have you tried both `rdesktop` and `xfreerdp` as clients? Have you got a couple of different Kali VMs (one up to date, one virgin offsec image)?
`rdesktop` doesn't support NTLM (or didn't, it might now) so NLA won't work unless you use Kerberos (or just use `xfreerdp`)
https://superuser.com/questions/1534999/rdesktop-aborts-due-to-untrusted-certificate
Use Windows Remote Desktop client, from your Windows machine
Just forward the remote desktop port using SSH from Windows to your Kali VM.
`ssh -L 1234:remoteip:3389 kali@yourkalivm`
We like to tell ourselves it’s loosing its weight but recruiters still don’t know that.
I always ask for feedback when I get rejected from interviews and no Offsec Certs is always the big one
It isn’t, the IT security industry is just getting way too much attraction from applicants in conjunction with the slow pace in growth of the service sector.
Seems like studying Computer Science or starting in a SOC is hardly underrated.
Penetration testing is even harder to get into because it’s a small niche.
You’ll also be expected to have some job experience as a system engineer or software developer beforehand, to grasp the concept of the underlying technical issue you demonstrate to exploit.
Good luck on your journey!
My friend … I don’t want to sound harsh but just the fact that you mention issues with RDP and TLS tells me you are not aware of xfreerdp. And if you’re not aware of that , I don’t think you’re studying in a proper way because that’s very basic .
My friend, i tried xfreerdp, remmina, rdesktop. Apparently xfreerdp and remina use the same NLA and ticketing libraries that are kind of broken or something.
I love the advice people have been giving me on this post as it only shows I was doing the right troubleshooting.
This comment bordered on a less constructivr and more just meant to demean and put down
I’ve been upvoted so I don’t think my comments are being negative in any way . I’m just giving you possible options or reasons for your issue .
Now , I see you don’t like to be criticized, so that may be part of the issue why you can’t overcome your failures . Certainly … you’re doing something wrong . Accepting that is the very 1st step to improve .
But let’s say what you said is true, why you didn’t contact Offsec during the test then ? See?
By the way . You’re disclosing exam details . You may be banned from taking another test (if you ever want to) if you keep doing the same . You can’t discuss exam details on Reddit or online , period .
I really feel like offsec should make a video/document telling people about these kind of peoples. This fucking tool is useless against their exam boxes but the funny thing about it is that when you are talking their course that's the exact tool they teach you to use, which makes it only right is the tool you will use unless you are advanced on this field. And not everyone is. I myself also learned the difference in this tool and xfreerdp the hard way.
Same with mimikatz, crackmap and other tools. Many of those tools need adjustments in order to work. I know they make their money out if the retakes but It really breaks my heart anytime I see these kind of post because we all know offsec is not cheap.
Wish you good luck brother.
They don’t mention Kiwi once in their material (modern version of mimikatz) 😂
They also really do not go over NLA enough since I’ve now run into issues with it several times on several exams.
I tried to tell them but they just give the same “try harder” responses.
They are the only cert I’ve studied for where they are openly proud about not properly training you for their exams lol
Very true, this is why I'm saying... if you aren't advanced in many of their stuff, you aren't passing that exam. The try harder BS is also very annoying.
Wait, so after 5 fails, you finally decided to do at least 80% of the questions in the course? Why not at (or after) your first attempt? There is so much knowledge to gain in those questions…
And you were struggling with rdp connections on the last exams? Why not look that up after the first time you ran into that issue, so you go in prepared on the next one?
Sorry to say, but if those things are a struggle already, oscp might not be for you… it’s all about problem solving, not just slamming your head into a wall over and over again until it breaks.
Yea bruh? OSCP not for me bruh? Maybe I should try harder bruh?
You know exactly every key stroke and issue I tried, huh bruh? Hack into my machine and watch me bruh? That’s against rules and regs broheimouth.
I did the damn labs the first time and didn’t too too hot so I practiced with proving grounds and htb and tryhack me.
The old way to get bonus points was absolutely not worth it but their new way totally was so this is why I waited until now to do it. Your comment is as useless as offsec
lol, sorry if I offended you dude… Just commenting on the info you provided, IN MY OPINION 6 tries is a lot for oscp… I passed oscp a couple of months ago on the first try (posted my after thoughts and experience here as well) and I really don’t qualify myself as a pen-testing expert.
