• Content Count

  • Joined

  • Last visited

About SloppyOneXXVI

  • Rank
    The Special Teams Ace
  • Birthday 02/25/1983

Profile Information

  • Birthdate
  • Redskins Fan Since
  • Favorite Redskin
  • Not a Skins Fan? Tell us YOUR team:
  • Location
    In My House
  • Zip Code

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. SloppyOneXXVI

    Annual "Where Do I Watch Games Thread"

    Anyone have a link for today's game?
  2. SloppyOneXXVI

    Random Tech/IT Thread

    Thanks! I'll do my best to answer all your questions. Feel free to ask follow on questions. Also, I apologize if my answers are a bit blunt about certain topics, everyone has their opinions about certain things 1. OSCP is really focused on offensive ability. Security onion isn't going to do much for you besides learn Wireshark. You don't have to worry about bypassing virus detection very often, and even then the OSCP coursework teaches you the techniques. Did I mention you should make sure you know how to use Wireshark? 2. Maybe, but I think most jobs still want some level of experience. Being a sysadmin is a great start, but as you suggested I think incident response is a good second step before full blown pentesting. You usually need to know someone, or create a presence for yourself (a blog giving tutorials or something of that sort) to get a job. Such is life. 3. You need to know how buffer overflows work for OSCP. With that being said, you're not expected to find buffer overflow vulnerabilities without some indication a software is vulnerable to buffer overflows. Usually you'll have something that you know is vulnerable, but maybe the public POC is for a different operating system or a slightly different software version, so you'll have to modify code, but not discover the buffer overflow on your own. Still, probably good to brush up on x86 assembly language. It is quite tough to learn. has a really good primer. and videos on actually creating buffer overflow exploits 4. OSCP doesn't allow for vulnerability scanners on the exam. Don't use them. The whole point of OSCP is to prove you can find vulnerabilities and exploit them manually. You can barely even use metasploit on the exam. They are a crutch used by people who don't understand exploits they're using. I know that's kinda harsh, and I assume plenty of pentesting companies rely heavily on scanners, but I think they're a disservice to people who really want to understand how to break a computer. 5. Yes, the ICS/SCADA market is getting bigger everyday. It is amazing to me how poorly some of our country's most critical infrastructure is protected. People are finally getting wise and starting to protect it better. Learning how ICS/SCADA systems work would be a huge feather in your cap for any government job. Have you ever seen the show CyberWar on Esquire? They had a good episode on ICS/SCADA. That show is fun to watch in general. 6. Python is my language of choice. I'm not a great programmer, but I can get by with a few other languages. I went into the class not really knowing perl, ruby, or php, but ended up using all 3 a decent amount. If you know the principles of one programming language you can learn the other languages easy enough. Get REALLY good at python, learn how to do the basics, loops, math, sockets, methods, etc. Most of the time you only need to know how to modify existing code, not write it from scratch. So as long as you understand the principles you can modify almost any language with a little googling and stackoverflow. If you want a good book with tutorials get Violent Python. It has some good tutorials on how to write your own vulnerability scanner, do traffic analysis with python scripts, etc. Finally, get to know sql. I didn't know ANY before the class and I spent many nights googling sql queries. It sucked. 7. I don't follow too many blogs to be honest. Reddit netsec usually has some interesting articles. ArsTechnica has good security stuff from time to time. Hacker News is okay, Krebs on Security sometimes has interesting articles. I honestly find it is hard to find good articles because most are just fact of information, not much on how the hack actually happened. Eg. The Russians hacked the DNC! Okay great... but how did it happen? What was the vulnerability? How did they persist? Those questions usually aren't answered in great detail because journalists don't know the answers. 8. Sysadmin is definitely a great start. You need to know how a network is setup in order to break it. Traffic analysis is key, being able to use Wireshark and look at packets going over the wire is necessary in offensive and defensive security. Understanding how different protocols work (FTP, SMTP, HTTP(S), SSH, SMB, etc.) is important, and knowing what they SHOULD look like over the wire. They all have vulnerabilities, so you need to know how they all work. You really need to know how operating systems work as well. This was my biggest challenge. I was never a sysadmin so I didn't know how to setup a domain controller, DNS server, etc. Understanding both Windows and Linux services are key. Hacking into web applications is also really important, you should know how to do RFI/LFI, sql injection, and some level of XSS. Finally, being able to do some level of malware analysis is always high desired, really just dynamic malware analysis. Practical Malware Analysis is a great book with lots of tutorials, I highly recommend it. Lots of the stuff I just outlined will be taught to you in the OSCP coursework. So you don't need to know all of it, but be aware of it. Further advice: If you want some practice maybe download metasploitable vm and attempt to break into it. There are lots of tutorials online. Also has lots of exploitable vms you can download. People have put lots of tutorials online on how to break into them as well. If you want a really good outline of resources read this thread: The guy was overkill on what he did to setup his Kali VM, but he has lots of good resources in there to read. It definitely helped me. If you have any other questions let me know, I'll be happy to help. Learning this stuff is a journey, and nobody will ever be an expert at everything.
  3. SloppyOneXXVI

