Elearnsecurity Exam Guide

Posted on by

I wanted to do a little guide on exploitation to complete on what is teached on the course so I assume you know the basics already,I hope you find it useful. Target download: server.exe Knowing our target Ok so we have this program called server.exe which we have been told to audit,on.

  1. Elearnsecurity Exam Guide Exam
  2. Elearnsecurity Exam Guide Questions

Table of Contents:

For the past 4 years of my life I had one goal: Pass OSCP on my first try. I started by reviewing the course syllabus and I realized there were some things that I did not know, which made me nervous to start the course. So, I went through a variety of resources until I thought I was ready to begin. This guide contains those resources and my advice to prepare for your adventure to take the PWK/OSCP!

For those of you that would like to know about my journey when I took the course and exam, you can find my earlier post here: https://www.netsecfocus.com/oscp/review/2019/01/29/An_Adventure_to_Try_Harder_Tjnulls_OSCP_Journey.html

Emailchemy 11 serial mac look like. A big shout out goes to abatchy! Without his guide I would have never started exploring for other resources. Thank you for creating your original guide: https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob

I also want to thank the following people for taking the time to read this guide:

I found this to be extremely useful for when it came to the labs and the exam. You also get given access to 12 HERA labs. The HERA labs are worth the $400 cost for the course alone, The labs are all based on specific topics from the course, this helps reinforce the topics covered by trying out concepts/commands for the given tasks. When you are hired to test the security of networks and applications, you are asked to provide: xA comprehensive overview of the client’s state of the security xAn exhaustive and detailed survey of the security issues you encountered xThe best possible solutions to the above Your client, and sometimes even your boss, are not aware of penetration testing techniques, exploitation schemes or tools.

  • The team at Offensive Security

This guide has been approved by Offensive Security!

Do not expect these resources to be the main thing you use for obtaining OSCP. When you are ready to take the course, you should expect the following:

  1. Spending a lot of time researching.
  2. Do not expect the admins or even other students to give you answers easily.
  3. Plan to make a commitment to this and have an open mindset to learning new things.
  4. Know your tools! There are certain tools that you cannot use for the exam. However, that does not mean you should skip over them. Take some time to understand them because you may have to use them on an actual engagement or in the field.
  5. Remember Offensive Security motto: TRY HARDER

As of now Offensive Security has restricted the following tools:

  • Commercial tools or services (Metasploit Pro, Burp Pro, etc.)
  • Automatic exploitation tools (e.g. db_autopwn, browser_autopwn, SQLmap, SQLninja etc.)
  • Mass vulnerability scanners (e.g. Nessus, NeXpose, OpenVAS, Canvas, Core Impact, SAINT, etc.)
  • Features in other tools that utilize either forbidden or restricted exam limitations

Reference: https://support.offensive-security.com/oscp-exam-guide/

Most importantly: Have fun! You will learn a lot from this course, take your time to understand the material and this guide. Do not forget to take breaks and spend time away from the electronics. Trust me you do not want to burn yourself out.

Course Syllabus:

The 2nd most important resource that I used to help me prepare for the course:https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf

From the syllabus I will breakdown each section by providing you the resources I used to prepare for the course. Once I finish going through the syllabus, I will also be providing some extra resources that came in handy. You don’t need to use this guide in order; feel free to jump around as it suits you.

  • Getting Comfortable with Kali Linux
  • Essential Tools in Kali
  • Passive Reconnaissance
  • Active Reconnaissance
  • Vulnerability Scanning
  • Buffer Overflows
  • Working with Public Exploits
  • File Transfer
  • Privilege Escalation
  • Client-Side Attacks
  • Web Application Attacks
  • Password Attacks
  • Tunneling/Pivoting
  • Introduction to the Metasploit Framework
  • Antivirus Bypassing

Kali Linux Revealed and Online Course: A good foundational course that helped me understand more about Kali Linux and it has a nice Linux Fundamentals section as well.

  • Book Link: https://kali.training/downloads/Kali-Linux-Revealed-1st-edition.pdf
  • Online Course Link: https://kali.training/lessons/introduction/

Bash Scripting: The bash Guide: A good guide to get you into the bash scripting

Linux Journey: A huge guide to learn about a variety of different things in Linux. All the lessons are free.

