Finding Resources to Prepare for the Offensive Penetration Testing
21 hours 43 minutes
fighting resources to prepare for hands on pen testing certifications are learning objectives are no. Which resources are available to prepare for hands on penetration testing certifications
and determine which resources are right for you.
I want to show you this graph because I think it really illustrates the purpose or the point of doing hands on labs.
So if you look at the osC p pass rate
in their lab environment, their p W K lab environment, the more boxes you own, the more likely you are to pass.
And personally, I know that to be true because when I first took oh, SCP, my first attempt, I hope owned less than 10 boxes in the lab environment.
When I took it again, I had about 30 boxes and I was right on the cusp of passing, but I didn't turn in the lab manual itself or the lab right up, which probably would have put me over and and had me pass. And finally when I passed the OsC P, I had owned about
50 boxes. So I can say this is a true testament of doing hands on labs and how important that is to passing certifications that have this hands on pen testing component to them.
So what resources are available. Of course we have the hands on labs, right? We have hacked the box, which is a huge name out there. I learned on hack the box. I really enjoy. Hacked the box. There are some other ones out there, like von hub pen testers Academy, um, and some free ones like uh,
over the wire and try Hackney also has some free content available as well.
We also have to know what commands to use. So there's great get hud repos out there available with commands. Important commands for these certifications. Uh, as well as people's personal websites. We'll look at God Milk and a little bit
books and guides. I can say though when I do these certifications.
Um I don't really look at the books or the guides. The books are things that I used to prepare for these tests, but I don't really look at them while I'm taking them. And then we have pre built labs which are probably my least favorite of all of these. But I think it's a good a good experience to actually build them
um Like D. V. W. A. And see how to set them up
because it's important to understand how lab makers think and work.
So hands on labs, hack the box.
Hack the box is a huge name out there. Like I said, that's how I got all my experience with hands on labs was through hack the box. Um
They are free. Uh there the free lab environment is fine. I ended up upgrading the V. I. P. Just because I didn't like having 100 people attacking the same boxes. Me. So I thought the V. I. P. Plan was well worth the money. Um What you'll see here in this image. R. O. S. C. P. Like boxes and hack the box. And I want to
illustrate that because I think some boxes can be very captured the flag esque.
And I want to steer away from those boxes that are more CTF like um
in uh in hack the box I want to I want to do more of the real life type boxes like these that you see here.
Um Many labs are harder than the certifications themselves. You know uh are harder than the C. P. P. T. Or oh SCP some of these boxes take me days to own
and that's obviously you don't have the time for that in these hands on certifications.
There's also walk throughs for retired machines. Again if you pay for the V. I. P. Plan um you'll have the ability to go through these retired machines and IP SEc. I can't give enough credit because it's like videos are really me watching them and looking at his processes methodology
taught me so much about my own methodology.
So if you can look up the iP SEc and his walk throughs, they're gold
von hub. So offensive security recently sponsored this But these are free vulnerable machines that people have created. Uh anyone can submit them. But I will say setting up setting it up in your own environment can be difficult. You know sometimes it's VM. Where only virtual box only
and it will say on there and sometimes I'll load it up and I won't know where it is in my network
and I'll have some awful networking issues and not be able to figure it out. Other times, I have no problems at all. I just I just booted up and I'm good to go
also, there are walk throughs of many of these boxes. So again, it's great to look at someone's methodology and how they think through this, how they work through these different machines.
Pen testers Academy, this is I really like pen testers Academy. Um you do have to pay for it to do their labs, some labs are free, but this is kind of reverse where is in fact the box and uh involved hub. You don't know what the vulnerability is. And pen testers Academy, they tell you what the vulnerability is
and then you exploit it.
So I think if you're just starting or if you want to see how a particular vulnerability works,
um, how to exploit it. These pen testers. Academy is perfect for that.
over the wire is free. Um, I think this is great for beginners. Uh like it says like I have right here on the slide and also teaches the basics of the command line, which I think are vitally important when you take these tests is knowing the command line that's a large part of the battle is now in the command line. So
give over the wire a try because I really think that for a free resource, it is very, very good.
Try. Hackney is newer on the market, but I do enjoy try. Hack me a lot is different than um, than Hack the box in that try Hackney kind of walks you through things. There's certain flags or certain questions you need to answer as you go along, so kind of hold your hand so to speak
if you're newer. I think this is great if you're seasoned.
Um I really enjoy not having to answer you know, 10 questions. Um but if you're newer and you want to get the hang of this stuff,
I think this is perfect. Also you can choose between a browser based virtual environment or you can use open VPN like you would in the P. W. K. Labs or in hack the box. So I do enjoy because I like my own VM. Having that option to use open VPN.
So list of commands. Pen test monkey will see his reverse shells later on in this course. But
penthouse monkeys great. Got Milk has an excellent right up on Lenox privilege escalation.
Medium articles, um not medium in size but medium. The publishing company I guess you could call it has some excellent walk throughs of C. T. F. C. Or you know hack the box machines, get hud repos, blogs. Uh you can make your own as well of course
books like I said I mean there are some great books out there like the operator handbook that I have sitting next to me, not something that I or the Red team field manual.
Um If you can find a pdf version of these that's excellent because you can you can search for it while you're taking the test. Um I have these sitting next to me when I took the tests I didn't really use them but it's good to have that resource. It's also good. I read peter kim's the hacker Playbook one and two
three is more red team oriented but I really enjoyed the hacker playbook books in preparation for these tests
and Georgia Georgia's book penetration testing, a hands on approach by no starch press was excellent. I did a buffer overflow in that. Um I think it was an excellent excellent guide in getting prepared for these hands on pen testing
certifications because basically everything she talks about is hands on.
she's also coming out with a second version as well. Hopefully sometime soon. But I know she's coming out with her second version of that book.
So pre built labs, D VW a medicine pliable and web goat.
I think it's a good thing. It's good to get some hands on experience in setting up tv wh because you have to figure out how to create a my sequel database.
Um medicine palatable. We'll see that this here
um there are so many walk throughs for all of these uh which so I think is good if you're a beginner to just because there's so many resources out there. Free resources um to use it. If you're more seasoned and getting ready for things like, oh, SCP any CPP t um you might want to move on to, you know, try hack me and hack the box
and things like that just because I think they're a bit more or you know, a bit harder than these intentionally vulnerable previous labs.
So here's our quiz question.
Who offers free videos of hack the box walkthrough, says it. Opsec pen test monkey or Got milk?
And the answer,
is it sick
if you haven't seen in the ip sec videos, go ahead and
uh search for ip sec on Youtube.
So now you should know which resources are available to prepare for hands on pen testing certifications and determine which resources are right for you.