The gMan nixWiki

Because the mind is made of Teflon...

User Tools

Site Tools

You are here: start
start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
start [2022/12/20 00:41] gmanstart [2024/02/04 01:34] (current) – [Projects] gman
Line 6: Line 6:
  
 Outside of work, when I have some of "spare" time, I like to do things that are interesting and profitable. Right now I'm working toward the [[https://www.offensive-security.com/pwk-oscp/ | OSCP]]. I'm following a path laid out for newbies in a [[https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307/ref=sr_1_1 | book]] I read. Outside of work, when I have some of "spare" time, I like to do things that are interesting and profitable. Right now I'm working toward the [[https://www.offensive-security.com/pwk-oscp/ | OSCP]]. I'm following a path laid out for newbies in a [[https://www.amazon.com/Pentester-BluePrint-Your-Guide-Being/dp/1119684307/ref=sr_1_1 | book]] I read.
-  * I passed the CompTIA [[https://www.comptia.org/certifications/security | Security+]] certification exam (need terminology, concepts, etc.). +  * A while I ago I passed the CompTIA [[https://www.comptia.org/certifications/security | Security+]] certification exam (need terminology, concepts, etc.). 
-  * I just passed the CompTIA [[https://www.comptia.org/certifications/pentest | PenTest+]] certification exam (entry-level concepts and such for penetration testing). +  * I then worked on and passed the CompTIA [[https://www.comptia.org/certifications/pentest | PenTest+]] certification exam (entry-level concepts and such for penetration testing). 
-  * I'm currently looking at the [[https://ine.com/learning/certifications/internal/elearnsecurity-junior-penetration-tester-v2 eJPTv2]] (because I'm a bit weary of book learning and want more practical, hands-on skillsand the [[https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/ | CEH]] (even though this would be more book learning...). +  * Most recently passed the [[https://security.ine.com/certifications/ejpt-certification/ | eJPT]]. I enjoyed this cert more than any other I've taken before. Lots of hands-on labs (less "book learning)
-  * have a Python book I want to go through, too... and Offensive Security'[[https://www.offensive-security.com/metasploit-unleashed/ | MetaSploit Unleashed]].+  * Next, I have in mind TCM'[[ https://certifications.tcm-sec.com/pnpt/ | PNPT]], but first I need to get this nixWiki updated with my eJPT notes and then need to play around some over at [[https://www.hackthebox.com/ | Hack the Box]].
  
 **Do the Thing:** A recommendation from Daniel Miessler's [[https://mailchi.mp/danielmiessler/unsupervised-learning-no-2676132 | Unsupervised Learning NO. 336]]: **Do the Thing:** A recommendation from Daniel Miessler's [[https://mailchi.mp/danielmiessler/unsupervised-learning-no-2676132 | Unsupervised Learning NO. 336]]:
  
 > If you've been studying and planning to do something cool for a long time, stop it. Do the thing. You can still study after you're doing it, but don't let the studying trick you into thinking you're accomplishing something. You're not. It's a trick. Do the thing. > If you've been studying and planning to do something cool for a long time, stop it. Do the thing. You can still study after you're doing it, but don't let the studying trick you into thinking you're accomplishing something. You're not. It's a trick. Do the thing.
 +
 +----
 +
 +===== LaTeX =====
 +
 +Thinking about using LaTeX for some writing I have on my back-burner. Learn by doing: 
 +  - Go through a quick tutorial
 +  - Then use it for their writing projects you have in mind.
 +
 +Resources:
 +  * [[https://wch.github.io/latexsheet/latexsheet.pdf | Cheat Sheet]]
 +  * [[https://mirror.math.princeton.edu/pub/CTAN/info/lshort/english/lshort.pdf | The Not So Short Introduction to LaTeX (or LaTeX in 139 minutes)]] by Tobias Oetiker (highly recommended book)
 +  * [[https://www.youtube.com/watch?v=NXW4cbHBthY&t=0s | A Quick Introduction]] to LaTeX by David Richeson
 +  * [[https://www.overleaf.com/learn/latex/Learn_LaTeX_in_30_minutes | Learn LaTeX in 30 minutes]]
 +  * [[https://lukesmith.xyz/articles/wanna-learn-latex/ | Wanna Learn LaTeX?]] by Luke Smith
 +  * [[https://videos.lukesmith.xyz/videos/watch/playlist/48a02be8-115a-4842-9ebf-6e3c6245f290 | Luke Smith's Tutorial Playlist]]
 +  * [[https://youtu.be/NwnYHoNtfJ0 | How to Install, Use and Extend LaTeX]]
 +  * [[https://youtu.be/VjsX4tznW40 | Making a Resume with some LaTeX Magic (Part 1)]]
 +  * [[http://static.latexstudio.net/wp-content/uploads/2015/03/LaTeX_Beginners_Guide.pdf | LaTeX Beginner's Guide]] by Stefan Kottwitz (PDF book)
  