Explainshell: Awesome resource that parses a variety of man pages from Ubuntu Manage Repository. It breaks down the commands you are using, but it is best to refer to the man pages if you have any questions: .

Hands on challenge to get comfortable with Linux:

  • Overthewire Bandit: https://overthewire.org/wargames/bandit/
  • Cmdchallenge.com: https://cmdchallenge.com/
  • HackerRank Linux Shell: https://www.hackerrank.com/domains/shell

Books:

Elearnsecurity exam guide exams
  • The Linux Command Line (2nd Edition is coming soon!): https://nostarch.com/tlcl2
  • Linux for Hackers: https://nostarch.com/linuxbasicsforhackers

Netcat: The TCP/IP Swiss Army tool. Experiment with this tool and understand what it does because you will be using this almost every day during the time in your course.

  • SANS Netcat Cheatsheet: https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf

Ncat: A better version of netcat in my opinion. Supports SSL communication and it is part of Nmap.

TCPDump: Command line base Network Analysis Tool. Very useful and good to know if you are on a system that does not have a gui interface. Here is a good cheat sheet I used for tcpdump when I needed to troubleshoot my exploits: https://www.andreafortuna.org/technology/networking/tcpdump-a-simple-cheatsheet/

  • Daniel Miessler TCPDump Guide: https://danielmiessler.com/study/tcpdump/

Wireshark: GUI based Network Analysis tool. There a lot of free PCAP’s samples online that you can use to understand how Wireshark works. Be careful with downloading some of these PCAP files because they may contain malware on them :D

PCAP Samples:

  • Netresec: https://www.netresec.com/?page=pcapfiles
  • Malware Traffic Analysis: https://www.malware-traffic-analysis.net/
  • Packettotal (Just like virustotal but for PCAP Analysis): https://packettotal.com/

Take some time to learn about these tricks and techniques. They will certainly come in handy!

Google Dorks: Using various google searches that you can find that may expose sensitive information about a target.

  • SANS Google Dork Cheatsheet: https://www.sans.org/security-resources/GoogleCheatSheet.pdf
  • Google Hacking Database: https://www.exploit-db.com/google-hacking-database
  • Netcraft: https://netcraft.com/

Email Harvesting:

  • theharvester: https://github.com/laramies/theharvester
  • recon-ng: https://bitbucket.org/LaNMaSteR53/recon-ng/overview

Additional Resources: Tools I did not use in the lab but I used them for preparation and they have come in handy for other tests.

  • Domaintools: http://whois.domaintools.com/
  • MX Toolbox: https://mxtoolbox.com/DNSLookup.aspx

Introduction to DNS: If you do not know what DNS is or how it works, here is a great guide that I used to better understand it from Digital Ocean: https://www.digitalocean.com/community/tutorials/an-introduction-to-dns-terminology-components-and-concepts

If you think you have a good understanding of what DNS is then you will also need to understand how to perform forward and reverse lookups. In addition, you should also know how zone transfers work and how to perform them. Performing these tests will certainly help you better understand what your targets are in the lab. For more information about these techniques check out this article here: https://resources.infosecinstitute.com/dns-enumeration-techniques-in-linux/#gref

Tools for DNS Enumeration:

  • Dnsrecon Created by Darkoperator: https://github.com/darkoperator/dnsrecon

Network Scanning:

Nmap: A tool that you should 100% totally learn about. You will probably use this everyday (If not most of the time while you are in the lab). I highly recommend you take some time to learn what the tool does, how each command switch works, each scanning technique you can run, and any other capabilities. Nmap is a powerful tool that has the ability to determine what hosts are online, what services they are running, what operating system is running on that host, and dozens of characteristics. In addition, one of the most powerful features that you should also learn is the Nmap Scripting Engine (NSE). With NSE scripts you have the ability automate a wide variety of networking tasks for your scans including vulnerability detection and exploitation. Here are my resources that I used to learn more about Nmap:

  • Nmap Official Guide: I used this more than the man pages. I highly recommend purchasing the full book since the official guide is missing a few chapters, such as “Detecting and Subverting Firewalls and Intrusion Detection Systems”, “Optimizing Nmap Performance”, “Port Scanning Techniques and Algorithms”, “Host Discovery (Ping Scanning)”, and more. https://nmap.org/book/toc.html
  • Link for Nmap Network Scanning Book (if you want to purchase it): https://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717
  • SANS Nmap Cheatsheet: https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.1.pdf
  • Nmap Scripting Engine (NSE): https://nmap.org/book/man-nse.html
  • ZephrFish Nmap Blog: https://blog.zsec.uk/nmap-rtfm/

Service Enumeration:

There are a variety of services running on so many systems…take the time to understand them! Do not just scan them and move on. Take some time to look at each of them because they could be a key for you to obtain shell access on a system!

