My PWK lab access has ended, but I haven’t stopped preparing for the upcoming OSCP examination. I’ve been practicing on the HTB labs to sharpen my skills, and working on writing buffer overflow exploits so that I’m more comfortable with the process. I hope to write more tutorials once I’ve finished my OSCP journey, but for now I’m focusing primarily on studying. That doesn’t mean I’m going to leave you all high and dry, though.
Happy July 4 to everyone in the United States. Today is the last day of my PWK course. It’s been intense, and in the practice labs I did better than I expected, but not as well as I’d hoped. Considering the fact that 99% of my “training” has been self-study—poring through books, websites, “text-philez”, PDFs, online courses, and (occasionally) videos on YouTube—I think I did fairly well. I’m no longer a Novice, not quite Adept, but well along my way as an Apprentice.
What a busy week it’s been! Until yesterday the course has largely been a review of concepts I already understood (though the review definitely helped), with a few new nuggets of wisdom thrown in for good measure. The only gripe I have so far is that the videos are older than the PDF, and the PDF is a little outdated compared to the course, and certain changes in the lab and the Kali VM weren’t reflected in the course material, which caused a bit of a headache as I tried to piece everything together.
The day has finally come! I’ve received my materials and lab access credentials. I’ve been added to the exclusive Super Secret Student Forum. It’s time to get hacking! While I cannot share any specific details about the PWK course or lab, I will do my best to write about the interesting topics I encounter as I progress through the course. I’m sure there will be plenty I can write about without spoiling anything.
With the start of my PWK course only three days away, I decided to try my hand at one of the newer HackTheBox machines, called Help. I chose this box for two reasons. First, it was rated as moderately easy, and had a more real-world, CVE approach instead of a brain-bending, unrealistic CTF approach. Second, I had attempted this box previously without success, and taking another stab at it would allow me to judge how much I’d learned in the previous month.