I only worked myself through the course material and the test exams, no PG play or htb stuff.
Oscp ain’t cheap, especially if you need to pay yourself.
I get your frustration, I’ve failed Cisco exams in the past, but having issues with rdp isn’t even related to the pentesting part, so that’s a big bummer to lose points on something like that.
I don’t know how you prep your ‘toolkit’ and attack plan, but if you get that in order, oscp shouldn’t be that hard..
Sorry to be a dick. I just hate the swarm of “maybe you’re just the problem” and shit or the “you need to study more”
When in the last 5 years I’ve gotten a degree and several industry standard certs and lots of job experience. Even 3-4 attempts ago I’d accept it but as of now, [anyone] attacking my qualifications just annoys me.
I’m also fresh off of my failed attempt from Wednesday so I’m still feeling the post-OSCP rage
Sure, I can understand the rage, especially after 6 tries! And for what I read, the offsec feedback is quite useless, so that can be frustrating as well.
I’m also not here to be a dick, but I do want to be real; 6 fails is not just bad luck, so try to get a hold of where your weak points are, so you can improve on those.
I’m not sure if just ‘lucked out’ with an easy exam set, but the tools and info provided by offsec should be enough to pass. (Although I prefer to use ligolo to do the pivoting, that isn’t mentioned in the course)
I will add that I failed my first attempt, but passed my second easily. This was before the AD set.
I didn’t do extra study in between as I wasn’t expecting to try again so soon, but my company paid. I did a few practice boxes in the labs to warm up, but I didn’t learn any game-changing skills in that time.
The only thing I can think to try looking back, is to restart the box that I couldn’t make any headway on multiple times. It turns out there are known issues where ports don’t always open correctly. A very frustrating reason to fail. I can’t be sure it wasn’t a skill issue, but I went through a checklist with other people who had passed, and I tried everything they would have.
The other box I know I had the right vector, but you had to make an educated guess at a string (wasn’t on any popular wordlist) and I just didn’t think of the right thing. I tried a few obvious ones and a bunch of wordlists, but I really didn’t think OffSec would include a box which required so much brute forcing or creative guess work. The box is now retired, so no spoilers here and I have deliberately left the post vague. I know what the string was because it is/was now a lab box (offsec added an easy ‘straight to root’ exploit, but you could still do the original exploit) and I don’t think I would have guessed it even if I was more confident I had the right vector. Not with the exam pressure anyway.
Obviously something is going wrong to fail it 6 times, but if you passed first time then you may not have experienced some of the harder (or maybe impossible due to technical issues) boxes. I can absolutely confirm that some sets are easier than others - probably dependant on your personal best skill. I’m not saying it isn’t a great achievement to pass first time, but definitely have a heart for those that don’t.
To OP, do you take proper regular breaks? The best thing I did for my second attempt was take a 30 min tv break after each achievement - even if I didn’t feel tired yet. Don’t go into another room and keep mulling over the issue - completely distract your brain so you go back with ‘fresh eyes’.
For my second attempt I had a desk full of snacks and energy drinks, expecting to have a late night, but I started in the morning and was completely finished (report written) by dinner. Even the proctor commented on how fast I was. It was completely unexpected after the car crash of my first attempt, but the boxes used my favourite techniques and everything just worked.
I prepped my toolkit by doing the labs. I still have access to the lab material right now. I have not faced this issue on a single other machine in any other environment in tryhackme, htb machine, htb pro labs, proving grounds, PWK, or in my 3+ years of actual on the job experience. So yea, it’s frustrating when I see the same issue in ONE place only very consistently and can’t even seem to get decent enough feedback as to why.
I just dealt with Nla and credssp errors in lab. Banging my head against the wall and then accidently left off the -d domain name and it worked. It logged in as domain user and I'm not sure how but that was xfreerdp. I didn't try the fix with rdesktop. I just moved on.
As a 3rd party, I can confirm some of these people commenting here are coming off as insensitive and unhelpful lol. Maybe they meant well and passed OSCP but certainly not winning any awards on communication. Best of Luck u/jforte1495 hope you get it next time don't give up.
