWK Labs – Con’t. • Machines get reverted from your

    student control panel, so if you break something or if someone left the machine in an unstable state, you can restart with no issues. • Take lots of breaks. • Take lots of notes. • Don’t rely exclusively on Metasploit and vulnerability scanners. • Remember: It’s a marathon, not a race.

12. PWK Labs - Con’t • The labs work like a

    fully functional work environment. • Treat the fictional users as the average user.

13. The Elite 5* • Phoenix • Pain • Sufferance •

    Gh0st • Humble *If you find these boxes earlier on in the course, make note and move along until you pwn more boxes.

14. The OffSec Admins • Don’t bother unless you have something

    to show them. • You will get less hints and help the deeper you go into the labs. • They give zero help with The Elite 5. • They are ruthless and will make you work hard for a hint. • They have an awesome sense of humour. • Some will mislead you or give useless info because you are so close to the answer. And finally...

15. The OffSec Admins

16. Exam Time • You have 24 hours to pop five

    boxes with an additional 24 hours to deliver exam report. • Each box has a point value. • You need at least 70 points to pass. • Read the exam guide in full as there is crucial information.

17. Exam Time - Con’t • You can’t use vulnerability scanners.

    • Metasploit usage is very limited. • One box requires you to develop a proof of concept exploit.

18. If You Pass...

19. If You Don’t Pass... • Don’t sweat it! • Redo

    lab machines. • Go over your exam notes. • Take a break from the course.

20. Tips • Treat the lab like a functioning workplace. •

    There are client-side attack vectors. • Aim for the lowest hanging fruit first. • Post-exploitation enumeration.

21. More Tips • Don’t be scared to ask OffSec admins

    for help. • Read through logs and scripts. • Find a good person to work with in the IRC forums. • Read through the OffSec forums.

22. Don’t Trust the Internet • Script kiddies love to play

    tricks

23. Dirty Secret

24. Dirty Secret “That’s the sort of place this is, Jen.

    A lot of sexy people, not doing much work and having affairs!” - Denholm Reynholm, IT Crowd

25. Be Patient... Really

26. Questions?

27. Thank You! • Twitter: @gzboudreau • Website: https://driftsec.ca