Sunday, September 4, 2022

Road to OSCP Part1

I've been busy as always, busy enough not to post anything in the last two+ years. I'll give you the TLDR I have obtained some certifications along the way:

  • CISSP 
  • CASP+
  • Security+
  • AWS Solutions Architect Associates
  • CCENT
That's not why I am here, I wanted to let you all know that I have found another avenue of mind absorption which is Ethical Hacking/ Pentesting. I will be getting the OSCP certification, I don't know when yet but I would say within a year. After getting my CISSP I really wanted the Certified Ethical Hacker( CEH) title, while I still do and more than likely I will come back to get it I feel that my time is better spent on something that is hands-on and fun. 

I was going to say that I've used Kali Linux since it was BackTrack, but that would be an overstatement. For pentesting use cases, it is definitely. I am going to consider myself a newbie when it comes to this, I have concepts, knowledge, training, and ideas that will help me in this journey but never have I jumped into this topic as I have others.  

There are other resources that I will take advantage of during this marathon. Certifications :
  • Certifications: 
    • PNPT (Practical Networking Penetration Tester)
    • eJPT
    • CEH Practical
  • Services
    • VulnHub
    • HackTheBox
    • Proving Grounds
    • TryHackMe
  • Training
    • Youtube
    • TCM-Security
    • eJPT
    • Udemy
Where am I starting?

I have chosen to start with the PNPT using the accompanying training courses, more information can be found here: https://certifications.tcm-sec.com/pnpt/. Heath Adams CEO and his team over at tcm-security have a great program gaining some momentum over the last couple of years. I have not decided but before the end of the year I will be PNPT certified. 

What else?

I am going to try and not lie to myself, they say the best way to learn is to teach. I am going to try and create writeups for machines that I successfully pentest. There are a ton of walkthroughs for machines out there. What I have found out is that videos are either edited, or content is curated carefully to only show successes. I don't want to do that I want to submit my failures, I want to show where I failed, where I didn't understand, where I asked for help. More of a realistic approach 
at
Labels:

2025 Certification Goals

Certified Information Systems Auditor (CISA) https://www.isaca.org/credentialing/cisa Practical Web Pentest Associate (PWPA pka: PJPT) http...