Heralabs completed!

Hi Everyone!

I hope you are all well and keeping safe during this crazy time we are living in. As difficult of a period this is, we can however take some positives from this. I really believe this is as good of a time as any to invest in yourself. Use this time wisely and whilst we are on this topic I would like to thank ELearnSecurity for giving all their member 20 hours additional lab time! This just shows how awesome the team at ELearnSecurity is and how much they care about their members.

What have I done in the last week?

If you read my last post you will know that I set myself a target of completing the labs by today and yes I managed to complete them all apart from the Ruby labs. Honestly I relied a lot on the solutions so I know I am nowhere near ready for this exam. The solutions are helpful but they are not like the PTS solutions where every step is fairly detailed. PTP expects you to know the basics especially when it comes to moving around in your OS.

I also realised that the benefit of doing a test run of the labs is to sort your tools out. I spent a lot of time configuring and adding tools to Kali. Some were outdated (I really struggled with the Linux labs which rely heavily on SMB) and some I just didn’t have, so the labs took much longer to do. I have made a snapshot of my Kali Linux now. The idea is that the second run of the labs will be much smoother because all the tools should technically run smoothly and I wont have to waste time finding the tools and updating them.

The labs I did over the week were:

  • Privilege Escalation – Practising different privilege escalation techniques
  • Privilege Escalation Via Services – Similar to previous lab but learning about identifying vulnerable service configurations.
  • Finding and Exploiting DLL Hijacking Vulnerabilities – The lab is exactly what it says it is, very enjoyable never the less!
  • Bypassing AV – Different techniques to bypass AV and introduction to the tool VEIL.
  • From XSS to Domain Admin – Using the tool beef & metasploit to get shell
  • ICMP Redirect Attack – MITM attack to get valid credentials
  • Leveraging PowerShell During Exploitation – Introduction to PowerShell
  • PowerShell for Post-Exploitation and Lateral Movement – More use of PowerShell
  • Linxu Exploitation: Labs 1-4 – Labs about Linux enumeration and lateral movement.
  • WebApp Labs – Introduction – Small lab about cookies
  • WebApp Labs – Web Application Attacks – Labs about XSS, SQL, CSRF etc

All the labs were very enjoyable and some were frustrating too but that was mainly because of the tools not working properly. I really enjoyed the WebApp labs and I really didn’t get along with the PowerShell labs! Privilege Escalations labs were useful and I learned a lot from them. I also struggled with the Linux labs and I know that is something I have to work on.

Overall the experience has been great. It has made me realise how much I need to do and how far I am from passing the exam at the moment. I also now know what the meaning of the word patience is!

Upcoming Week

Given the circumstances, I cant see anything change in the next week. So my full focus will still be on PTP and labs by spending aprox 8/9 hours a day. I dont want to start with the labs straight away though. To pass this exam, I need to tweak my learning style slightly here. Given the facts that I have done all the labs and I learnt a hell of a lot from them, I feel the need to go over learning resources, read the slides of all the topics I struggled on.

Another big thing I will be concentrating on is making Excel spreadsheet. Its an idea I have been contemplating for a while now and figuring out what the best way would be. I used Cherrytree to make notes but I don’t think its a good strategy for the exam when i want to pick small pieces of information really quickly. So over the next few days I will be working on my spreadsheet. I am thinking of dividing it into sections of the methodology. There is no timescale on how long this will take me as it is a trial and error and I am not too concerned either.

Once the spreadsheet is completed, I will re do all the labs and see if it has helped me. The plan is to smash this exam out of the park and prepare for as long as it takes and get to a level where most of it all feels second nature to me.

So that is it for this week! If you guys have any feedback, any questions or any tips that could help me with this exam that would be great! Also a quick shout out to all the people who have messaged me on LinkedIn over the past week, the conversations are always very insightful and I learn a lot from you guys! Thank you all for the support! Good luck for this week, stay safe and keep slaying whatever you are doing!

Please follow and like!

Leave a Reply

Your email address will not be published. Required fields are marked *