2025-04-26 10:07:00
Like I said this morning at four: I'm gutted. I was expecting to fail the OSCP+ exam, but not this badly.
As outlined in the exam guide I was given six targets: three in an Active Directory environment, three individual hosts.
In the end I only got my initial footholds on two of the individual hosts.
One of them I only managed to get because I found exactly one blog post from three years ago which, in very great detail, explained how the authors had researched a very obscure piece of software and wrote a perfectly functional exploit for it. I literally only had a port number to go on when I researched this issue, because the software in question did not give any response at all unless you gave it the exact right input.
I failed at privilege escalation on these hosts for a multitude of reasons. On one of the hosts I was either overlooking very clear hints, or I was performing an exploit incorrectly. And in a few cases I just couldn't get the C exploit code compiled well and quickly enough.
I'm livid that I didn't manage to get a foothold on that third host. I should not have that much difficulty getting around input filters on a bloody webapp.
Despite my best efforts I was not able to escalate privileges on even the very first Windows AD host. If they were going for the vulnerability which I think they were, I have to say the required skill level is absolutely crazy. I can't say which CVE I thought it was, but it's literally from 2025 and only a month old with no published proof-of-concept / exploit.
That is why I think I might have been barking up the wrong tree after all. But if absolutely wonderful tools like itm4n's PrivEscCheck.ps1 can't find me a way in, I certainly don't have any hopes myself.
The skills I learned when I passed CRTP in 2019 have gotten long in the tooth and the tools I made back then no longer work.
Take-aways which I need to deal with:
Now... I need to wind down, get a lot more sleep and get back to the real world. Chill out and process all of this. Because right now I feel like an absolute fraud: "how can I teach people about pentesting and software security, if I can't pass this exam?", is what my imposter syndrome will say.
As Marli rightly points out: it's not at all strange that I didn't pass, and I did not expect to pass. She points out that I haven't "done pentesting" in a serious sense for years, and she's right. I'm on DevSecOps, and infra stuff. Basically everything I'd achieved in 2016-2019 is gone, except for the bit of API hacking I did last year. So yeah, I'm out of the loop, not exercised at all.
I discussed my situation with my colleague Leendert, an absolute huge support. We agree that, if I want to have a chance at passing this thing like I did seven years ago, I'll need about a year of solid training and studying. Multiple days a week, like I did in January and February. But as I already concluded: I'm just so damn tired. Tired from juggling multiple jobs and maybe from doing a type of work I wouldn't want to continue much longer. As Leendert (and Marli, and myself) concluded: first order of business might be to actually thoroughly rest and get back out the funk I've been in for weeks or months.
I'll do some more "navel gazing" and introspection, about where to take my career in the next year(s). In the coming months, I'll keep plugging at the CPTS training and certification exam.
EDIT:
I should speak a bit about the practical side of things, since a lot has changed there as well.
As before, OffSec's documentation and communication about the exam is great. The provide ample documentation about what to expect and how the process will work, both in workflow and technically.
The proctoring approach works well and feels trustworthy, it's all browser-based. Sharing my webcam was dead simple, although sharing both of my screens/desktops was finnicky and I couldn't get it to work reliably the first time. I had to restart the sharing a few times to get both screens properly shared.
After the first 15-20 minutes of onboarding, the proctoring was all smooth sailing. I reported via chat when I went on breaks, and the proctors were there if I needed them.
EDIT 2:
After talking it over with a few friends, I decided I was crazy to refuse to send in a report! I mean, I paid for the exam so I might as well get feedback from OffSec!
This afternoon I spent four hours, typing up a 35 page report (excluding appendices). Can you imagine how large the report would have been if I'd had been more successful!
kilala.nl tags: studies,
View or add comments (curr. 0)
2025-04-26 01:36:00
Almost exactly seven years ago I passed the OSCP examination exam. I'm currently sitting the new OSCP+.
Make no mistake, OSCP+ is not your (grand)mother's OSCP!
Two big take-aways:
I am seventeen hours in and I have two flags. Two, out of ten.
This certainly triggers a new dose of Imposter Syndrome!
EDIT:
Eighteen hours in, I give up. Still two flags out of ten and I'm dead tired.
I was expecting not to pass this exam, I knew I wouldn't. I just didn't expect it to go this badly.
kilala.nl tags: studies,
View or add comments (curr. 0)
2025-04-23 18:00:00
I was doing a few Burp Suite labs on Hack The Box earlier today. I noticed that one particular test with Intruder kept getting stuck after the second attempt. Only after restarting the lab VM on a new IP did my test start again, only to get blocked again.
It was only later, when I looked at my phone, that I put one and one together.
The lab VMs are not behind Hack the Box's VPN, they're public on the Internet. Thus my tests weren't going through the lab VPN, but they were going straight through my router.
The router with an IDS+IPS.
Unifi was blocking my "hacking". :D
kilala.nl tags: sysadmin,
View or add comments (curr. 0)
2025-04-06 11:11:00
In Dutch we have an acronym SOG (studieontwijkend gedrag), which we have dutifully verbified into SOGgen.
Hanze Hogeschool even made a sketch about it.
In English it's transliterate into SAB and SAB-ing: studies avoidant behavior. But you all would better know it by its common name: procrastination.
Heck. I'm doing it right now!
In January I jumped on the wagon to work towards two heavy exams: CPTS and OSCP+.
January and February I went at it at the strongest pace I could hold up, but in March things started falling apart. Between three customers, preparations to teach three classes, our own household, studying and a terminally ill cat I was over-working myself.