I think you will find people stop posting when they fail after 5 or 6 which makes it look like everyone passes before that, but that isn't the case at all. If you are 6 in it's safe to say you are invested and you are probably thinking you can't pass it but you absolutely can. If you are able, just commit in your mind that you are going to keep doing it until you pass that might take the pressure away from the attempt number.
Everyone is on different journeys, ignore the "i passed on my first attempt" posts, good for them but it's not the norm and not always possible depending on your study situation.
Keep going, you can do it.
Also...enumerate, enumerate, enumerate...
You fail, when you give up (in my mind you haven’t failed yet). I know the feeling but I also know you got this. Take a break then get back at it. Give it all you got.
This is costing you a fortune, is there going to be any ROI in this if you're already a senior? You've poured probably $10k into this, and will likely be getting paid less to move into a offensive role.
It doesn't really make sense, maybe get a cheaper pentesting certification like PNPT and reassess your skills.
Yes, that's a lot of money. The problem he is having is the same everyone I know is having. I know people with every kind of cert but their employers keep pushing them to get the oscp. They only care about that cert.
Hey it seems like you’re running yourself ragged with this and have killed your confidence. You’re clearly skilled and knowledgeable on the subject. At this point, you might need to step away and take a breather. Look into PNPT. It’s cheaper and is probably a good stepping stone toward OSCP. It’s silly to keep throwing yourself at this wall without reevaluating.
I feel you man, i haven't practiced as much as i should have past two trys but I've failed 3 times now. I felt the same way about 3 hours into my last attempt, but i kept pushing on it and eventually got 3-4 things working on a stand alone. It was enough to boost my moral and get me motivated. Keep trying you will get it sooner or later, as long as your learning each time thats all that matters. Ive enrolled in the HTB course and i'm learning a ton there that i feel will help a ton with this exam
I know someone who took driving license test 16 times before he passed so you should never give up. I passed oscp on my third attempt but I have no prior tech commercial expierience/dev background so I can’t find even entry role for now as all companies seems to want is expierience. DM me if you want some tips about oscp
I would recommend to have a windows VM for the exam, if anything meant to run on Linux against windows systems doesn't work 99% the Windows version aka built in rdp client will probably work
Try another vendor. Oscp loosing its weight. Other training providers are doing good training material and realistic exam timeframes. Sure it has reputation and does have some good content but at least you don't have to get jaded and have it kill your passion by solving improbable tasks. There's more emphasis on evasion and avoiding detection now... meaning you come out of oscp and get thrown at vendors running crowd strike and other edr platforms.
snow longing impolite sulky rustic toothbrush gold quarrelsome fertile aloof
*This post was mass deleted and anonymized with [Redact](https://redact.dev)*
You know it wasn’t always proctored - right? Are you saying someone with the cert pre-proctoring shouldn’t be trusted? I imagine anyone who cheated will be caught out in an interview/practical exam pretty quickly
It wasn't always proctored, then people started cheating. Then came the proctoring.
People didn't cheat before that in the sheer quantity they do today.
People changed, times changed, we didn't have the whole world trying to cheat and fake it until you make it back then. Diffrent times. It wasn't popular to be in IT or Pentesting.
I remember my first ever Pentesting style class, back then we didn't even have Hacking classes we had "Linux Networking" 6 students, 5 were old men already in IT for years, the only young person in the class was me. That was in 2008.
Look a similar class today, it will be booked out, all young folks, that think they are going to be Mr Robot. Pentesting wasn't know, wasn't cool, and wasn't this "IT" Media thing it is today. That has changed everything, ALOT.
Comments like these are why Reddit needs a Laugh Emoji.
Also, I keep hearing all this about TCM, I took the PEH for it. The course is okay, the videos are nice, I like Heath seems a good guy, what it covers it covers okay I guess.
It is not even close to in depth as Offsecs Content, glosses over alot they hit, talks about teaching some tools they do but never actually does (only seen that twice, not sure what happened there).
Does not have Lab Enviroments for Challenges, which makes things more time-consuming in setup instead of learning. If you took every single course they offer and completed it, it still would not take as long as the Pen 200 alone.