 ---- ----
Line 40: Line 59:
   * [[https://www.cbtnuggets.com/blog/certifications/security/how-i-passed-the-oscp-on-the-first-try|How I Passed the OSCP on the First Try]]   * [[https://www.cbtnuggets.com/blog/certifications/security/how-i-passed-the-oscp-on-the-first-try|How I Passed the OSCP on the First Try]]
  
-==== Projects ==== 
- 
-  - TryHackMe (PenTest+ Learning Track) 
-  - 101 Labs (PenTest+) 
-  - Sit for the PenTest+ Certification Exam 
-  - Then... CEH? 
  
 ---- ----
  
-===== Udemy Recommendations ===== 
  
-[[https://www.reddit.com/r/oscp/comments/j6i8f7/passed_the_oscp_with_the_help_of_the_following/|Passed the OSCP with the help of the following Udemy Courses]] 
  
-Privilege Escalation is vital, and these two Udemy Courses are highly recommended for anybody pursuing OSCP or other similar penetration testing endeavors: 
-  * [[https://www.udemy.com/course/windows-privilege-escalation/|Windows Privilege Escalation for OSCP & Beyond!]]  
-  * [[https://www.udemy.com/course/linux-privilege-escalation/|Linux Privilege Escalation for OSCP & Beyond!]] 
  
-For Layer 7/Application Layer attacks, check out: +==== Learning Paths ====
-  * [[https://www.udemy.com/course/learn-website-hacking-penetration-testing-from-scratch/|Website Hacking / Penetration Testing & Bug Bounty Hunting]]+
  
-The new 2020 OSCP material is good, but in my opinion, it lacks sufficient material to help students address Layer 7 attacks like dealing wMSSQLFortunately for me, I've been doing this for a while, and it was not difficult to proceed with some of the new lab machines that utilize MSSQL, but you could read in the student forum of people's frustration of not knowing where to begin+Just to make note of some other INE [[https://ine.com/learning/paths | learning paths]] that caught my eye...  
- +  * [[https://my.ine.com/CyberSecurity/learning-paths/a223968e-3a74-45ed-884d-2d16760b8bbd/penetration-testing-student | Penetration Testing Student]] 
-An example of where OSCP coursework fails to address some layer 7 would be "Hack The Box - Jarvis." +  * [[https://my.ine.com/CyberSecurity/learning-paths/61f88d91-79ff-4d8f-af68-873883dbbd8c/penetration-testing-student-v2 Penetration Testing Student v2]] 
-  * [[https://medium.com/@ranakhalil101/hack-the-box-jarvis-writeup-w-o-metasploit-9f4cc7907c87|Check the end of the page and see his AWESOME technique how he r00ts Jarvis wunion statement]].+  * [[https://my.ine.com/CyberSecurity/learning-paths/9a29e89e-1327-4fe8-a201-031780263fa9/penetration-testing-professional | Penetration Testing Professional]] 
 +  * [[https://my.ine.com/CyberSecurity/learning-paths/154876ad-ae9f-43d6-add4-f635cab537a7/advanced-penetration-testing | Advanced Penetration Testing]] 
 +  * [[https://my.ine.com/CyberSecurity/learning-paths/54d03ae9-f161-4c34-85d1-ed4007d83f11/digital-forensics-professional | Digital Forensics Professional]]
  
 ---- ----
  
  
-===== eJPT =====+===== Hack the Box =====
  
-This certification is offered by [[https://ine.com/ | INE]] (which stands for [[www.InterNetworkExpert.com | Internetwork Expert]]).+Some more ideas to get some practical, hands-on experience (instead of just books and flash cards).
  