Abatchy provided a link from 0day security that gave me a lot of ideas and things to look for that I may have missed when I skipped some the of the services in the lab. You can find that resource here: http://0daysecurity.com/penetration-testing/enumeration.html

Highoncoffee Penetration Testing Cheatsheet: https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

I did not spend too much time in this section for preparation because vulnerability scanners are simple and easy to configure. In addition, the purpose of a vulnerability scanner is to identify security holes in services or in a operating system. These scanners rely on a database that contains the necessary information needed to conduct a scan. A word of caution! Be careful when you use vulnerability scanners on your targets because there is a chance that some of the plugins or features can cause an impact to your target such as taking down that service, locking out user accounts, and even crash the system. In the syllabus the tool recommends that you use OpenVAS since it is a full-featured vulnerability scanner. However, there are other vulnerability scanners out there and I highly recommend playing with Nessus: https://www.tenable.com/products/nessus/nessus-professional

The reason why I am stating that you should use Nessus is because it is more stable on Kali Linux and it has simple straightforward interface. I also was able to use the Nessus Home key for most of my testing and to help me get more familiar with how these vulnerability scanners work. Nessus is a real popular tool for vulnerability scanning in the infosec world and I certainly encourage you to play with it!

For instructions on how to install Nessus on Kali Linux you can find it here: https://www.tenable.com/blog/getting-started-with-nessus-on-kali-linux

For obtaining a Nessus key you can grab one here: https://www.tenable.com/products/nessus-home

My favorite section to learn about! The material provided in the PWK was fantastic and really straightforward. Throughout the internet you will probably find a variety of different resources to help you understand how buffer overflows work. With that being said I will provide some of my notes and resources that helped me understand how buffer overflows.

Corelan Team: A huge shout out to these guys because their articles from information security to exploit development are absolutely incredible!They have an article they posted about Stack Based Overflows that gave me a better understanding of identifying a buffer overflow in an application:

  • Part 1: https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
  • Part 2: https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/

Once I finished reading the articles I decided to start going through write-ups and forums where people manually identified buffer overflows in certain applications. With these walkthroughs I used Exploit-DB to check if they had the vulnerable application in many cases. I won’t provide any of these walkthroughs but I will at least provide the binaries that you can use to manually identify buffer overflows.

  • Windows Binaries (Recommend that you run these on Windows 7/XP 32 bit):
  • Vulnserver: https://samsclass.info/127/proj/vuln-server.htm
  • Minishare 1.4.1: https://www.exploit-db.com/exploits/636
  • Savant Web Server 3.1: https://www.exploit-db.com/exploits/10434
  • Freefloat FTP Server 1.0: https://www.exploit-db.com/exploits/40673
  • Core FTP Server 1.2: https://www.exploit-db.com/exploits/39480

Linux Binaries:

  • Linux Buffer Overflow: https://samsclass.info/127/proj/lbuf1.htm

Vulnerable Boxes:

  • Brainpan 1: https://www.vulnhub.com/entry/brainpan-1,51/
  • Pinky’s Palace version 1: https://www.vulnhub.com/entry/pinkys-palace-v1,225/

Other Resources:

  • Whitepaper Introduction to Immunity Debugger: https://www.sans.org/reading-room/whitepapers/malicious/basic-reverse-engineering-immunity-debugger-36982
  • Buffer Overflows for Dummies: https://www.sans.org/reading-room/whitepapers/threats/buffer-overflows-dummies-481
  • Vortex Stack Buffer Overflow Practice: https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/
  • Smashing the Stack For Fun and Profit: http://www-inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf

There will come a time that you will need to use a public exploit on your target to see if you can obtain a shell on it. With that exploit you may need to modify shellcode or even parts of the exploit to match with your system to obtain a connection from your target.A word of advice:

Before you download a public exploit I would consider you take some time to review the code and understand what the exploit is suppose to actually too. If you do not understand how the code works…do some research!!! I am absolutely positive you can find proof of concepts online and walkthroughs that will explain how the exploit actually works. Not all exploits are going to work right out of the box you will need to configure them to make sure they can reach back to your attacking system. If you do not review the exploit code or make any modifications, then you are running risk that the exploit will fail, crash your target system/service, or it may allow other users to connect into the system.

