Grav3m1ndbyte's Blog
My journey through penetration testing self-training.
Last updated
Was this helpful?
My journey through penetration testing self-training.
Last updated
Was this helpful?
This site is meant to help people by sharing the resources I think are useful or have been useful, while giving other people's resources more exposure, which I understand helps them as well.
In addition to this, I like to share the paths taken on Hack the Box Machines and other challenges I had completed through my self-training prior to obtaining the eJPT and the eCPPT. Soon considering going through the OSCP or a different approach.
If anything I can be reached in the forum, DMs in Hack The Box or Discord.
Something I want everyone to keep in mind, what you will go through here is my path to own machines, to complete the challenge, or my usage of tools and resources, not necessarily the only way or the best way. As we are humans, we all can make mistakes or end up going down rabbit holes. In some cases, I will still show some of the mistakes I've done and flag them.
For the last year or so, I have been somewhat silent here and had not updated this page in a very long time; maybe I added a script. Sometimes, even when you aim towards your career goals, situations might try to pull you away for better or worse.
Instead of jumping to the eCPPT right after I earned the eJPT, I had a slight delay and ended up going through some Cloud related certifications (AZ-103 and AZ-500) while the pandemic was going on, as well as the Certified Kubernetes Administrator (CKA). The latter was an experience worth going through.
But, back on track, I took a few months of a break after the CKA, as it was a heavy journey, and rebooted my efforts towards the eCPPT late last year, to then pass it yesterday, March 29th. This was an awaited accomplishment!
Now that I am back, I will be updating this page more frequently with old expired HTB boxes I should've added some time ago, possibly my own learning process of Buffer Overflows for exam practicing purposes, and maybe some scripts, but we will see.
Last time I came to work here, I talked about coming back and update this with more write-ups and other things I've come to learn which I might think are useful to share, but I stepped out once again. Well, as some blessings are on the way, I decided to simply take a short break and then train for the OSCP starting on May 1st.
The journey was quite interesting as I used what I learned through the eCPPT to tackle the the PEN-200 labs and get the lab report requirement for the bonus points. Long story somewhat short, a month before I was about to take the exam, Offensive Security changed the rules to get the bonus points to something more friendly if you don't like the idea on doing a lab report.
This new requirement asks for 80% of the lecture exercise solutions and at least 30 lab machines completed with proof.txt flags submitted. Well, I had 43 lab machines completed but no lecture exercise done. At the end, I finished up covering 82% so I was ready for it, so I scheduled the exam for September 8th and I failed.
That was a rough experience where I felt very sour about it at first, but had to step back and think about what I did, good or bad. At the end, the reason why I failed was my own doing; I simply stressed out too much when I started getting roadblocks and those roadblocks were just because I was not looking carefully at my enumeration and did not try everything as I blocked myself and it wasn't about how ready I was. This made it a bit difficult to wait the six week period for the retake and keep myself mentally fresh. From these to this past Monday (October 24), I ended up meeting the requirement to pass it and making it. Now, back on here, I want to share a lot and hopefully be useful.
Through your learning process, be patient and try not to get frustrated, but if you do, step out for a little bit.
Try to enjoy the process.
Go to the forum, go to Discord, contact other members that had rooted or completed the boxes. There is a lot of people willing to help.
As members are not supposed to release any write up or walkthrough while machines or challenges are still Active, I will be updating the content as the machines start to get retired.