-The eJPT is the eLearnSecurity Junior Penetration Tester (eJPT) is a 100% practical certification on penetration testing and information security essentials.  +==== Starting Point ====
-  * It's called a "hacking certificate for beginners" and a lot of people really like it because of the focus on practical skills. +
  
-The eJPT is currently in version 2 ([[https://ine.com/learning/certifications/internal/elearnsecurity-junior-penetration-tester-v2 eJPTv2]]), and there are some differences that are worth noting.+Start with [[https://help.hackthebox.com/en/articles/6007919-introduction-to-starting-point Starting Point]]
 +  * Starting Point shows you how to get started in the platform and all the basics you need to know to stay on top of your hacking game. 
 +  * Starting Point is a linear series of Boxes tailored to absolute beginners and features very easy exploit paths to not only introduce you to our platform but also break the ice into the realm of penetration testing.
  
-**First:** previously, with the [[https://elearnsecurity.com/product/ejpt-certification/ eJPTv1]] certification (which is no longer offered), you could sign up for a free [[https://checkout.ine.com/starter-pass | Starter Pass]]. +[[https://app.hackthebox.com/starting-point Start Point]] is part of the HTB main platform (not the Academy). 
-  * Everything you needed to pass the eJPT(v1) exam was covered in the [[https://my.ine.com/CyberSecurity/learning-paths/a223968e-3a74-45ed-884d-2d16760b8bbd/penetration-testing-student | Penetration Testing Student]] (PTSlearning path on INE, which is part of the free Starter Pass.  +  * You need to set up an account to access it.  
-  * You can still sign up for the Starter Pass (it's free) and in that free package, you can still take the PTS course+  * However, you can work through Starting Point for [[https://www.hackthebox.com/newsroom/starting-point free]]: " You can enjoy Starting Point for free. A range of free Starting Point Machines will always be available. However, if you decide this is the place for you to learn and take your hacking skills to the next level, by subscribing to HTB you unlock not only more Starting Point Content but the entire HTB platform..." 
-  * Problem: The PTS will not prepare you for the eJPTv2. Just check out the differences in the courses offered by INE: +  * Each Tier comes with recommended Academy Modules (see recommendation below).
-   +
-1. [[https://my.ine.com/CyberSecurity/learning-paths/a223968e-3a74-45ed-884d-2d16760b8bbd/penetration-testing-student  Penetration Testing Student]]: This is the old learning path for the previous eJPT(v1)+
-  * Difficulty: novice +
-  * Duration: 48.25 hrs +
-  * Activities: +
-    * Sections: 1 +
-    * Courses: +
-    * Videos:  32 +
-    * Quizzes: 29 +
-    * Labs:    22 +
-    * Slides:  80+
  