Places to find exploits:

Tools for finding exploits:

  • Searchsploit: a command line search tool for Exploit-DB that has a repo of Exploit Database with you.

Command Examples:

searchsploit MS-17-010: finds all cases/exploits linked to MS17-010

searchsploit -x /usr/share/exploitdb/exploits/windows/remote/43970.rb: The -x command switch allows you to examine the exploit code or information about the exploit. You can also upload nmap xml files to Searchsploit so it can find available exploits that match your target.

Play with some of the other command switches that Searchsploit has because it will make it much easier for you to find exploits on your kali box.

Depending on the target system you obtain access too you may not have the ability to transfer exploits or other tools you need to that system. With this being said you will need to figure out some techniques to transfer files to and from your target system. Here are a few guides I used to get a better understanding of how to transfer files onto Windows and Linux systems:

  • Awakened: Transfer files from Kali to the target machinehttps://awakened1712.github.io/oscp/oscp-transfer-files/

  • Ropnop Transferring Files from Linux to Windows (post-exploitation):https://blog.ropnop.com/transferring-files-from-kali-to-windows/

One tool that I also found interesting to transfer files on windows systems is using bitsadmin. The tool is a command-line tool that you can use to create download or upload jobs and monitor their progress. You can find examples on how to use the tool here: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/bitsadmin-examples

Another tool you can check out is Impacket. This tool contains a variety of programming classes that you can use to interact with target networks to parse raw data or you can be able to use their scripts to transfer files to or from your target host.

Also check out python modules like these:

  • Python -m SimpleHTTPServer 80: Spins up a webserver in the directory you are located on port 80.
  • Python3 -m http.server 80: Spins up a python version 3.X web server in the directory you are located on port 80.
  • Python -m pyftpdlib -p 21 -w: spins up a FTP server in the directory you are located on port 21 and it allows anonymous login access.
  • Python3 -m pyftpdlib -p 21 -w: spins up a Python 3.X FTP server in the directory you are located on port 21 and it allows anonymous login access.

In this section you will find a lot of techniques that range from getting administrative access from a kernel exploit or through a misconfigured service. The possibilities are endless, and make sure you find the ones that will work for you. In order to get an understanding of this section I recommend applying your knowledge through Vulnhub or Hackthebox to improve your skills in this area. I know there are scripts for automating this process but at some points those scripts can miss something very important on your target that you need to escalate your privileges. Something you should keep in mind :D.
For this section I am going to break into two parts: Windows and Linux Privilege Escalation Techniques.

Windows Privilege Escalation Guides:

  • Fuzzysecurity Windows Privilege Escalation Fundamentals: Shout out to fuzzysec for taking the time to write this because this is an amazing guide that will help you understand Privilege escalation techniques in Windows. http://www.fuzzysecurity.com/tutorials/16.html

  • Pwnwiki Windows Privilege Escalation Commands: http://pwnwiki.io/#!privesc/windows/index.md

  • Absolomb’s Security Blog: Windows Privilege Escalation Guidehttps://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

  • Pentest.blog: Windows Privilege Escalation Methods for Pentestershttps://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Windows Privilege Escalation Tools:

  • JAWS (Created by 411Hall): A cool windows enumeration script written in PowerShell. https://github.com/411Hall/JAWS/commits?author=411Hall

  • Windows Exploit Suggester (Created by GDSSecurity): A python script that compares target patch against Microsoft vulnerability database to detect any missing patches on the target.https://github.com/GDSSecurity/Windows-Exploit-Suggester

  • Windows Exploit Suggester Next Generation: https://github.com/bitsadmin/wesng

  • Sherlock (Created by RastaMouse): Another cool PowerShell script that finds missing software patches for local privilege escalation techniques in Windows. https://github.com/rasta-mouse/Sherlock

  • Other Resources for Windows Privilege Escalation Techniques: https://medium.com/@rahmatnurfauzi/windows-privilege-escalation-scripts-techniques-30fa37bd194

