Finding Resources to Prepare for the Offensive Penetration Testing

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
22
Video Transcription
00:00
>> Finding resources to prepare
00:00
for hands-on pentesting certifications.
00:00
Our learning objectives are to know
00:00
which resources are available to prepare for
00:00
hands-on penetration testing certifications
00:00
and determine which resources are right for you.
00:00
I want to show you this graph,
00:00
because I think it really illustrates
00:00
the purpose or the point of doing hands-on labs.
00:00
If you look at the OSEP pass rate,
00:00
in their PWK lab environment,
00:00
the more boxes you own,
00:00
the more likely you are to pass.
00:00
Personally, I know that to be
00:00
true because when I first took OSEP,
00:00
my first attempt, I'd pawned
00:00
less than 10 boxes in the lab environment.
00:00
When I took it again,
00:00
I had about 30 boxes and I
00:00
was right on the cusp of passing,
00:00
but I didn't turn in the lab manual
00:00
itself or the lab write-up,
00:00
which probably would have put me over and had me pass.
00:00
Then finally, when I passed the OSEP,
00:00
I owned about 50 boxes.
00:00
I can say this is a true testament
00:00
of doing hands-on labs and how important that is to
00:00
passing certifications that have
00:00
this hands-on pentesting component to them.
00:00
What resources are available?
00:00
Of course, we have the Hands-on Labs,
00:00
we have Hack The Box,
00:00
which is a huge name out there.
00:00
I learned on Hack The Box.
00:00
I really enjoy Hack The Box.
00:00
There are some other ones out there like
00:00
VulnHub, PentesterAcademy,
00:00
and some free ones, like OverTheWire,
00:00
and TryHackMe also has
00:00
some free content available as well.
00:00
We also have to know what commands to use.
00:00
There's great GitHub repos out there available
00:00
with important commands for these certifications,
00:00
as well as people's personal website.
00:00
We'll look at g0tmilk in a little bit.
00:00
Books and guides.
00:00
I can say though when I do these certifications,
00:00
I don't really look at the books or the guides.
00:00
The books are things that I
00:00
use to prepare for these tests,
00:00
but I don't really look at them while I'm taking them.
00:00
Then we have pre-built labs,
00:00
which are probably my least favorite of all of these,
00:00
but I think it's a good experience to actually build them
00:00
like DVWA and see how to set them up
00:00
because it's important to understand
00:00
how lab makers think and work.
00:00
Hands-on Labs, Hack The Box.
00:00
Hack The Box is a huge name out there.
00:00
Like I said, that's how I got
00:00
all my experience with
00:00
hands-on labs was through Hack The Box.
00:00
They are free. The free lab environment is fine.
00:00
I ended up upgrading the VIP just because I didn't
00:00
like having 100 people attacking the same box as me,
00:00
so I thought the VIP plan was well worth the money.
00:00
What you'll see here in this image are
00:00
OSEP boxes and Hack The Box.
00:00
I want to illustrate that
00:00
because I think some boxes
00:00
can be very Capture the Flag Ask,
00:00
and I want to steer away from those boxes that are more
00:00
CTF-like in Hack The Box.
00:00
I want to do more of
00:00
the real life type boxes like these that you see here.
00:00
Many labs are harder than the certifications themselves,
00:00
are harder than eCPPT or OSEP.
00:00
Some of these boxes take me days to own and obviously,
00:00
you don't have the time for that
00:00
in these hands-on certifications.
00:00
There's also walkthroughs for retired machines.
00:00
Again, if you pay for the VIP plan,
00:00
you'll have the ability to
00:00
go through these retired machines.
00:00
I can't give IppSec enough credit because
00:00
IppSec videos are really
00:00
me watching them and looking at his process,
00:00
his methodology, taught me
00:00
so much about my own methodology.
00:00
If you can look up IppSec and
00:00
his walkthroughs, they are gold.
00:00
VulnHub. Offensive Security recently sponsored this,
00:00
but these are free vulnerable machines
00:00
that people have created.
00:00
Anyone can submit them,
00:00
but I will say setting it
00:00
up in your own environment can be difficult.
00:00
Sometimes it's VMware only or VirtualBox
00:00
only and it will stay on there.
00:00
Sometimes I'll load it up and
00:00
I won't know where it is on my network,
00:00
and I'll have some awful networking issues
00:00
and not be able to figure it out.
00:00
Other times, I have no problems at all.
00:00
I just boot it up and I'm good to go.
00:00
Also, there are walkthroughs of many
00:00
of these VulnHub boxes.
00:00
Again, it's great to look at
00:00
someone's methodology and how they think through this,
00:00
how they work through these different machines.
