Goodbye OSCP (for now), Hello CPTS path!
unfortunately, i did not make the OSCP cutoff during my attempt the other day... however, that didn't really bring me down!
to recap...
i had purchased my OSCP all the way back in february! i'm pretty sure it was only this year i had dipped my toes into hacking and decided during my college time that this is what i wanted to pursue.. it just felt right! it was in the middle of a really empty semester and my breaks, and i had a lot of time to dedicate myself to the labs.
i managed to finish the labs in that span of my 3 month lab duration, got the bonus points and rushed to finish the challenge labs... i gave myself a lot of time between after that and my scheduled exam to practice!
and so i did... maybe not everyday like some i've seen... but i believe i had practiced enough to accomplish at least what i heard was a clear AD set! turns out, maybe i overestimated my mark a lil... ^q^
i was about halfway through a nice pass due to getting stuck on a privesc in the middle of the 3 AD set boxes... i believe here's where i went wrong: i didn't prepare enough to privesc the client machines and prepared especially for the AD part itself
i can say that i did prepare for the exam environment, and worked to the best of my abilities - though i have room for improvement in especially time management... there was not a moment where i was distracted, even the times where i had to step back and sit down somewhere else in the house i just thought... what have i done? where can i go from here? is there something really simple i'm missing? and i can say - although some things were not very straightforward, i could understand the path i needed to undertake... the next step is practice practice practice so that i can fully exploit the chain!
i'd compare it to my drivers license, failed a bunch, but with a lot of practice and driving again and again it becomes a repeated methodology that i know like the back of my hand! the offsec "try harder" motto is overstated, but i do think it's very applicable
for the time being until my cooloff period ends, which is right on time for both my graduation, internship end and when the OSCP+ exam becomes available, i've decided to take the CPTS path! (the student discount is extremely good)
will i take the exam? probably not... at least not while i haven't completed my OSCP, and also at least not until i feel more confident in my skillset... but so far, i think it's a solid choice!
my other plans were to either take the eJPT or the PJPT (of course, everyone wants a nice cert to place on their resume) but after some advice and remembering the HTB discount i've decided that this was a good time to invest more in my skills. also, now i can compare the lab material between offsec and HTB
quality: my pre-OSCP knowledge was basic HTB and CTF stuff, and my pre-CPTS knowledge was my OSCP material and everything i've learned since then. i thought the offsec materials were quite adequate, and a very good linear path especially for somebody who's just beginning
obviously, not all material is made equal - each module is written by a different person, in both the offsec and HTB courses, but i found that while OSCP was quite linear, providing every possible step, the CPTS material is rather more like a cheat sheet.
however, the CPTS material is VERY in depth and while the OSCP has things that aren't even included in the exam, the CPTS material everything you need to know with noticeably more depth. i find that, even now, the course is teaching a lot more than i expected to know. there's a good reason that the CPTS is revered as high quality!
labs: while offsec only allows connections through openvpn, HTB has the added benefit of the pwnbox - so you can go through your labs without needing to open up your VM. i think it's pretty convenient! if i were doing something i've never done on my machine before, or if i was going completely fresh, i'd say you should definitely do any exercises on your local box. HTB offers different VPN locations, but i don't think i've had THAT much issues with my offsec VPN packs
so yes! i will try again either within Q4 this year or next year... and if i must fail i shall fail harder!
in other news: will i start writing my posts in proper capitalisation? well, i quite like how personal writing like this feels... feels more like talking through text! anyways, have a nice day reader!