-2. [[https://my.ine.com/CyberSecurity/learning-paths/61f88d91-79ff-4d8f-af68-873883dbbd8c/penetration-testing-student-v2 | Penetration Testing Student v2]]: This learning path prepares provides the skills and practice necessary for the eJPTv2 certification exam.  +==== HTB Academy ====
-  * Difficulty: novice +
-  * Duration: 144.1 hrs +
-  * Activities: +
-    * Sections: +
-    * Courses:  12 +
-    * Videos:  229 +
-    * Quizzes: 154 +
-    * Labs:    120 +
- +
-So, as you can see by a quick comparison of the course overviews, the PenTest Student v2 has considerably more material and training than the free version offered in the Starter Pass. Andrew Roderos, in his [[https://andrewroderos.com/ejptv2-beta-exam/ | write-up of his eJPTv2 Beta experience]], said this "course is **massive** compared to the previous one." He does add... +
-  * The previous Penetration Testing Student (PTS) course was death by PowerPoint.  +
-  * This new version is death by videos. +
-  * The exam is essentially the summary of all the labs included in the PTSv2 course. If you understood and did all the labs, you should be able to answer the eJPTv2 exam questions. +
- +
-**Second:** You have two options for eJPTv2 training and exam...  +
-  - [[https://checkout.ine.com/?products=ine-ind-cert-icca-cloud-associate | Buy an exam voucher]] for **$249.00**. +
-    - You get the eLearnSecurity Junior Penetration Tester v2 Exam Voucher +
-    - Plus you get 3 months of Fundamentals Monthly for free (after 3 months, $39 per month, billed monthly) +
-    - If you can get the training in during the three months, you'll save $50.00 over the second option... +
-  - [[https://ine.com/pricing | Buy an Annual Fundamentals Subscription]] for **$299.00**. +
-    - You get the eLearnSecurity Junior Penetration Tester v2 Exam Voucher (included in the annual subscription but **not** in the monthly subscription). +
-    - Plus you get a butt-ton of goodies (access to 8 different learning paths, including the Pentester Student that you need for the eJPT). +
- +
-The eJPTv2 Exam Format:  +
-  * 35 questions +
-  * 50 hours to complete (basically 2 days, compared to the 3 days you had with v1) +
-  * Dynamic exam +
-  * Hands-on exam +
- +
-With all this in mind, I found a couple good articles with overviews, tips, advice, etc.  +
-  * Bear in mind they are dated--they refer to the eJPTv1 that you could train and sit for with the free Starter Pass.  +
-  * That ship has sailed. INE beefed up the training a lot, and they (rightfully so) are charging for it. You get what you pay for. +
- +
----- +
- +
-==== Clark's Write-Up ===+
- +
-From [[https://ine.com/blog/my-ejpt-experience-lily-clark | Lily Clark]] +
- +
-I focused my energy on the Penetration Testing Basics & Penetration Testing Prerequisites sections.  +
- +
-=== Initial Study Strategy (bad) === +
- +
-I read all of the slides first. Then I watched all the videos. Then I attempted labs. I did this because I was intimidated by the labs and not for any strategic reasoning. +
-  * Looking back, I understand why I would get stuck - I didn’t practice the theory I learned or understand fully why I was learning it. I could have saved so much time if I had done the labs along with it.  +
-  * I don’t recommend studying in the same order I did +
- +
-=== Study Recommendations === +
- +
-I recommend starting with the goal of completing the labs.  +
-  * Let’s be clear: If you are studying this, it is either to learn cyber security or to get that shiny eJPT certification. You cannot do either without hands-on experience.  +
-  * You will need to spend a considerable amount of time in the lab environment in order to prepare yourself for the exam.  +
-  * If you have the goal of completing a lab, you will pay better attention to the slides and videos leading up to it. +
- +
-=== Write Lab Reports === +
- +
-I cannot stress this enough. +
-  * For each lab you do, create a report for yourself that includes common commands for the tool or technique you are learning, which commands you needed to complete the report, and any screenshots you have so you may replicate the outcome later.  +
-  * Do this for every lab. +
- +
-=== Exam === +
- +
-You can expect lessons from many of your labs coming in handy (and this is why you’ll want to create those reports).  +
-  * The Programming prerequisites section will not be directly tested. +
-  * This module has great knowledge within it and can help you automate tasks, however, you can easily pass the exam without this section. +
- +
-----+
      
-==== Kumar's Write-Up ====+They highly recommend you supplement Starting Point with [[https://academy.hackthebox.com/ | HTB Academy]]. 
 +  * Starting Point serves as a guided introduction to the Hack The Box Main Platform. 
 +  * HTB Academy is a learning platform that guides you through developing pentesting skills.
  