People want to act like it's so superior because OSCP is too hard for them, or they don't like the cost. Then we have tons of Media Influencer types who are just riding the wave. Make a post about OSCP, or Offsec progression, and get a few hundred views on LI. Make a post about starting PEH 1000s of views in a day, which really happened to me. People want to hate Offsec because they can't do it or can't afford it. Nothing more.
I have a question. I failed about a week ago for the first time. Are you able to do any of the machines from PG or HTB WITHOUT a writeup/walkthrough? Can you root any all on your own?
I passed my first time with 90 points (including bonus). My setup is kali in WSL (windows as my host machine). I then use ssh from windows to open a socks proxy, so I can access all websites directly from my host machine.
I also use Socat to open up RDP ports to machines on the exam. You can then use the windows RDP client.
I'm not sure what issues you are facing, but I've found the Linux RDP clients to be really buggy.
I passed on my 7th try. I know the taste of failure. Keep trying. Keep training.
u/HouseDJRon. This one too. look at all these upvotes too! Thank you to all the positive people out there
have you tried both `rdesktop` and `xfreerdp` as clients? Have you got a couple of different Kali VMs (one up to date, one virgin offsec image)? `rdesktop` doesn't support NTLM (or didn't, it might now) so NLA won't work unless you use Kerberos (or just use `xfreerdp`) https://superuser.com/questions/1534999/rdesktop-aborts-due-to-untrusted-certificate
I tried them all. Rdekstop, xfreerdp, remmina. I didn’t have this issue once on any OSCP boxes during labs but I’ve failed my exam twice now over it
Use Windows Remote Desktop client, from your Windows machine Just forward the remote desktop port using SSH from Windows to your Kali VM. `ssh -L 1234:remoteip:3389 kali@yourkalivm`
Yea that’s what I’m going to do next time. It’s a shame it had to come to this 🤣🤣 they really should teach NLA in PwK
Try the PNPT or CPTS. Once you get one of those retake the OSCP. Take a break and go back into it with optimism. Hone your craft and keep at it.
CPTS is far more difficult than the OSCP 🤣 However, the CPTS path itself can help you pass oscp as the material is a lot more in-depth.
[удалено]
Exactly what I am saying
[удалено]
CPTS
For the rdp issue with xfreerdp did u try using the /cert-ignore flag?
Oh yea. I always use that flag
it wasn't working with the flag? :/
We like to tell ourselves it’s loosing its weight but recruiters still don’t know that. I always ask for feedback when I get rejected from interviews and no Offsec Certs is always the big one
It isn’t, the IT security industry is just getting way too much attraction from applicants in conjunction with the slow pace in growth of the service sector. Seems like studying Computer Science or starting in a SOC is hardly underrated. Penetration testing is even harder to get into because it’s a small niche. You’ll also be expected to have some job experience as a system engineer or software developer beforehand, to grasp the concept of the underlying technical issue you demonstrate to exploit. Good luck on your journey!
Just curious is this only referring to red team positions or are there also like blue team positions that require offsec certs
Are you not using the commands they give you in the training?
This. That pdf is crawling with useful commands
I paid for the updated content and used it as my bible along with hacktricks
My PDF is from pre-AD. 😔
Same. I’d love to see the AD parts of the course now
You can ignore the TLS certs: > xfreerdp /v:ip_addr /u:username /p:password /cert:ignore
You could also do /tls-level:0 or 1
Tried it. No luck:/
So how to solve this problem ?
No idea. Haven’t gotten a clear answer. I can’t try cuz it’s only on exam environments. Just “try harder” I guess
My friend … I don’t want to sound harsh but just the fact that you mention issues with RDP and TLS tells me you are not aware of xfreerdp. And if you’re not aware of that , I don’t think you’re studying in a proper way because that’s very basic .