Linux Privilege Escalation Guides: The only guide I probably ever used to help me understand privilege escalation techniques in Linux systems was from g0tmi1k post. This blog is a must that everyone should have for preparing for the OSCP in my opinion. You can find his guide here: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

GTFOBins (I have to thank Ippsec for sharing this with me): Contains a curated list of Unix binaries that that have the ability to be exploited by an attacker to bypass local security restrictions on a Linux system.https://gtfobins.github.io/

Linux Privilege Escalation Tools:

LinEnum: A great Linux privilege escalation checker that is still maintained by the guys at rebootuser.com. You can find there tool here: https://github.com/rebootuser/LinEnum

  • Linux Exploit Suggester 2: https://github.com/jondonas/linux-exploit-suggester-2

Elearnsecurity Exam Guide Exam

One thing that I will mention is if you want to practice your Linux privilege escalation, I highly recommend you take a look at Lin.Security vulnerable box created by in.security! The box was designed to help people understand how certain applications and service that are misconfigured can be easily abused by an attacker. This box really helped me improved my privilege escalation skills and techniques on Linux systems.

  • Main Link: https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/
  • Backup: https://www.vulnhub.com/entry/linsecurity-1,244/

Running Client-Side Attacks usually require client interaction so it’s good to have an understanding of how this works and also how you can set one up. For instance, check out the Client Side Attack Section in Metasploit Unleashed: https://www.offensive-security.com/metasploit-unleashed/client-side-attacks/

This section is the one I spent most of time preparing for PWK and OSCP. In this section you need to understand the following web attacks:

  • cross-site scripting (XSS): OWASP:https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

  • SQL Injections: OWASP: https://www.owasp.org/index.php/SQL_Injection

  • Pentest Monkey SQL Cheat Sheets: http://pentestmonkey.net/category/cheat-sheet/sql-injection

  • File Inclusion Vulnerabilities.https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/

Tools for finding Web Vulnerabilities and conducting Web Attacks:

Burp Suite:

A popular web application vulnerability scanner that contains a variety of features and plugins to identify web vulnerabilities on certain web applications. The tool uses an interception proxy that connects to your browser to route traffic through the Burp Suite proxy client. Once the interception proxy is configured you can start capturing and analyzing each request to and from the target web application. With these’s captured requests a penetration tester can analyze, manipulate, and fuzz individual HTTP requests in order to identify potential parameters or injection points manually.

Bugcrowd University has a webinar that Jason Haddix created explaining about burp suite and how you can use it. You can find this recording here: https://www.bugcrowd.com/resource/introduction-to-burp-suite/

SQL Injection Tools: I would not recommend using these tools until you have a clear understaning about SQL Databases and how a SQL Injection works. These tools below make it easy to automate the process for conducting a SQL Injection but it is possible that they can causes issues to a targets SQL Database. Here are a list of tools that I have played with to get a better understanding of how you can automate SQL Injections:

  • SQLmap: https://github.com/sqlmapproject/sqlmap/wiki/Usag
  • NoSQLMap: https://github.com/codingo/NoSQLMap
  • SQLNinja: http://sqlninja.sourceforge.net/

Nikto (Created by Chris Sullo): A web server scanner which performs comprehensive tests against web servers for multiple items. This tool can be able to scan for vulnerbalilities on the web application, checks for server configuration that include multiple index files, HTTP server options, and will attempt to identify installed the version of the web server, and any plugins/software that is running on it. Please keep this in mind that this tool is can be very noisy when scanning a targets web server.

Link: https://cirt.net/Nikto2

  • Web Directory Scanners:

These tools are designed to brute force site structure including directories and files in websites. These tools can be able to identify hidden directory scrtuctures or webpages that can come in handy when you are in the labs or during your assessment.

  • Dirsearch: https://github.com/maurosoria/dirsearch
  • Dirbuster: https://tools.kali.org/web-applications/dirbuster
  • Gobuster: https://github.com/OJ/gobuster
  • Wfuzz: https://github.com/xmendez/wfuzz
Hands on areas to improve your web attack skills:
  • Metasploitable 2: Contains Vulnerable Web Services such as Multidae and the Damn Vulnerable Web App (DVWA) that you can use to improve your web skills.

