Description: Welcome This site contains articles and posts I’ve written over the years on career and technical matters. You can also check out past presentations I’ve given at various hacker and cyber security conferences.
A while ago I earned my OSCP certification. Before that I had my GPEN and Pentest+. The Pentest+ I obtained during the beta program for the certification since the test was only $50 and I figured there was not much harm in trying. I took it practically blind (no preparation), and found out I passed in August. Shortly after I was given the opportunity to take the SpectreOps Red Team Training and after that scheduled to take OSCP training.
The SpectreOps Red Team Operations training was by far the best training I've received or seen on modern day pen testing. It covered not only lateral movement and pivoting, but good opsec and trying to stay covert and stealthy to avoid detection. If you did something that would get you caught you might lose your foothold or a machine. This enforced best practices and for me it was my first time getting really familiar with Cobalt Strike.
The OSCP training by comparison, seemed rather dated, and for a while I kind of had a chip on my shoulder about it. It's teaching me all these TTPs that would get get you caught instantly or light up the dashboards at a modern SOC. So I felt I was learning nothing new and what was new was either outdated or useless. The individual computers in the lab aren't really integrated or part of a domain, pivoting and lateral movement isn't emphasized (at least at first). The OSCP labs and training does need to be u