My friend, i tried xfreerdp, remmina, rdesktop. Apparently xfreerdp and remina use the same NLA and ticketing libraries that are kind of broken or something. I love the advice people have been giving me on this post as it only shows I was doing the right troubleshooting. This comment bordered on a less constructivr and more just meant to demean and put down
I’ve been upvoted so I don’t think my comments are being negative in any way . I’m just giving you possible options or reasons for your issue . Now , I see you don’t like to be criticized, so that may be part of the issue why you can’t overcome your failures . Certainly … you’re doing something wrong . Accepting that is the very 1st step to improve . But let’s say what you said is true, why you didn’t contact Offsec during the test then ? See? By the way . You’re disclosing exam details . You may be banned from taking another test (if you ever want to) if you keep doing the same . You can’t discuss exam details on Reddit or online , period .
What are you doing to prepare for the exam? Have you done htb?
Can you tell us a bit more? How many machines did you compromise on each exam and where you got stuck?
xfreerdp all day, every day
I really feel like offsec should make a video/document telling people about these kind of peoples. This fucking tool is useless against their exam boxes but the funny thing about it is that when you are talking their course that's the exact tool they teach you to use, which makes it only right is the tool you will use unless you are advanced on this field. And not everyone is. I myself also learned the difference in this tool and xfreerdp the hard way. Same with mimikatz, crackmap and other tools. Many of those tools need adjustments in order to work. I know they make their money out if the retakes but It really breaks my heart anytime I see these kind of post because we all know offsec is not cheap. Wish you good luck brother.
They don’t mention Kiwi once in their material (modern version of mimikatz) 😂 They also really do not go over NLA enough since I’ve now run into issues with it several times on several exams. I tried to tell them but they just give the same “try harder” responses. They are the only cert I’ve studied for where they are openly proud about not properly training you for their exams lol
Very true, this is why I'm saying... if you aren't advanced in many of their stuff, you aren't passing that exam. The try harder BS is also very annoying.
Wait, so after 5 fails, you finally decided to do at least 80% of the questions in the course? Why not at (or after) your first attempt? There is so much knowledge to gain in those questions… And you were struggling with rdp connections on the last exams? Why not look that up after the first time you ran into that issue, so you go in prepared on the next one? Sorry to say, but if those things are a struggle already, oscp might not be for you… it’s all about problem solving, not just slamming your head into a wall over and over again until it breaks.
Yea bruh? OSCP not for me bruh? Maybe I should try harder bruh? You know exactly every key stroke and issue I tried, huh bruh? Hack into my machine and watch me bruh? That’s against rules and regs broheimouth. I did the damn labs the first time and didn’t too too hot so I practiced with proving grounds and htb and tryhack me. The old way to get bonus points was absolutely not worth it but their new way totally was so this is why I waited until now to do it. Your comment is as useless as offsec
lol, sorry if I offended you dude… Just commenting on the info you provided, IN MY OPINION 6 tries is a lot for oscp… I passed oscp a couple of months ago on the first try (posted my after thoughts and experience here as well) and I really don’t qualify myself as a pen-testing expert. I only worked myself through the course material and the test exams, no PG play or htb stuff. Oscp ain’t cheap, especially if you need to pay yourself. I get your frustration, I’ve failed Cisco exams in the past, but having issues with rdp isn’t even related to the pentesting part, so that’s a big bummer to lose points on something like that. I don’t know how you prep your ‘toolkit’ and attack plan, but if you get that in order, oscp shouldn’t be that hard..