Link to download the machine: https://metasploit.help.rapid7.com/docs/metasploitable-2

Backup Link: https://www.vulnhub.com/entry/metasploitable-2,29/

  • Exploitability Guide: https://metasploit.help.rapid7.com/docs/metasploitable-2-exploitability-guide

  • OWASP Juice Shop: Another vulnerable web application that contains a variety of challenges to improve your web skills. https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

  • Overthewire Natas: A set of wargame challenges that are web base that you will need to complete in order to move to the next round. I really enjoyed their challenges when I did them! http://overthewire.org/wargames/natas/

  • Other resources: Hack This Site: https://www.hackthissite.org/

In this section you need to understand the basics of password attacks. Identify the differences between Windows (NTLM) hashes and Linux hashes. In addition, you will also need to understand the different tools that you can use to conduct online and offline password attacks. Here is a list of resources that I have used that helped me better understand how password cracking works:

Introduction to Password Cracking: https://alexandreborgesbrazil.files.wordpress.com/2013/08/introduction_to_password_cracking_part_1.pdf

Offline Tools for Password Cracking:

  • Hashcat: https://hashcat.net/hashcat/ Sample Hashes to test with Hashcat: https://hashcat.net/wiki/doku.php?id=example_hashes

  • John the Ripper: https://www.openwall.com/john/
  • Metasploit Unleashed using John the Ripper with Hashdump: https://www.offensive-security.com/metasploit-unleashed/john-ripper/

Online Tools for Password Cracking:

  • THC Hydra: https://github.com/vanhauser-thc/thc-hydra
  • Medusa: http://h.foofus.net/?page_id=51

Wordlist generators:

  • Cewl: https://digi.ninja/projects/cewl.php
  • Crunch: https://tools.kali.org/password-attacks/crunch

Wordlists:

  • In Kali: /usr/share/wordlists
  • Seclists: apt-get install seclists You can find all of his password lists here: https://github.com/danielmiessler/SecLists/tree/master/Passwords
Exams
Online Password Crackers:

I usually went for these first to see if they had the hash cracked in their database. However, don’t use these online crackers as your main tools for everything. Uploading a hash from an engagement can be a huge risk so make sure you use your offline tools to crack those types of hashes. Here is a list of online hash crackers that I found online that you can use to crack hashes:

Other Resources for Password Cracking:

  • Pwning Wordpress Passwords: https://medium.com/bugbountywriteup/pwning-wordpress-passwords-2caf12216956

Depending on your scope, some of the machines may not be directly accessible. There are systems out there that are dual homed, which allow you to connect into an internal network. You will need to know some of these techniques in order to obtain access into there non-public networks:

  • Abatchy’s Port Forwarding Guide: https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide
  • Windows Port Forwarding: http://woshub.com/port-forwarding-in-windows/
  • SSH Tunneling Explained: https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/
  • Understanding Proxy Tunnels: https://www.offensive-security.com/metasploit-unleashed/proxytunnels/
  • Understanding Port forwarding with Metasploit: https://www.offensive-security.com/metasploit-unleashed/portfwd/
  • Explore Hidden Networks with Double Pivoting: https://pentest.blog/explore-hidden-networks-with-double-pivoting/
  • 0xdf hacks stuff. Pivoting and Tunneling: https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html

Tools to help you with Port Forwarding and Pivoting:

  • Proxychains: https://github.com/haad/proxychains
  • Proxychains-ng: https://github.com/rofl0r/proxychains-ng
  • SSHuttle (Totally Recommend learning this): https://github.com/sshuttle/sshuttle
  • SSHuttle Documentation: https://sshuttle.readthedocs.io/en/stable/

Vulnerable systems to practice pivoting:

  • Wintermute: https://www.vulnhub.com/entry/wintermute-1,239/

The only guide that I used to learn more about Metasploit is Offensive Security Metasploit Unleashed course…which is free!https://www.offensive-security.com/metasploit-unleashed/

Other Resources: Metasploit The Penetration Tester’s Guide (A super awesome book to read): https://nostarch.com/metasploit

Msfvenom Cheat Sheets:

I did not spend too much time learning about this section since Metasploit encodes it payloads to bypass most anti-virus (well older versions at least). The course is pretty straight forward in this section.

Tools to play with Anti-Virus evasion:Veil-Framework: https://github.com/Veil-Framework/Veil

This concludes the resources I have used that helped me understand the course syllabus. Now I will share with you some tips and extra resources that I used during my preparation for the PWK/OSCP.