Around that time I also hit the Active Directory section of the CPTS study materials. I feel that Hack The Box have made that section too large, insofar that they should have divided it into multiple sections. In its current shape it can feel insurmountable in how large the body of knowledge is. It just feels endless, where other sections had you power through in a day or two.
Halfway through March I decided to cut back drastically on studying. It took many nudges, including a tarot spread (yes, I'll talk about that another time). So I've taken quite some time for myself, to read and relax.
Admittedly, it's hard to get back into the saddle. And I really should. Just not at my original breakneck pace.
kilala.nl tags: work, studies,
View or add comments (curr. 0)
2025-02-28 21:16:00
I was today-years-old when I realized something about SSH that I hadn't realized before.
A student of mine was using SSH to connect between two Linux hosts and he wondered if it's possible to temporarily pause or interrupt the SSH session, so he can run a few commands on the source / originating host.
I thought, surely there must be! And there is! I just never realized before. :)
Way way way back, twenty years ago, we used Cyclades terminal servers at ${Customer}. Nifty rackmounted boxes that hook up to the network and provide SSH access to 24 or more serial ports.
I remembered from back then that SSH had a command to immediately kill an SSH connection: ~.
The tilde being the stop / escape character for SSH and the dot being the kill command. You could also quickly type ~? in an SSH session to pull up a menu.
To answer my student's question, I hopped into my Fedora box from Windows with SSH and then did another SSH to Ubuntu. That's one SSH after connecting using another.
You can stack multiple tildes to indicate which SSH client you're talking to. Typing ~. kills the Windows to Fedora connection, while ~~. kills the Fedora to Ubuntu connection.
Looking at the ~? menu I noticed a few neat options, including ~^Z.
In Unix terminals, ^Z (ctrl Z) is used to send a suspend / SIGSTOP to your running process. So indeed, the following happened:
tess@ubuntu $ hostname
ubuntu
tess@ubuntu $ ~^Z
bash: suspended ssh
tess@fedora $ hostname
fedora
tess@fedora $ fg
tess@ubuntu
It works! :D
kilala.nl tags: work, mentor, studies,
View or add comments (curr. 0)
2025-02-27 11:21:00
The cards shown in the image above are from the Eldritch Overload tarot deck, by weird.works.
Last summer I did some soul-searching, some introspection, to figure out which direction I could or should take my career. I learned a lot about myself, by asking myself a few simple questions and then mind mapping my answers.
At the time I, once again, determined that Discord is a big pitfall for me (as is Reddit). So this week I quit Discord cold turkey; it's done me a lot of good!
Another big issues which I found for myself is trying to do too many things at the same time. And I'm doing it again!
I'm currently teaching three classes and juggling three different consulting customers. I also have our household and my business to run and I have my own studies to keep up with.
Today I turned to another introspection tool: tarot.
I'm not one for mysticism or esotery (that changed since my early late teenage years), I don't believe in some unseen force telling me stuff through pieces of cardboard. What I do find in tarot, is another way of asking myself questions. These cards and their suggested meanings provide me another point of view on a situation.
I posited the following:
"I feel that I must learn and study, to keep up with the times, to keep my career and employability viable. I even started making less billable hours to make more time for studying! I'm generating a lot less income, while trying to rush for certifications. This isn't a problem yet, but can I keep up with this?"
I pulled the cards shown at the top of this post:
The Eldritch Overload cyberpunk tarot deck is lovely and the accompanying guide is both gorgeous and helpful.
My interpretation of these pulls:
Taking an hour to mull things over, I decided that:
kilala.nl tags: life,
View or add comments (curr. 1)
2025-02-23 10:23:00
I'm on various IT-learning Discords, to my own detriment sometimes, that's no secret.
On one of the servers, three or four of us experienced folks have been coaching one particular learner who's been on A+ 1101 for six months now. Along the way, the student has had a much lower pace than the average student and almost every topic leads to days-long discussions on intricacies or on misunderstandings of the topic.
It's to such a point that some of the new faces (whom join the server every week) utter things like "surely you're trolling" and "you can't be serious".
Among the seniors we've discussed the matter and we're sure this learner is not a troll. Instead there are a number of clues that point at either a learning disability, neurodivergence or simply a somewhat lower cognitive capability. These include:
Recognizing such indicators is one thing, knowing how to deal with them is another thing entirely. Unfortunately we're not quite equipped for it.
For one, each of us is just another visitor of the Discord server. We do this in our spare time, to help others and to have a little fun along the way. It's not within our capabilities to spend 4+ hours every day providing 1:1 coaching to this learner.
Sub-optimal factors for the learner:
I have theorized that the learner in question surely would be better served by attending a "real" school: brick & mortar buildings, full-on interaction between students and teachers, a teacher who can immediately notice that a student is struggling. Unfortunately, going to such a school is not always an option given factors like location, region, personal budget and their social situation or upbringing.
It's been an interesting journey.
Just today I've had to remind some of the others in the server that not every brain operates in the same fashion. Case in point:
View or add comments (curr. 0)
2025-02-12 19:52:00
On the CompTIA Instructor's Network, Greg wondered whether DOGE (the newly minted NGO in the US) is actually a threat to national security. A lively discussion broke out, where Hank remarked:
"In this case, I am not sure how to discuss the technical issues without politics."
I suggested that we can discuss the issue, from the point of view of the aspects of infosec which we teach: Risk management. Threat modeling. Assumed breach. Access controls. Data destruction.
So here's a threat modeling exercise:
The case:
Question to the students:
Which security controls can we put in place to disrupt the threat actor's activities and to prevent or mitigate the threat actor's interests and activities?
View or add comments (curr. 0)
All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.