Differences

This shows you the differences between two versions of the page.

--- start [2024/02/04 01:33] – [eJPT] gman
+++ start [2024/02/04 01:34] (current) – [Projects] gman
@@ Line 59: / Line 59: @@
   * [[https://www.cbtnuggets.com/blog/certifications/security/how-i-passed-the-oscp-on-the-first-try|How I Passed the OSCP on the First Try]]
-==== Projects ====
-  - TryHackMe (PenTest+ Learning Track)
-  - 101 Labs (PenTest+)
-  - Sit for the PenTest+ Certification Exam
-  - Then... CEH?
 ----
-===== Udemy Recommendations =====
-[[https://www.reddit.com/r/oscp/comments/j6i8f7/passed_the_oscp_with_the_help_of_the_following/|Passed the OSCP with the help of the following Udemy Courses]]
-Privilege Escalation is vital, and these two Udemy Courses are highly recommended for anybody pursuing OSCP or other similar penetration testing endeavors:
-  * [[https://www.udemy.com/course/windows-privilege-escalation/|Windows Privilege Escalation for OSCP & Beyond!]]
-  * [[https://www.udemy.com/course/linux-privilege-escalation/|Linux Privilege Escalation for OSCP & Beyond!]]
-For Layer 7/Application Layer attacks, check out:
-  * [[https://www.udemy.com/course/learn-website-hacking-penetration-testing-from-scratch/|Website Hacking / Penetration Testing & Bug Bounty Hunting]]
-The new 2020 OSCP material is good, but in my opinion, it lacks sufficient material to help students address Layer 7 attacks like dealing w/ MSSQL. Fortunately for me, I've been doing this for a while, and it was not difficult to proceed with some of the new lab machines that utilize MSSQL, but you could read in the student forum of people's frustration of not knowing where to begin.
-An example of where OSCP coursework fails to address some layer 7 would be "Hack The Box - Jarvis."
-  * [[https://medium.com/@ranakhalil101/hack-the-box-jarvis-writeup-w-o-metasploit-9f4cc7907c87|Check the end of the page and see his AWESOME technique how he r00ts Jarvis w/ union statement]].
-----
-==== Clark's Write-Up ====
-From [[https://ine.com/blog/my-ejpt-experience-lily-clark | Lily Clark]]
-I focused my energy on the Penetration Testing Basics & Penetration Testing Prerequisites sections.
-=== Initial Study Strategy (bad) ===
-I read all of the slides first. Then I watched all the videos. Then I attempted labs. I did this because I was intimidated by the labs and not for any strategic reasoning.
-  * Looking back, I understand why I would get stuck - I didn’t practice the theory I learned or understand fully why I was learning it. I could have saved so much time if I had done the labs along with it.
-  * I don’t recommend studying in the same order I did
-=== Study Recommendations ===
-I recommend starting with the goal of completing the labs.
-  * Let’s be clear: If you are studying this, it is either to learn cyber security or to get that shiny eJPT certification. You cannot do either without hands-on experience.
-  * You will need to spend a considerable amount of time in the lab environment in order to prepare yourself for the exam.
-  * If you have the goal of completing a lab, you will pay better attention to the slides and videos leading up to it.
-=== Write Lab Reports ===
-I cannot stress this enough.
-  * For each lab you do, create a report for yourself that includes common commands for the tool or technique you are learning, which commands you needed to complete the report, and any screenshots you have so you may replicate the outcome later.
-  * Do this for every lab.
-=== Exam ===
-You can expect lessons from many of your labs coming in handy (and this is why you’ll want to create those reports).
-  * The Programming prerequisites section will not be directly tested.
-  * This module has great knowledge within it and can help you automate tasks, however, you can easily pass the exam without this section.
-----
-==== Kumar's Write-Up ====
-From [[https://www.linkedin.com/pulse/review-ejpt-certification-from-elearnsecurity-lalith-kumar/ | Lalith Kumar]]
-=== Study Guide ===
-Here are Kumar's basic study recommendations:
-  - Complete all the labs from the section Penetration Testing Prerequisites section and Penetration Basics section.
-  - Don't ignore the secret server lab from Penetration Testing Prerequisites.
-  - Experience from https://tryhackme.com will be a very good add-on. There is a new learning path in TryHackMe namely Junior Penetration Tester. This is designed to prepare you for the eJPT in a way more practical and interesting way.
-The above materials are more than enough to pass the exam.
-  * You can avoid black-box labs if you don't feel like doing them.
-  * But I recommend you to do it since it makes you familiar with the exam environment and you can practice without attempting the exam!
-=== Recommended Resources ===
-[[https://tryhackme.com/ | TryHackMe]]:
-  * Cost is free (or $10/mo which I pay for now but didn’t at first)
-  * Can reinforce skills and tools learned in PTS such as Nmap, BurpSuite, and Metasploit
-[[https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw | John Hammond Youtube videos]]:
-  * Cost is nothing
-  * John makes [[https://www.youtube.com/watch?v=xl2Xx5YOKcI | hacking]] and [[https://www.youtube.com/watch?v=RCgEIBfnTEI | CTFs]] look easy. He has a wealth of knowledge
-  * I enjoyed watching his videos because I had no experience in a Linux environment and watching someone else’s workflow helped me realize how simple it can be if I know the right shortcuts and commands
-----
 ==== Learning Paths ====
@@ Line 165: / Line 81: @@
 Some more ideas to get some practical, hands-on experience (instead of just books and flash cards).
-**NOTE for eJPT:** The actual INE course for eJPT is enough. If you want to study the extra mile, finish the Jr Penetration Tester of TryHackMe or/and the starting point of HTB. But the INE course is totally sufficient
 ==== Starting Point ====