The course recommends that you are using VMware products to run the custom Kali Linux image that they have created. Windows users can purchase VMware Workstation or use their free program VMware Player. As for MAC Users you will need to use VMware Fusion. If you would like to download the custom Kali Linux System for the PWK you can find it here:

Keep in mind that Offensive Security does update their images from time to time. Personally, I only used their image for completing the lab exercises and I had a separate Kali Linux image that I customized to use for the labs and exam.

Another virtual machine I created was a Windows 7 32-bit system to spin up any vulnerable applications I needed to debug or to check if I could obtain a shell from them. You could also create a Windows 7 64-bit system as well but some of 32-bit applications may not work properly as they would on an actual 32-bit system. This practice is great to implement in case you are stuck on a windows system that is running a service that for some reason you cannot obtain a shell on.

I know I stated theses before but I am going to reiterate this:

OverTheWire Bandit:A good set of fun Linux challenges to get yourself familiarizes with bash and Linux. Abatchys walkthrough really helped me here:

  • Bandit 1-5: https://www.abatchy.com/2016/10/overthewire-bandit-0-5
  • Bandit 6-10: https://www.abatchy.com/2016/10/overthewire-bandit-6-10
  • Bandit 11-15: https://www.abatchy.com/2016/10/overthewire-bandit-11-15
  • Bandit 16-20: https://www.abatchy.com/2016/10/overthewire-bandit-16-20
  • Bandit 21-26: https://www.abatchy.com/2016/10/overthewire-bandit-21-24

OverTheWire Natas: A good set of simple web application challenges. These challenges will help you understand the basics you need to identify issues in web applications. Check out this walkthrough here: https://infamoussyn.wordpress.com/2014/02/05/overthewire-natas-level-0-16-writeup-updated/

UndertheWire: Probably my favorite place for challenges because they contain a huge set of PowerShell challenges. You can find their challenges here: http://www.underthewire.tech/wargames.htm

Root-me.org: A huge place that has challenges for almost everything in cybersecurity. For instance, you will see challenges in the following areas:

Guide
  • Network Forensics (Packet Analysis, Captured Traffic, Network Services)
  • Programming (C, PHP, Java, Shell-coding)
  • Reverse Engineering (disassemble applications)
  • Web Applications and Client Challenges.
  • Forensic Challenges.

Spend a few minutes going through some of these!

SANS Holiday Hack Challenges: https://www.holidayhackchallenge.com/past-challenges/

I know some of you are reading this are probably skeptical on why I added this…well to be honest the cybersecurity careers that we are in are not a normal 7am-3pm job…it is a lifestyle. I understand for many of us that it is hard to set some time to do all of the things in this field and that is totally OK! If you have the time or if you already can, set some time out of your busy schedule to do a CTF. Go ahead and hack all of the things that many of these CTFs provide as challenges. Trust me you will learn some cool things in a CTF that not even a class may be able to teach you. Personally, competing in CTFs did help me in this course and also it gave me a better understanding of what things I should be looking for instead of jumping into rabbit holes!

Also do not be scared to compete in a CTF if it is your first time! Everyone has to start somewhere in their journey you just have to keep pushing forward. So, go out there and find some CTFs whether they are local to you or online make some time and have confidence in doing them.

If you cannot find any local CTFs check out CTFTime for online competitions that you can participate in. A lot of the cyber competitions in the past few years really helped me build my skills and I still go out once in awhile to find a CTF to compete in for fun 😊.

A great place to practice your skills and to make some possible profit as well! There are many bug bounty programs like Bugcrowd and Hackerone that you can participate for free. If you have never participated in bug bounty before check out Bugcrowd University as they provide a vast amount of material and resources to help you get started: https://www.bugcrowd.com/university/

Boot-to-Root Vulnerable Machines! These machines are excellent to help you build your skills for pentesting. There are places where you can download them and run them on your system to begin practice or places where you can connect to their range and start hacking into the targets they have. Most of them result in obtaining root or Administrative/System level access in the end. Personally, my two favorite places are Hackthebox and Vulnhub.

