Zero to OSCP Hero - PWK Course - Week 1

08/02/2020

PWK Course - Week 1 

 After completing 21 of the OSCP like boxes from HacktheBox thanks to @TJ_Null over the past few months, I was able to finally get the chance to gain my OSCP certification, thanks to my awesome employers, @OnSecurity

It has been a week since I started the PWK course and after spending quite a few hours in the labs and on the coursework, I thought I'd give my opinion on the PWK course so far! 

1. PDF and Video Course Material 

When the clock strikes 00:00 on your start date, youll recieve a couple of emails with credentials for the forum, and download links for the course material, both the pdf documentation and the video's html link. It is important to download these and store them in a google drive or similar, as after 72 hours you will lose access to the download links, meaning a hefty $100 price to pay if you want to have the material.. ouchy.  

After gaining my eJPT and eCPPT certifications through eLearnSecurity's PTS and PTP courses (eLearnSecurity Junior Penetration Tester/Professional Penetration Tester) where the course material and videos were in depth and gave you all the information you needed to know to pass the exams, the material given for the PWK course is more 'heres the basics, now go and learn it in more detail for yourself' which I find, and have found so far, to be a better way of expanding your knowledge without it being spoon-fed to you.

Throughout the pdf coursework, there are various exercises that need to be completed and documented in a report in order to gain the additional 5 points in the exam, but as i am too keen to get stuck into the labs, I have decided at the moment to skip these exercises and jump straight into the lab machines, whilst still taking thorough notes in case i decide to go back and cover the exercises for the exam report.  

The way I have been working through the pdf, videos and labs so far has been to read a chapter of the pdf, watch the video covering the topic then try and put it into practice on an actual lab machine. 

2. Lab Machines!

Now this is what everyone cant wait to start getting their teeth into when they sign up for the PWK course, and after just 1 week I completely understand.. They are great and really addictive! 

In 7 days, I have rooted/gained system on 13 boxes so far, with the difficulty of some ranging from boot to root to a couple more in depth and difficult machines that require the knowledge of when to realise you are in a rabbit hole!

The one thing to remember is that gaining the proof flag isnt the end goal. You have to remember this isnt a CTF, it needs to be treated like a real pentest with decent post exploitation. Do you see an sql server running? Can you access the databases and gain important information? Grab the hashes of users.. Are they used elsewhere on the lab network? Does this machine have access to another network? ... Trust me, conducting proper post exploitation is needed in the labs. 

I would say though, that the 21 HacktheBox machines I used to prep for the PWK course has really set me up in a good spot, you instantly recognise some ports, services, versions of vulnerable machines that you have already encountered by doing the retired hackthebox machines, giving you a head start going into the labs. 

3. Useful resources so far

Here is a list of some of the resources that have helped me out so far in the labs: 

4. Conclusion 

Well After 1 week, I am loving the PWK course so far, I'm quite proud that I've managed to complete 13 boxes within the first week whilst also spending time going through the coursework.. Cant wait for what next week brings! :D 

p.s try har.. ;)