-From [[https://www.linkedin.com/pulse/review-ejpt-certification-from-elearnsecurity-lalith-kumar/ | Lalith Kumar]]+Supplement Starting Point with [[https://help.hackthebox.com/en/articles/5272936-introduction-to-htb-academy | HTB Academy]]: 
 +  * Academy is like a "University for Hackers."  
 +  * It offers step-by-step cybersecurity courses that cover information security theory and prepare you to participate in the main Hack The Box platform.  
 +  * HTB Academy is highly interactive and is intended to be a streamlined learning process that is simultaneously educational and fun.  
 +  * First HTB Academy Skill Path: [[https://academy.hackthebox.com/path/preview/cracking-into-hack-the-box Cracking into Hack the Box]]
 +    * This path introduces core concepts necessary for anyone interested in a hands-on technical infosec role.  
 +    * The modules also provide the essential prerequisite knowledge for joining the main Hack The Box platform. 
 +    * This is also the content necessary for progressing through Starting Point.
  
-=== Study Guide ===+==== Hacking Labs ====
  
-Here are Kumar's basic study recommendations:  +And then supplement HTB Academy with [[https://www.hackthebox.com/hacker/hacking-labs | Hacking Labs]]
-  - Complete all the labs from the section Penetration Testing Prerequisites section and Penetration Basics section+  * Hack The Box’s Hacking Labs offer a fully interactive pentester training environment
-  - Don't ignore the secret server lab from Penetration Testing Prerequisites+  * You can exploit vulnerable machines at a variety of skill levels, from Easy to Insane difficulty.  
-  - Experience from https://tryhackme.com will be a very good add-on. There is a new learning path in TryHackMe namely Junior Penetration Tester. This is designed to prepare you for the eJPT in a way more practical and interesting way.+  * You can also track your progress and show off what you have accomplished with employers who are hiring pentesters.
      
-The above materials are more than enough to pass the exam. +At this time, the main Hack The Box platform and HTB Academy use separate accounts, so even you've already registered for Hack The Box, you'll need to make a separate account for Academy
-  * You can avoid black-box labs if you don't feel like doing them. +  [[https://app.hackthebox.com/invite Register for HTB]]: $135.00/year 
-  * But I recommend you to do it since it makes you familiar with the exam environment and you can practice without attempting the exam! +  - [[https://academy.hackthebox.com/register Register for HTB Academy]]: $490.00/year 
- +   
-=== Recommended Resources === +Semi-helpful Blog Article: [[https://www.hackthebox.com/blog/how-to-become-a-pentester How to become a penetration tester]]
- +
-[[https://tryhackme.com/ | TryHackMe]]: +
-  * Cost is free (or $10/mo which I pay for now but didn’t at first) +
-  * Can reinforce skills and tools learned in PTS such as Nmap, BurpSuite, and Metasploit +
- +
-[[https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw | John Hammond Youtube videos]]: +
-  * Cost is nothing +
-  * John makes [[https://www.youtube.com/watch?v=xl2Xx5YOKcI hacking]] and [[https://www.youtube.com/watch?v=RCgEIBfnTEI | CTFs]] look easy. He has a wealth of knowledge +
-  * I enjoyed watching his videos because I had no experience in a Linux environment and watching someone else’s workflow helped me realize how simple it can be if I know the right shortcuts and commands +
- +
----- +
- +
-==== Learning Paths ==== +
- +
-Just to make note of some other INE [[https://ine.com/learning/paths learning paths]] that caught my eye...  +
-  * [[https://my.ine.com/CyberSecurity/learning-paths/a223968e-3a74-45ed-884d-2d16760b8bbd/penetration-testing-student | Penetration Testing Student]] +
-  * [[https://my.ine.com/CyberSecurity/learning-paths/61f88d91-79ff-4d8f-af68-873883dbbd8c/penetration-testing-student-v2 | Penetration Testing Student v2]] +
-  * [[https://my.ine.com/CyberSecurity/learning-paths/9a29e89e-1327-4fe8-a201-031780263fa9/penetration-testing-professional | Penetration Testing Professional]] +
-  * [[https://my.ine.com/CyberSecurity/learning-paths/154876ad-ae9f-43d6-add4-f635cab537a7/advanced-penetration-testing | Advanced Penetration Testing]] +
-  * [[https://my.ine.com/CyberSecurity/learning-paths/54d03ae9-f161-4c34-85d1-ed4007d83f11/digital-forensics-professional Digital Forensics Professional]]+
  
