Finding Resources to Prepare for the Offensive Penetration Testing
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Difficulty
Intermediate
Video Transcription
00:00
>> Finding resources to prepare
00:00
for hands-on pentesting certifications.
00:00
Our learning objectives are to know
00:00
which resources are available to prepare for
00:00
hands-on penetration testing certifications
00:00
and determine which resources are right for you.
00:00
I want to show you this graph,
00:00
because I think it really illustrates
00:00
the purpose or the point of doing hands-on labs.
00:00
If you look at the OSEP pass rate,
00:00
in their PWK lab environment,
00:00
the more boxes you own,
00:00
the more likely you are to pass.
00:00
Personally, I know that to be
00:00
true because when I first took OSEP,
00:00
my first attempt, I'd pawned
00:00
less than 10 boxes in the lab environment.
00:00
When I took it again,
00:00
I had about 30 boxes and I
00:00
was right on the cusp of passing,
00:00
but I didn't turn in the lab manual
00:00
itself or the lab write-up,
00:00
which probably would have put me over and had me pass.
00:00
Then finally, when I passed the OSEP,
00:00
I owned about 50 boxes.
00:00
I can say this is a true testament
00:00
of doing hands-on labs and how important that is to
00:00
passing certifications that have
00:00
this hands-on pentesting component to them.
00:00
What resources are available?
00:00
Of course, we have the Hands-on Labs,
00:00
we have Hack The Box,
00:00
which is a huge name out there.
00:00
I learned on Hack The Box.
00:00
I really enjoy Hack The Box.
00:00
There are some other ones out there like
00:00
VulnHub, PentesterAcademy,
00:00
and some free ones, like OverTheWire,
00:00
and TryHackMe also has
00:00
some free content available as well.
00:00
We also have to know what commands to use.
00:00
There's great GitHub repos out there available
00:00
with important commands for these certifications,
00:00
as well as people's personal website.
00:00
We'll look at g0tmilk in a little bit.
00:00
Books and guides.
00:00
I can say though when I do these certifications,
00:00
I don't really look at the books or the guides.
00:00
The books are things that I
00:00
use to prepare for these tests,
00:00
but I don't really look at them while I'm taking them.
00:00
Then we have pre-built labs,
00:00
which are probably my least favorite of all of these,
00:00
but I think it's a good experience to actually build them
00:00
like DVWA and see how to set them up
00:00
because it's important to understand
00:00
how lab makers think and work.
00:00
Hands-on Labs, Hack The Box.
00:00
Hack The Box is a huge name out there.
00:00
Like I said, that's how I got
00:00
all my experience with
00:00
hands-on labs was through Hack The Box.
00:00
They are free. The free lab environment is fine.
00:00
I ended up upgrading the VIP just because I didn't
00:00
like having 100 people attacking the same box as me,
00:00
so I thought the VIP plan was well worth the money.
00:00
What you'll see here in this image are
00:00
OSEP boxes and Hack The Box.
00:00
I want to illustrate that
00:00
because I think some boxes
00:00
can be very Capture the Flag Ask,
00:00
and I want to steer away from those boxes that are more
00:00
CTF-like in Hack The Box.
00:00
I want to do more of
00:00
the real life type boxes like these that you see here.
00:00
Many labs are harder than the certifications themselves,
00:00
are harder than eCPPT or OSEP.
00:00
Some of these boxes take me days to own and obviously,
00:00
you don't have the time for that
00:00
in these hands-on certifications.
00:00
There's also walkthroughs for retired machines.
00:00
Again, if you pay for the VIP plan,
00:00
you'll have the ability to
00:00
go through these retired machines.
00:00
I can't give IppSec enough credit because
00:00
IppSec videos are really
00:00
me watching them and looking at his process,
00:00
his methodology, taught me
00:00
so much about my own methodology.
00:00
If you can look up IppSec and
00:00
his walkthroughs, they are gold.
00:00
VulnHub. Offensive Security recently sponsored this,
00:00
but these are free vulnerable machines
00:00
that people have created.
00:00
Anyone can submit them,
00:00
but I will say setting it
00:00
up in your own environment can be difficult.
00:00
Sometimes it's VMware only or VirtualBox
00:00
only and it will stay on there.
00:00
Sometimes I'll load it up and
00:00
I won't know where it is on my network,
00:00
and I'll have some awful networking issues
00:00
and not be able to figure it out.
00:00
Other times, I have no problems at all.
00:00
I just boot it up and I'm good to go.
00:00
Also, there are walkthroughs of many
00:00
of these VulnHub boxes.
00:00
Again, it's great to look at
00:00
someone's methodology and how they think through this,
00:00
how they work through these different machines.
00:00
PentesterAcademy.
