Having completed the e-learning's eJPT, which I posted about here I have now embarked upon Offensive Security's PWK course, leading to the OSCP certificate. After the sign-up process and after waiting for my intake date, I received a series of emails giving me the course material (a PDF of a 375 pages and 149 videos), links to their lab control panel and instructions on how to download their version of Kali plus how to get to their labs via VPN. The materials seem quite good albeit a little sparse compared to how I expected them to be. Unlike the eJPT there are no lab challenges at the Continue Reading
VulnHub VM: Stapler
This has turned out to be quite a fun box to attack because it has multiple ways in and supposedly multiple escalation methods too. I prefer this sort of CTF to the ones where they hide passwords in Base64 encoded jpgs in the page source and that sort of thing. This is less of a puzzle/game and more realistic, albeit an unrealistically badly configured security setup. N.B. when I write these up, I write as I'm doing it so it's not a carefully edited walk-through as such but more of a record (for myself) as to what I did, as I did and the thought-processes which I'm hoping to Continue Reading