Lets start with an apology for being away for so long. So let me tell you whats been going on, after my eJPT I decided to take a little break and I went away to Istanbul to relax. This was our last holiday without a baby so yeah.. we tried to make the most of it LOL!
Anyway when I came back I have struggled with a few personal health issues (NOT COVID-19 RELATED).
The important thing is that I am all good now and back on it!
What have I done in the last week?
Ok, so as we all know with the current situation going on and I dont want to talk too much about it but I ended up losing my contract. Lets concentrate on the positives though! I have more time to study and I ended up powering through the PTP slides and labs! I have just completed my 14th lab before I started typing this blog.
The jump from eJPT to PTP is big! I do feel it and I am definitely not comfortable with most labs. I am still applying the same studying technique I used for ejPT, which is use the visual resources and do the labs. Yes the slides are still important and part of my studying style but I use them whilst doing the lab. Also I am definitely relying heavily on the lab solutions at the moment but then again its my first time going through the labs, so I am not too worried. I am making my own notes for each lab and the plan is to make an excel spreadsheet with tips and cheat sheet for each stage of the pentest. The spreadsheet will be made before I go through all the labs again and then fine tune it with adding bits and bobs to it.
The labs I have done so far are:
- Scanning – dives deeper in to scanning techniques, focusing on nmap and hping 3. Some of the techniques covered are version detection, OS fingerprinting and Idle scans.
- VA and Exploitation – Using the techniques from the scanning labs to obtain shells
- Post – Exploitation – This lab touches up on pivoting, maintaining access and harvesting data
- Blind Penetration Testing – Tough lab! a bit of a mystery, I will definitely revisit this and see how far I can get.
- Nessus – again dives deeper in to the basics that were taught in PTS
- Cain and Abel – Loved this lab, first time I really got hands on experience with Cain and Abel. Awesome tool!
- NetBios Hacking – Techniques used for Netbios and SMB hacking (null sessions etc)
- Poisoning and Sniffing – Another enjoyable lab, focused on all sorts! Based on techniques used in the previous labs and adding additional techniques in the mix too such ARP spoofing.
- NBT-NS Poisoning and Exploitation with Responder – Tricky lab with additional metasploit modules to add, more use of powershells and pivoting.
- Client-Side Exploitation – First use of social engineering (phishing) to get access.
- DNS and SMB Relay Attack – Learned the SMB relay attack and manipulated traffic using dnsspoof
- SNMP Analysis – Lab based on SNMP – enumaration, brute forcing using hydra etc.
All labs have been very enjoyable, I have noticed the important of metasploit as majority of the labs will introduce a new exploit that you can add to your arsenal. (you really will know at the end of it how to set up a reverse tcp handler)
I have been reading other people’s reviews and I have also talked to a few people who have recently passed the exam. I am definitely very excited and everyone’s feedback for the exam is amazing! From the sound of it, its very realistic. I have also been reading up on tips for the exam and how to go about it whilst in exam mode. (more on that closer to exam date)
Since I have no job and the isolation is in full force, I really don’t have anything better to do but to carry on with PTP. The plan is to complete all the labs by next Monday. I am starting to think about exam dates too. The initial plan is to complete it by the end of April. Not sure how realistic it is but I will have a better idea by next week. Completion of labs and making an excel spreadsheet to help me through the exam is priority at the moment.
Also from reading reviews and talking to few people I have realised the importance of BOF and pivoting. I will definitely be doing further studying and use external resources to get the grasp fully!
That’s it for this week, its good to be back and I really missed blogging.
I hope the current situation this world is facing is not bringing you down, look at the positives and use this time to invest in yourself! Finish off unfinished business or start a brand new one! It really is the only way to keep yourself from going insane 🙂