Post PwK, now what…

EDIT: Got my results! 11th September, took around 12 days to arrive but worth the wait! I passed! Late edit as I was away on holiday. But back to the grind tomorrow, will keep you all posted!

Its been around 2 weeks now since I took my exam for OSCP. I still haven’t had the results and my remaining lab time has ticked down to 0. So hopefully I have passed, if not it may get expensive! I am still checking my emails every 5 minutes waiting for the magic email! But since completing the exam I have been looking to the future and what else I need to do.

I have been working through my ever growing list of other things to learn. I seem to have more to do and get done than I did on the PwK course. These last few weeks I spent the remaining part of my lab time toying around with port forwarding and tunneling techniques within the lab, this was something I needed to get better at. I now feel pretty comfortable with this, I would recommend spending some time doing this in the lab if you have spare time. If not add these kind of scenarios to your own labs. It opens up a whole new way of thinking and requires a bit more forward thinking to ensure things work smoothly when operating through jump host.

My primary focus at the moment is AV evasion. I am spending a great deal of time at the moment working with AV evasion within a corporate environment. Many of the tools and practices picked up on the course and general CTF are great and have been successful. However the second I have moved any of these into my labs with a semi decent AV setup everything grinds to a halt. So getting sharper at this and coding my own custom shell-code loaders and re writing agent’s. Bypassing modern antivirus with features like AMSI seems to be a real headache. With all attempts at basic obfuscation of powershell commands failing. So I have had to resort to writing my own simple programs to try and bypass these kind of controls. It is incredibly frustrating, but I have had some success on a few Os’s with different Anti-Virus providers. The latest and greatest server 2019 with Defender and its many modern bells and whistles and cloud analysis features are proving the most difficult.But I am learning a tonne. Many of the older tutorials for antivirus evasion and the older tools are no longer relevant so its definitely something useful to invest time in. I have been documenting as much as I can so once I have some more tangible results I will share the process with you all.

So whats to come from me!?

I have a few write ups to publish over these next few weeks along with a coming tutorial for setting up a AV and closed pen-test environment within a vSphere setup, complete with VPN tunnel and internal IDS monitoring so you can see what the blue team see whilst you trample round your lab.

Results and tutorials on AV evasion in a modern corporate environment.

A closer look into BlueKeep and its new metasploit module.

Building your own CnC infrastructure

AND, I am going to start bug bounties as well(to fill the OSCP study void!).

So I will keeping you up to date on how that goes. So if any of these nuggets sound interesting be sure to stop by over the next few months. For now however I am off to Rome for a week of food an no computers! Thanks again to everyone who has viewed or supported my blog whilst I have been going through OSCP. Stay tuned for future content !

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s