o just over a week ago I wrote a post about the fact that my current employer had agreed to fund the PWB (Penetration Testing With Backtrack) and the associated OSCP exam. All being well this should get sorted either this week or the beginning of next and then I can start the course.
I’ve spent the time since, pouring over the PWB syllabus and trying to get a head start. To be honest if nothing else it’s meant that I’ve learnt a few new things along the way, such as;
1. Writing simple bash scripts, just 1 or 2 liners that perform a ping sweep on my home lab and output the results to a text file, which I then grep to get back certain information. It’s not rocket science I know but it’s something I didn’t know before.
2. Exploit writing, I’ve not successfully managed to do this yet (damn EIP registers) but there was a post on the Metasploit site about the basics of exploit writing so I’ve been following that, and just to make it a bit more interesting (and more difficult for myself), rather than using ruby for all of it I’ve been re-writing some of it in Python. I now know what “fuzzers” do and how to work a debugger.
3. Netcat, a “simple” tool that I’ve used to create listeners with in the past but that’s about it, now I can perform port scans and banner grabs which again while it might not be “elite” stuff is still important.
4. Documentation… the big one for me, I’ve started getting in the habit of keeping notes on everything I’ve learnt and done, I’m hoping this will develop into second nature so that I don’t struggle on that part of the course.
It might not seem a lot but I’m happy with the progress, once I have the course material and access to the labs I can hopefully develop my skills a lot more. A lot of people have reminded me of the OSCP motto “Try Harder”, so in an effort to give me some focus I’ve created my own wallpaper to remind me of that. If you are interested you can find it here.
Now I’m going to be honest with you here reader(s), there are times when the prospect of this course fills me with a feeling of dread deep in the pit of my stomach. It’s that mixture of the unknown, sprinkled with a healthy dose of excitement and fear. The kind you can only get when YOU know you are about to push yourself well out of your comfort zone.
Don’t get me wrong I am really looking forward to the course and the exam and if was easy what would be the point. When I pass (notice the positive attitude) I will be asking you for advice on how to keep my skills “polished” and go further…