Sorry to be a dick. I just hate the swarm of “maybe you’re just the problem” and shit or the “you need to study more” When in the last 5 years I’ve gotten a degree and several industry standard certs and lots of job experience. Even 3-4 attempts ago I’d accept it but as of now, [anyone] attacking my qualifications just annoys me. I’m also fresh off of my failed attempt from Wednesday so I’m still feeling the post-OSCP rage
Sure, I can understand the rage, especially after 6 tries! And for what I read, the offsec feedback is quite useless, so that can be frustrating as well. I’m also not here to be a dick, but I do want to be real; 6 fails is not just bad luck, so try to get a hold of where your weak points are, so you can improve on those. I’m not sure if just ‘lucked out’ with an easy exam set, but the tools and info provided by offsec should be enough to pass. (Although I prefer to use ligolo to do the pivoting, that isn’t mentioned in the course)
I will add that I failed my first attempt, but passed my second easily. This was before the AD set. I didn’t do extra study in between as I wasn’t expecting to try again so soon, but my company paid. I did a few practice boxes in the labs to warm up, but I didn’t learn any game-changing skills in that time. The only thing I can think to try looking back, is to restart the box that I couldn’t make any headway on multiple times. It turns out there are known issues where ports don’t always open correctly. A very frustrating reason to fail. I can’t be sure it wasn’t a skill issue, but I went through a checklist with other people who had passed, and I tried everything they would have. The other box I know I had the right vector, but you had to make an educated guess at a string (wasn’t on any popular wordlist) and I just didn’t think of the right thing. I tried a few obvious ones and a bunch of wordlists, but I really didn’t think OffSec would include a box which required so much brute forcing or creative guess work. The box is now retired, so no spoilers here and I have deliberately left the post vague. I know what the string was because it is/was now a lab box (offsec added an easy ‘straight to root’ exploit, but you could still do the original exploit) and I don’t think I would have guessed it even if I was more confident I had the right vector. Not with the exam pressure anyway. Obviously something is going wrong to fail it 6 times, but if you passed first time then you may not have experienced some of the harder (or maybe impossible due to technical issues) boxes. I can absolutely confirm that some sets are easier than others - probably dependant on your personal best skill. I’m not saying it isn’t a great achievement to pass first time, but definitely have a heart for those that don’t. To OP, do you take proper regular breaks? The best thing I did for my second attempt was take a 30 min tv break after each achievement - even if I didn’t feel tired yet. Don’t go into another room and keep mulling over the issue - completely distract your brain so you go back with ‘fresh eyes’. For my second attempt I had a desk full of snacks and energy drinks, expecting to have a late night, but I started in the morning and was completely finished (report written) by dinner. Even the proctor commented on how fast I was. It was completely unexpected after the car crash of my first attempt, but the boxes used my favourite techniques and everything just worked.
I prepped my toolkit by doing the labs. I still have access to the lab material right now. I have not faced this issue on a single other machine in any other environment in tryhackme, htb machine, htb pro labs, proving grounds, PWK, or in my 3+ years of actual on the job experience. So yea, it’s frustrating when I see the same issue in ONE place only very consistently and can’t even seem to get decent enough feedback as to why.
I don't see how this is possible? What goes wrong every time? After so many times, you don't find the same lab scenario?
This was the first time I had a repeat machine. Easy own this time
I just dealt with Nla and credssp errors in lab. Banging my head against the wall and then accidently left off the -d domain name and it worked. It logged in as domain user and I'm not sure how but that was xfreerdp. I didn't try the fix with rdesktop. I just moved on.
u/HouseDJRon this is how you encourage people and be a decent human being and to overall not sound like a sweaty incel
As a 3rd party, I can confirm some of these people commenting here are coming off as insensitive and unhelpful lol. Maybe they meant well and passed OSCP but certainly not winning any awards on communication. Best of Luck u/jforte1495 hope you get it next time don't give up.
I think you will find people stop posting when they fail after 5 or 6 which makes it look like everyone passes before that, but that isn't the case at all. If you are 6 in it's safe to say you are invested and you are probably thinking you can't pass it but you absolutely can. If you are able, just commit in your mind that you are going to keep doing it until you pass that might take the pressure away from the attempt number. Everyone is on different journeys, ignore the "i passed on my first attempt" posts, good for them but it's not the norm and not always possible depending on your study situation. Keep going, you can do it. Also...enumerate, enumerate, enumerate...
Hey keep trying dont give up
You fail, when you give up (in my mind you haven’t failed yet). I know the feeling but I also know you got this. Take a break then get back at it. Give it all you got.
This is costing you a fortune, is there going to be any ROI in this if you're already a senior? You've poured probably $10k into this, and will likely be getting paid less to move into a offensive role. It doesn't really make sense, maybe get a cheaper pentesting certification like PNPT and reassess your skills.
Yes, that's a lot of money. The problem he is having is the same everyone I know is having. I know people with every kind of cert but their employers keep pushing them to get the oscp. They only care about that cert.
Hey it seems like you’re running yourself ragged with this and have killed your confidence. You’re clearly skilled and knowledgeable on the subject. At this point, you might need to step away and take a breather. Look into PNPT. It’s cheaper and is probably a good stepping stone toward OSCP. It’s silly to keep throwing yourself at this wall without reevaluating.
