Comments for Prolific Solutions

Comment on Passed the Offensive Security OSCP Exam! by Janis

Janis — Tue, 19 Apr 2011 10:53:18 +0000

Can you tell more about vectors in this exam. I’ll try to pass it after few days and need to know a vectors to don’t test all dead end ways!

Comment on Shellcode, Assembly and Buffer Overflow by Nick

Nick — Mon, 21 Feb 2011 21:44:23 +0000

Alexia, while the TOS\agreements we signed with Offsec prevents me from just spelling out a walk-through on how to get at specific machines, I’ll try to give you productive advice. Also, I’d like to note that part of the way this course works is it forces you to “try harder” (heard that a few times in the IRC and forums I’m sure!), and the reward after you figure out the solution is very fulfilling. I highly suggest getting onto the IRC channel (#offsec on freenode) and also trolling the forums if you haven’t been already. Don’t just blatantly ask for the answer, but tips and guidance is allowed. The IRC is a godsend, trust me! Sorry I can’t be more specific but A). I want you to succeed with this course and get the full advantage and B). It’s been so long that I would have to go back to my notes to even remember what the attack scenario was! Good luck, happy hunting… and to quote the Offsec crew: “Try Harder!”

Comment on Shellcode, Assembly and Buffer Overflow by AC

AC — Sun, 20 Feb 2011 18:31:00 +0000

Can you please assist me with the sendmail 8.12.8 vulnerability how can we take root access on the computer? thanks in advance

Comment on Vulnerability Assessment by The Re-Write of proVM Auditor | Prolific Solutions

The Re-Write of proVM Auditor | Prolific Solutions — Thu, 25 Nov 2010 11:38:57 +0000

[...] of this solution. Something that will permanently reside onsite with organizations that conduct vulnerability assessments to help them better manage their results, trend their data, and help facilitate the resolution of [...]

Comment on Offensive Security Penetration Testing With Backtrack (PWB3) by Nick

Nick — Mon, 13 Sep 2010 13:43:06 +0000

marco,

There’s not much I can say to help you with the course. Not only due to the NDA, but because this course is about you learning things on your own. The usually Offsec mantra of “Try Harder!” can be frustrating at times, but it’s also true. There were plenty of times where I thought to myself “I have no more ideas, I can’t figure this out!”. But then, after reviewing the Offsec forums, researching and thinking about the problem from a different angle I would have an “AH HA” moment and be right as rain. Don’t get stuck thinking only about one attack vector or on one machine. Review the lab PDF and videos more, research on the Internet and review the Offsec forums. Remember that most of the machines have multiple avenues in. I’m going back to machines that I previously compromised and looking for those other avenues right now, and I’m discovering a lot. Good luck!

Comment on Offensive Security Penetration Testing With Backtrack (PWB3) by Nick

Nick — Mon, 13 Sep 2010 13:35:08 +0000

I had the same debate with myself when deciding to take the course. I opted for the 60 days of lab access and I’m very glad I did (I actually bought 15 extra days at the end of my lab time!). The answer for you really depends on your learning style and how you tackle the course, but I have heard that most folks use every bit of the 60 days. For me, the reason was that for the first 3-4 weeks I was going through the course material (PDF and videos). For the enumeration modules you do use the lab space, but for the most part you practice a lot of techniques without having to focus on lab machines (other than your XP lab box). I didn’t want to start attacking lab machines until I had completed all of the course modules. My thought process was “what if the course teaches me a method to exploit machines that I could be using?” If I didn’t know that method I’d be spinning wheels trying to exploit machines without having the tools or knowledge to do so. For me, the first 15-20 days of my lab times was used up before I really started using the lab to its fullest extent. I watched all of the videos and read through PDF, completed all of the exercises (and tried to get all of the extra credit ones too!). Your lab time begins the moment your course does, so remember that. However, if you can spend a lot of time upfront on the course and get into the lab pretty quickly, and you can dedicate many hours then 30 may suite your needs. My job as well as family required some of my attention so I had to spread the course out over a longer period of time. Also, I got addicted to the labs! Once you get started you can burn hours in them and it feels like minutes. Setting up your own VM environment is a good idea, and I have also done that. But, this course does not just teach you how to scan for vulnerable services and exploit them. It’s got a lot of depth and there’s something special about trying to get into a box you have no prior knowledge about. If you setup your lab you’ll have an in depth knowledge of the machines’ weaknesses. This is good for practice on exploiting services but the Offsec lab is so much more useful to learn about penetration testing. I really enjoyed the lab time, even when it was frustrating because once you start making headway it’s that much more rewarding. I haven’t sat the exam yet, just scheduled it actually. Pretty excited about it. Ironically I added 15 days of lab time when I had 2 days of lab time left. My goal was to get into the final network and got into the next day. But I’m using this time (11 days left) to continue practicing and I’m discovering things that I missed. I hope you opt to take the course. I think everyone interested in IT security (for careers or otherwise) should. Good luck!

Comment on Offensive Security Penetration Testing With Backtrack (PWB3) by Justan Telusto

Justan Telusto — Mon, 13 Sep 2010 03:58:43 +0000

Nick,
I am considering taking this course. Can you please recommend how I should decide on the amount of days for lab access? 30, 60, or 90?
If you are trying to save money would 30 days lab option be suitable, and some extra effort in setting up your own VM lab environment?

There are vulnerable OS VM images you can download which should also simply the process.

Comment on Offensive Security Penetration Testing With Backtrack (PWB3) by marco

marco — Thu, 09 Sep 2010 10:09:35 +0000

Hi Nick, I’d like to talk about this course. I’m trying to get the certificate but I’m having troubles.
Thanks,

Comment on Analyze Malware In The Time It Takes To Grab a Cup Of Coffee by Rob

Rob — Tue, 17 Aug 2010 13:32:28 +0000

Nick,

Having worked in the IDS field for a few years, this kind of website can be an absolute time saver! To add to the list of sites, Sunbelt Software Security also has an online sandbox to submit malware samples to. They send you a full report via email with all the information you listed above. Main site is http://www.sunbeltsecurity.com/ with their sandbox located at http://www.sunbeltsecurity.com/sandbox/.

Comment on White Papers by Fall 2010 IATAC Newsletter | Prolific Solutions

Fall 2010 IATAC Newsletter | Prolific Solutions — Mon, 16 Aug 2010 17:58:36 +0000

[...] The article being published is currently available in the White Papers area of our website: http://prolific-solutions.net/white-papers/. [...]