 ---- ----
Line 233: Line 154:
  
 I say go for your eJPT or maybe another one up. Also you can DEFINITELY start the offensive path !!! I did that one and I’m actually going to redo the AD room from JR Pentester since I’m at 98% technically lol , they redo these I say go for your eJPT or maybe another one up. Also you can DEFINITELY start the offensive path !!! I did that one and I’m actually going to redo the AD room from JR Pentester since I’m at 98% technically lol , they redo these
- 
----- 
- 
-===== HTB ===== 
- 
-Some more ideas to get some practical, hands-on experience (instead of just books and flash cards). 
- 
-Start with [[https://help.hackthebox.com/en/articles/6007919-introduction-to-starting-point | Starting Point]]: 
-  * Starting Point shows you how to get started in the platform and all the basics you need to know to stay on top of your hacking game. 
-  * Starting Point is a linear series of Boxes tailored to absolute beginners and features very easy exploit paths to not only introduce you to our platform but also break the ice into the realm of penetration testing. 
- 
-[[https://app.hackthebox.com/starting-point | Start Point]] is part of the HTB main platform (not the Academy). 
-  * You need to set up an account to access it.  
-  * However, you can work through Starting Point for [[https://www.hackthebox.com/newsroom/starting-point | free]]: " You can enjoy Starting Point for free. A range of free Starting Point Machines will always be available. However, if you decide this is the place for you to learn and take your hacking skills to the next level, by subscribing to HTB you unlock not only more Starting Point Content but the entire HTB platform..." 
-  * Each Tier comes with recommended Academy Modules (see recommendation below). 
-   
-They highly recommend you supplement Starting Point with [[https://academy.hackthebox.com/ | HTB Academy]]. 
-  * Starting Point serves as a guided introduction to the Hack The Box Main Platform. 
-  * HTB Academy is a learning platform that guides you through developing pentesting skills. 
- 
-Supplement Starting Point with [[https://help.hackthebox.com/en/articles/5272936-introduction-to-htb-academy | HTB Academy]]: 
-  * Academy is like a "University for Hackers."  
-  * It offers step-by-step cybersecurity courses that cover information security theory and prepare you to participate in the main Hack The Box platform.  
-  * HTB Academy is highly interactive and is intended to be a streamlined learning process that is simultaneously educational and fun.  
-  * First HTB Academy Skill Path: [[https://academy.hackthebox.com/path/preview/cracking-into-hack-the-box | Cracking into Hack the Box]]. 
-    * This path introduces core concepts necessary for anyone interested in a hands-on technical infosec role.  
-    * The modules also provide the essential prerequisite knowledge for joining the main Hack The Box platform. 
-    * This is also the content necessary for progressing through Starting Point. 
- 
-And then supplement HTB Academy with [[https://www.hackthebox.com/hacker/hacking-labs | Hacking Labs]]: 
-  * Hack The Box’s Hacking Labs offer a fully interactive pentester training environment. 
-  * You can exploit vulnerable machines at a variety of skill levels, from Easy to Insane difficulty.  
-  * You can also track your progress and show off what you have accomplished with employers who are hiring pentesters. 
-   
-At this time, the main Hack The Box platform and HTB Academy use separate accounts, so even you've already registered for Hack The Box, you'll need to make a separate account for Academy. 
-  - [[https://app.hackthebox.com/invite | Register for HTB]] 
-  - [[https://academy.hackthebox.com/register | Register for HTB Academy]]. 
-   
-Semi-helpful Blog Article: [[https://www.hackthebox.com/blog/how-to-become-a-pentester | How to become a penetration tester]] 
  
 ---- ----
  
  
start.1671496913.txt.gz · Last modified: by gman