After spending the back half of last year in the OSCP labs, I came to the realisation that my skills were nowhere near where they needed to be to pass the exam. Given that my full time job has been on the Pre-Sales and GRC side of the security fence, I find it difficult for things to sink in that I don’t use on a daily basis.
Rather than just giving up, I looked at the areas that I was struggling with and decided to develop a study plan that would help improve my skills and experience in small manageable chunks to prepare me for a second attempt at obtaining my OSCP certification later in 2019.
One of the areas that I really struggled with was with the Web. I didn’t come from a software development background so I knew I needed to improve my skills in this area. I tend to learn best by doing so I looked around for things that I could immerse myself with.
I stumbled across HackerOne who has put together a CTF style game (Hacker101) which helps with learning the basics of web hacking and so I signed up and went through the videos and started having a crack at capturing a few flags. Over the last few months, I have been able to get all of the Easy Flags and am now starting on the Moderate flags.
For me this has been a real challenge as some of these flags were not easy to obtain. I needed to use all the hints and use the Hacker101 CTF Discord channel for assistance. One of the best things about the Hacker101 CTF game is that if you earn enough points you get a personal invitation to some private bug bounties and can earn some real money. There is a sense of achievement when you receive a private invitation and I have really enjoyed the Hacker101 CTF game and it has taught me a lot. I highly recommend to everybody who is interested in hacking to sign up and give it a go and best of all it’s free.
While Hacker101 has been a great tool for learning, I have also supplemented my learning by subscribing to PentersterLab. The exercises vary and give a good overview of all the different attack and bypass methods that can be used in the real world.
PentesterLab has been designed to take you from N00b to Rock Star by following the path which has been broken down in to Badges. There are quite a few badges to collect and I have only managed to complete a small number of badges.
The badges I have completed so far:
There are plenty of more badges to collect and over the next few months I hope to complete all of the badges.
The great thing I have found with PentesterLab is that there are videos which explain the process which you can use. I have been using them more as a security blanket just in case I got stuck or ended up down a rabbit hole and cant figure out what is up or down.
PentesterLab is free but they do have a paid service which contains all of the exercises. it is reasonably priced and in my opinion money very well spent. If you sign up to the paid service you even get some stickers and as we know the person with the most stickers wins.
Finally, I have been using Hack The Box (HTB) to try and bring it all together. I have found HTB to be a really great challenge and while I have only just started with HTB, I think it will be a resource that will push me to my limits.
Rather than trying to pop shell on the machines, I have taken the slow and steady approach by trying my hand at the challenges. I have really enjoyed these and it gives you a taste of the different skills you need to learn.
Learning about Reversing was really interesting and I have a new found respect for people who can do this.
I have managed to complete most of the easy challenges and over time will work on cracking the harder challenges.
I have also had a crack at trying to own a few of the retired machines. I have chosen the retired machines as there are walkthroughs of these machines available if you get stuck. I use this as a security blanket as I build up my skills and confidence and over time I will begin to attack the active machines.
With the easy challenges out of the way , I have been able to graduate from being a N00b to proudly calling myself a Script Kiddie. With enough hard work and determination, one day I will earn enough points to graduate to Hacker
By using the combination of Hacker101, PentesterLab and Hack The Box, I have been able to be more effective in my study and most importantly it has been measurable. The small wins of capturing a flag here and there all add up to give a sense of achievement which in turns motivates me to continue with my study. In life we can get distracted from the goals we want to achieve which can sometimes lead us down the path of throwing in the towel, but by breaking it down in to small chunks it keeps the fire burning and I have done more and learnt more in the last 3 months than I did all of last year.
I have found something that has worked for me and hopefully this approach may also work for you if you are struggling to get your head around things.
Hopefully, this helps you find your way to achieving your goals.
Until next time.