###GrrCON I attended GrrCON again this year, but unfortunately I wasn’t able to stay for the second day. I was able to attend a lot of different talks and the Kali Linux Dojo that went over creating custom ISO’s of Kali which ended up being extremely helpful as I often work out of my room and remoting into my desktop with my environment isn’t all that great. I thought the most interesting part of the workshop was the ‘nuke’ password you can set on an encrypted partition.
This week I set up an interesting environment in attempt to remotely access my Kali, but it didn’t work very well in the end. I set up openvpn on my raspberry pi as well as a few other things, but it just wasn’t fast enough.
As for PWK content, I am extremely surprised as how brief the material is, but the “Try harder” part makes sense now. I was able to get through a lot of material. I am in the process of making a private github repo with all of my notes. The biggest challenge for me so far isn’t necessarily the technical portion of the course, but rather staying organized. I read up on other people’s experiences with the OSCP and gathering a lot of tools and tricks to make my life easier, like using cherrytree with a template to document my work on lab machines. Something very interesting about the labs is that there is almost no direction. You connect to the lab VPN and I was given a range of IP’s. The lab is not set up chronologically, so x.x.x.25 may be much harder than x.x.x.159. To to begin, I started working on scanning all of the boxes and wrote a bash script to help automate that process (but it still needs work).
On the technical side, I am having issues with getting a bind/reverse shell using ncat and ssl. After some research, I found that ncat is packaged with nmap, but the ncat version installed on the VM is 7.6, which doesn’t support the openssl version used by the provided windows machine.
I also started to attempt my first lab machine. I think I am prohibited from disclosing details on the lab machines, so those will be in the form of cherrytree notes in my private repo.
This weekend, my plan is to get through as much of the course material as possible in order to take advantage of my lab time (only 90 days lab time total, so I need to work efficiently). My goal for this weekend is to get root on at least one lab machine as well.
My advice for anyone looking to get started is to read up on the syllabus and get some familiarity with the things listed in there. Also, definitely read up on a lot of blog posts and get a good idea of how you plan on taking notes and staying organized in general.