00:00
I really like PentesterAcademy.
00:00
You do have to pay for it to do their labs.
00:00
Some labs are free,
00:00
but this is reverse,
00:00
where as in Hack The Box and in VulnHub,
00:00
you don't know what the vulnerability is.
00:00
In PentesterAcademy, they tell you what
00:00
the vulnerability is and then you exploit it.
00:00
I think if you want to see how
00:00
a particular vulnerability works or how to exploit it,
00:00
the PentesterAcademy is perfect for that.
00:00
OverTheWire is free.
00:00
I think this is great for beginners,
00:00
like I have right here on the slide.
00:00
Then it also teaches the basics of the command line,
00:00
which I think are vitally
00:00
important when you take these tests,
00:00
is knowing the command line.
00:00
A large part of the battle, is knowing the command line.
00:00
Give OverTheWire a try because I really
00:00
think that for a free resource,
00:00
it is very good.
00:00
TryHackMe is newer on the market,
00:00
but I do enjoy TryHackMe a lot.
00:00
It's different than Hack The Box
00:00
in that TryHackMe walks you through things.
00:00
There are certain flags or there are
00:00
certain questions you need to answer as you go along,
00:00
so hold your hand, so to speak.
00:00
If you're newer, I think this is great.
00:00
If you're seasoned,
00:00
I really enjoy not having to answer 10 questions,
00:00
but if you're newer
00:00
and you want to get the hang of this stuff,
00:00
I think this is perfect.
00:00
Also you can choose between
00:00
a browser-based virtual environment or you can use
00:00
open VPN like you would in
00:00
the PWK Labs or in Hack The Box.
00:00
I do enjoy because I like my own VM
00:00
having that option to use open VPN.
00:00
Lists of commands.
00:00
Pentestmonkey will see his reverse shells
00:00
later on in this course,
00:00
but Pentestmonkey is great.
00:00
G0tmilk has an excellent write-up
00:00
on Linux Privilege Escalation.
00:00
Medium articles, not medium in size,
00:00
but medium, the publishing company,
00:00
I guess you could call it, has
00:00
some excellent walkthroughs
00:00
of CTFs or Hack The Box machines.
00:00
GitHub repos, blogs,
00:00
you can make your own as well, of course.
00:00
Books, like I said, there
00:00
are some great books out there like
00:00
the Operator Handbook that I have sitting next to
00:00
me or the Red Team Field Manual.
00:00
If you can find a PDF version of these,
00:00
that's excellent because you can search
00:00
for it while you're taking the test.
00:00
I had these sitting next to me when I took the tests.
00:00
I didn't really use them,
00:00
but it's good to have that resource.
00:00
I read Peter Kim's,
00:00
the Hacker Playbook 1 and 2.
00:00
Three is more Red Team oriented,
00:00
but I really enjoyed
00:00
the Hacker Playbook books in preparation for these tests.
00:00
Georgia's book Penetration Testing,
00:00
A Hands-on Approach by No Starch Press was excellent.
00:00
I did the buffer overflow in that.
00:00
I think it was an excellent guide in getting
00:00
prepared for these Hands-on
00:00
pentesting certifications because basically,
00:00
everything she talks about is hands-on.
00:00
She's also coming out with a second version as
00:00
well hopefully, sometime soon,
00:00
but I know she's coming out
00:00
with her second version of that book.
00:00
Pre-built labs, DVWA,
00:00
Metasploitable, and WebGoat.
00:00
I think it's good
00:00
to get some hands-on experience in setting up
00:00
DVWA just because you have to figure out how to
00:00
create a MySQL database.
00:00
Metasploitable, will see this here.
00:00
There are so many walkthroughs for all of these.
00:00
I think is good if you're a beginner,
00:00
just because there are so many free resources
00:00
, to use it.
00:00
If you're more seasoned and getting ready for things
00:00
like OSEP and eCPPT,
00:00
you might want to move on to
00:00
TryHackMe and Hack The Box, and things like that,
00:00
just because I think they're a bit
00:00
harder than these intentionally
00:00
vulnerable pre-built labs.
00:00
Here's our quiz question.
00:00
Who offers free videos of Hack The Box walkthroughs?
00:00
Is it IppSec, Pentestmonkey or g0tmilk?
00:00
The answer is IppSec.
00:00
If you haven't seen any IppSec videos,
00:00
go ahead and search for IppSec on YouTube.
00:00
Now, you should know which resources are
00:00
available to prepare for
00:00
hands-on pentesting certifications and
00:00
determine which resources are right for you.
Up Next
Setting up the Kali Linux VM
Overview of Tools in Kali Linux
Understanding the Command Line
Who, What, When, Where and How of the Linux Command Line
Windows Command Lab
Instructed By
Similar Content
