OSCP – Day Zero

Today is the day, I just received all my materials and am setting everything up. I should be able to get at least a couple of productive hours in tonight and then another few tomorrow.

My goal is, win or lose, to look back and see how I could have prepared better and apply that to the next milestone. I know that, of course, I could have done more, but I feel like I did ok for preparation right now. My overriding mantra was not to sweat it too much. I know enough about the OSCP coursework that I know it will walk me through some of the things I know I had some difficulty with, like exploit development and web stuff. But I also geared my prep to hit some of those areas. I went over several exercises in developing buffer overflow exploits. I went through the Kioptrix series (among others) from Vulnhub.com and focused on the SQLi in particular. I hit the Pentesterlab.com web penetration testing exercises and broke down the mechanics, the way I like to learn.

So I’m cautiously optimistic. Let’s see how I feel in a few weeks. I’ve been reading a lot lately focused more on how to learn rather than what to learn. I just discovered the Slack channels over at NetSec Focus and immediately got some good advice about not focusing on the number of roots/day or any kind of metric like that, but understanding the practice and the mechanics of the service/attack.

Let’s see how it goes.