00:00
PentesterAcademy.
00:00
I really like PentesterAcademy.
00:00
You do have to pay for it to do their labs.
00:00
Some labs are free,
00:00
but this is reverse,
00:00
where as in Hack The Box and in VulnHub,
00:00
you don't know what the vulnerability is.
00:00
In PentesterAcademy, they tell you what
00:00
the vulnerability is and then you exploit it.
00:00
I think if you want to see how
00:00
a particular vulnerability works or how to exploit it,
00:00
the PentesterAcademy is perfect for that.
00:00
OverTheWire is free.
00:00
I think this is great for beginners,
00:00
like I have right here on the slide.
00:00
Then it also teaches the basics of the command line,
00:00
which I think are vitally
00:00
important when you take these tests,
00:00
is knowing the command line.
00:00
A large part of the battle, is knowing the command line.
00:00
Give OverTheWire a try because I really
00:00
think that for a free resource,
00:00
it is very good.
00:00
TryHackMe is newer on the market,
00:00
but I do enjoy TryHackMe a lot.
00:00
It's different than Hack The Box
00:00
in that TryHackMe walks you through things.
00:00
There are certain flags or there are
00:00
certain questions you need to answer as you go along,
00:00
so hold your hand, so to speak.
00:00
If you're newer, I think this is great.
00:00
If you're seasoned,
00:00
I really enjoy not having to answer 10 questions,
00:00
but if you're newer
00:00
and you want to get the hang of this stuff,
00:00
I think this is perfect.
00:00
Also you can choose between
00:00
a browser-based virtual environment or you can use
00:00
open VPN like you would in
00:00
the PWK Labs or in Hack The Box.
00:00
I do enjoy because I like my own VM
00:00
having that option to use open VPN.
00:00
Lists of commands.
00:00
Pentestmonkey will see his reverse shells
00:00
later on in this course,
00:00
but Pentestmonkey is great.
00:00
G0tmilk has an excellent write-up
00:00
on Linux Privilege Escalation.
00:00
Medium articles, not medium in size,
00:00
but medium, the publishing company,
00:00
I guess you could call it, has
00:00
some excellent walkthroughs
00:00
of CTFs or Hack The Box machines.
00:00
GitHub repos, blogs,
00:00
you can make your own as well, of course.
00:00
Books, like I said, there
00:00
are some great books out there like
00:00
the Operator Handbook that I have sitting next to
00:00
me or the Red Team Field Manual.
00:00
If you can find a PDF version of these,
00:00
that's excellent because you can search
00:00
for it while you're taking the test.
00:00
I had these sitting next to me when I took the tests.
00:00
I didn't really use them,
00:00
but it's good to have that resource.
00:00
I read Peter Kim's,
00:00
the Hacker Playbook 1 and 2.
00:00
Three is more Red Team oriented,
00:00
but I really enjoyed
00:00
the Hacker Playbook books in preparation for these tests.
00:00
Georgia's book Penetration Testing,
00:00
A Hands-on Approach by No Starch Press was excellent.
00:00
I did the buffer overflow in that.
00:00
I think it was an excellent guide in getting
00:00
prepared for these Hands-on
00:00
pentesting certifications because basically,
00:00
everything she talks about is hands-on.
00:00
She's also coming out with a second version as
00:00
well hopefully, sometime soon,
00:00
but I know she's coming out
00:00
with her second version of that book.
00:00
Pre-built labs, DVWA,
00:00
Metasploitable, and WebGoat.
00:00
I think it's good
00:00
to get some hands-on experience in setting up
00:00
DVWA just because you have to figure out how to
00:00
create a MySQL database.
00:00
Metasploitable, will see this here.
00:00
There are so many walkthroughs for all of these.
00:00
I think is good if you're a beginner,
00:00
just because there are so many free resources
00:00
, to use it.
00:00
If you're more seasoned and getting ready for things
00:00
like OSEP and eCPPT,
00:00
you might want to move on to
00:00
TryHackMe and Hack The Box, and things like that,
00:00
just because I think they're a bit
00:00
harder than these intentionally
00:00
vulnerable pre-built labs.
00:00
Here's our quiz question.
00:00
Who offers free videos of Hack The Box walkthroughs?
00:00
Is it IppSec, Pentestmonkey or g0tmilk?
00:00
The answer is IppSec.
00:00
If you haven't seen any IppSec videos,
00:00
go ahead and search for IppSec on YouTube.
00:00
Now, you should know which resources are
00:00
available to prepare for
00:00
hands-on pentesting certifications and
00:00
determine which resources are right for you.
Up Next