    Random Tech/IT Thread

    Took the test and passed last week. It was brutal, started at 9am and had enough to pass around 2am. I took one break for about 2 hours, but pretty much powered through. If anyone ever starts working on the cert I'll be happy to help. Finishing the class was one of the most rewarding feelings I've ever had, I highly recommend it.
  4. SloppyOneXXVI

    Random Tech/IT Thread

    I'll try to answer each question individually... but I feel a long post coming.... I've been working in network security for about 5 years. I have my Security+, CEH, and a computer science degree. The OSCP was always touted as much harder than any other networking/security certification, and I wanted to see for myself. And yes, it is really hard. It can't be beat for the price.... IF.... and this is a HUGE if.... you at least have some background in pentesting/networking/programming. If I had tried to take this course 4 years ago I would've hated it. Some people on the forums complain they don't even know where to begin, and generally those people have very little background in security. Everyone will have their weaknesses, but you need to know some programming (atleast simple python), basics of networking, and the basics of how Linux and Windows work. I think it is 10000x better than any SANS course for 20% of the price. However; you have to put the time in, I work on it about 3 hours daily, and it is like college where you basically read a book and teach yourself through exercises/videos. I work in net defense consulting, so I'll use it to understand vulnerabilities better. I think this class has taught me more about traffic analysis than any SANS course ever could. I don't really see myself being a pentester full time though. Honestly, the pentesting world is (generally) a giant scam, a company comes in, runs some nessus/burpsuite/openvas scans, prints the results, and then sends a bill to the customer. There are good companies out there too, but the commercialization (if that's a word?) of network security scares me. Also, life as a pentester means travelling a lot which isn't appealing to me. Yeah the Kali distro is great, but I don't think it is light years better than a regular Kali distro. I know some pentesters that actually use Windows. It is all about preference, what tools you want to use, what you're trying to exploit, etc. But yes, it would take forever to build. And my final two cents that you didn't ask for: Don't spend too much time learning metasploit. It is a tool that is nice to know, but the class focuses on how exploits work, how to manipulate code, vulnerable services/OS versions, etc. Metasploit is only a small part of the class/exam.
  5. SloppyOneXXVI

    Random Tech/IT Thread

    I'm taking it right now, got my 21st box last night. I'm using virtual box and their "custom" image. I haven't had any issues at all. They say you can use the image from but might run into issues completing all the lab exercises.
  6. Take what he did to Maggie...(but change it to Michonne) multiply by 1,000,000, then add some weird stuff he did with his daughter. Super dark and terrible stuff, HBO wouldn't have been able to put it on television.
  7. Since we're posting music from the show..... this song was in an episode during season 2. Great folk band named Wye Oak. They are from Baltimore, apparently the Wye Oak is the Maryland state tree.
  8. SloppyOneXXVI

    The Own3d Thread.(Keep it clean)