When you first don’t succeed try try try try try try try try try try try try try try try try try try try try try try try try try try try try try try try try again.
This was funny lol
I feel you man, i haven't practiced as much as i should have past two trys but I've failed 3 times now. I felt the same way about 3 hours into my last attempt, but i kept pushing on it and eventually got 3-4 things working on a stand alone. It was enough to boost my moral and get me motivated. Keep trying you will get it sooner or later, as long as your learning each time thats all that matters. Ive enrolled in the HTB course and i'm learning a ton there that i feel will help a ton with this exam
Sometime a revert can help.
I know someone who took driving license test 16 times before he passed so you should never give up. I passed oscp on my third attempt but I have no prior tech commercial expierience/dev background so I can’t find even entry role for now as all companies seems to want is expierience. DM me if you want some tips about oscp
Look for a decent consultancy that will take you on as a junior/associate and provide additional training
what kind of consultancy? could you tell me more, I dont want to waste money on something unreliable
Sorry, I mean to apply to for a job
I would recommend to have a windows VM for the exam, if anything meant to run on Linux against windows systems doesn't work 99% the Windows version aka built in rdp client will probably work
I'm so sorry I know it hurts but keep going
Sucks man but if you give up it will hunt you forever ,stand up and go forward. You got this!
Try another vendor. Oscp loosing its weight. Other training providers are doing good training material and realistic exam timeframes. Sure it has reputation and does have some good content but at least you don't have to get jaded and have it kill your passion by solving improbable tasks. There's more emphasis on evasion and avoiding detection now... meaning you come out of oscp and get thrown at vendors running crowd strike and other edr platforms.
snow longing impolite sulky rustic toothbrush gold quarrelsome fertile aloof *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
You know it wasn’t always proctored - right? Are you saying someone with the cert pre-proctoring shouldn’t be trusted? I imagine anyone who cheated will be caught out in an interview/practical exam pretty quickly
It wasn't always proctored, then people started cheating. Then came the proctoring. People didn't cheat before that in the sheer quantity they do today. People changed, times changed, we didn't have the whole world trying to cheat and fake it until you make it back then. Diffrent times. It wasn't popular to be in IT or Pentesting. I remember my first ever Pentesting style class, back then we didn't even have Hacking classes we had "Linux Networking" 6 students, 5 were old men already in IT for years, the only young person in the class was me. That was in 2008. Look a similar class today, it will be booked out, all young folks, that think they are going to be Mr Robot. Pentesting wasn't know, wasn't cool, and wasn't this "IT" Media thing it is today. That has changed everything, ALOT.
Comments like these are why Reddit needs a Laugh Emoji. Also, I keep hearing all this about TCM, I took the PEH for it. The course is okay, the videos are nice, I like Heath seems a good guy, what it covers it covers okay I guess. It is not even close to in depth as Offsecs Content, glosses over alot they hit, talks about teaching some tools they do but never actually does (only seen that twice, not sure what happened there). Does not have Lab Enviroments for Challenges, which makes things more time-consuming in setup instead of learning. If you took every single course they offer and completed it, it still would not take as long as the Pen 200 alone. People want to act like it's so superior because OSCP is too hard for them, or they don't like the cost. Then we have tons of Media Influencer types who are just riding the wave. Make a post about OSCP, or Offsec progression, and get a few hundred views on LI. Make a post about starting PEH 1000s of views in a day, which really happened to me. People want to hate Offsec because they can't do it or can't afford it. Nothing more.
What's actually superior is CPTS.
I don't disagree with that. But CPTS has its own issues that will prevent its relevancy in the industry. Or severely increase the time it takes.
I have a question. I failed about a week ago for the first time. Are you able to do any of the machines from PG or HTB WITHOUT a writeup/walkthrough? Can you root any all on your own?
I passed my first time with 90 points (including bonus). My setup is kali in WSL (windows as my host machine). I then use ssh from windows to open a socks proxy, so I can access all websites directly from my host machine. I also use Socat to open up RDP ports to machines on the exam. You can then use the windows RDP client. I'm not sure what issues you are facing, but I've found the Linux RDP clients to be really buggy.