    To embed a youtube video: [ video ]Youtube_url_here[ /video ] (take out the spaces)
  9. SloppyOneXXVI

    The Beer Thread

    FYI Pumpkin lovers: Went to Perfect Pour in Columbia, MD today around 945. They received some Schlafly's Pumpkin and Southern Tier Pumpkings late in the season. They still have 3 cases of Schlafley's left (they had 4, but I bought one, 6 pack $15, case $60) and they still have quite a few cases of Pumpkings left. Open @ 11 am tomorrow. 4 Pumpkings per person. Naturally, I bought 4.
  10. Apparently people on facebook/twitter are calling him 2-Dog. You just knew T-Dog was going to get killed once he started becoming important and was getting more lines. As for the length of the show, if it continues to loosely follow the comics, the show could go on for 20 seasons. The show moves at a snails pace in comparison to the comic.
  11. SloppyOneXXVI

    The Beer Thread

    Wife is out of town, I passed my Certified Ethical Hacker exam today, so I decided, in the words of Tom Haverford, to "Treat Yo Self!" Got 4 six packs and a Pumpking from Perfect Pour: Night Owl Pumpkin Ale - Elysian Brewing Company Jacques Au Lantern - Evolution Craft Brewing Company Fisherman's Imperial Pumpkin Stout - Cape Ann Brewing Company The Fear Pumpkin Ale - Flying Dog Brewery It is going to be a pumpkin, Orioles, Redskins, and Xbox filled weekend... I couldn't be happier. Evo makes an amazing porter, so I'm hoping for good things from their Jacques Au Lantern.
  12. SloppyOneXXVI

    The Beer Thread

    Went to the perfect pour in Columbia, MD tonight. If you've never been, its worth the drive. Went on a Pumpkin binge. Here's what I got: Southern Tier Pumpking Star Hill Pumpkin Porter (excited for a Pumpkin porter, should be interesting even if Star Hill is hit or miss) Schalfy Pumpkin Ale UFO Pumpkin Ale (Bud Light Margarita for the wife) Add that to the three cheap pumpkin beers I already had (DFH, Blue Moon, and Shock Top) and I'm going to have myself a pumpkin taste test this weekend. Should be a good time. Edit: Perfect pour had a BUNCH of other Pumpkins including Saranac, Weyerbacher, Post Road, Shipyard, etc, but I've already had most of them. While I know everyone loves the Weyerbacher, I'm not really a fan. Fisherman's Imperial Pumpkin Stout comes out next week, so I'll probably go back and pick up some other ones.
  13. SloppyOneXXVI

    The Beer Thread

    Just bought the Newcastle Werewolf Ale. It is a "blood red" ale. Sounds good, I'll let everyone know how it goes.
  14. SloppyOneXXVI

    DIY Home Improvement Thread..

    Okay carpenters of ES, I need some help.... I bought custom blinds for some windows in my kitchen. Unfortunately, I'm a moron and didn't measure all the way at the top of the window frames. One of the blinds is about 1/2 inch too big for the top of the frame... it fits perfectly in the middle of the frame! Apparently frames aren't the same size all the way down... who knew? Anyway, is there a way I can shave the top of the frame a bit to make the blinds fit? Or am I screwed? Cutting the blinds is not an option, they are cellular shades.
  15. SloppyOneXXVI

    The Beer Thread

    I haven't had the Lagunitas Rich Copper yet, but it is on my list of things to drink. I'm drinking a Little Sumpin' Sumpin' right now, love this brewery so far. Drink that Sierra Porter first and work your way down by color. I'm not a big IPA guy, but I'll drink anything Southern Tier makes. They know what they're doing. I've found myself having an allegiance to particular breweries, and therefore liking certain beers even if I'm not a huge fan of the style. (eg. I'll drink anything Southern Tier makes) I think I'm being unfair to breweries I don't know well. Whatever. Is that Sunny D in the back of your fridge? We got IPAs, the dark stuff, oohhhh!!! Sunny D!!!