Hackthebox:

An online penetration testing platform that contains a variety of machines to help you improve your penetration testing skills. For those who have not gone through the registration you will need to pass a challenge to generate yourself an activation code. Once you have generated your activation code, then you will have the ability to access their range. In the free tier you are allowed to play with the 20 active machines they have and they cycle a new system in the range every week and retire an old one there as well. If you want to access to their retired machines you will have to get VIP access. It is a very affordable in my opinion, and worth it to invest in. If you do not have the funds to invest into Hackthebox, do not worry because you can certainly find these walkthroughs online (once the boxes are retired). One place I would definitely recommend to look at is IppSec Hackthebox Walkthroughs on YouTube! I love watching his videos because he goes through step by step on how to obtain access onto the target and how to escalate your privileges to obtain root access. Each box has a different scenario and IppSec always has something extra to throw in when he is doing his walkthroughs.

With that being said I created a list of all of boxes that I did in Hackthebox that I thought were OSCP Like. You can find them here and also check out IppSec playlist he created from the list I recommended to start watching!

I will continue to be updating this list in the future, and if you would like to keep it around you can find it here and on NetSecFocus: https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=1839402159

HTB Boxes to Prepare for OSCP (Youtube Playlist): https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf

I want to give a huge thanks to ch4p and g0blin for starting Hackthebox! I am glad that I got to talk to you guys and I am grateful that we were able to help you guys out. I look forward to seeing you guys grow and will soon submit a box for you guys in the future!

Vulnhub:

Just like Hackthebox, except you have to download the vulnerable machines and run them on your local system. You will need VMware or VirtualBox (I recommend VMware workstation) to run these vulnerable systems. Please make sure that you are running these vulnerable systems on an isolated network and not on a public network.
Thanks to g0tmi1k and his team for hosting this site and to the creators who submit these vulnerable machines. I have also created a list of vulnhub machines that I have found to be OSCP-Like as well. You can find them here and on NetSecFocus:

I will continue to update this list and if you would like a copy for review you can certainly find it here: https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=0

Rooting Vulnerable Machines is extremely important when you are preparing for PWK/OSCP because you can’t depend on theoretical knowledge to pass. Improving your hands-on skills will play a huge key role when you are tackling these machines.

As of August 15th, 2018, all OSCP exams have a proctored exam. This means that a student will be monitored by an Offensive Security staff member through a screen sharing and webcam service. If you would like to learn more about this new proctoring process you can find it here: https://www.offensive-security.com/offsec/proctoring/Before I took my exam, I had to go through a variety of things to make sure I was prepared to take my 1st attempt. Even with my preparation, I lost 30 mins of my actual exam time due to troubleshooting the applications for the proctor on my end. With that being said, here are my tips to help you guys prepare for the proctoring section when you are ready to take the exam:

  1. Make sure your system is able to meet the software/hardware requirements that offensive security provides in order to run these services. You can find that information here: https://support.offensive-security.com/proctoring-faq/
  2. Test your webcam to make sure it works. If you do not have a webcam for your system you can also use a spare laptop that has a webcam and connect the webcam session onto that system.
  3. The ScreenConnect application needs to be running on your main system that you will be using to connect to your exam.
  4. You can use multiple monitors for the exam. Keep in mind that the proctor must be able to see them and that they are connected to your system. The proctor will notify you about how many screens they see and you will need to confirm them with the number monitors you are using. If you use a system that has a monitor and it is not connected to the ScreenConnect application, then you will not be able to use that monitor for the exam.
  5. Be prepared and log into your webcam and screenconnect sessions 30 mins before your exam.
  6. Proctors cannot provide any assistance during the exam.
  7. You can take breaks, a nap, or grab a cup of coffee during your exam. Just make sure you notify the proctor when you leave and when you return for your exam.
  8. Also be dressed for your exam. I think that is pretty simple to understand why.
Elearnsecurity exam guide exams

For any other questions you may have you can check out Offensive Security FAQ for Proctored Exams here: https://www.offensive-security.com/faq/

NetSecFocus Learning Resources:

Books:

  • Kali Linux Revealed: https://www.kali.org/download-kali-linux-revealed-book/
  • Attacking Network Protocols: https://nostarch.com/networkprotocols
  • Red Team Field Manual: https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504
  • Hash-Crack-Password-Cracking-Manual v3: https://www.amazon.com/Hash-Crack-Password-Cracking-Manual/dp/1793458618
  • The Hacker Playbook Series: https://securepla.net/hacker-playbook/
  • The Web Application Hacker Handbook: http://mdsec.net/wahh/
  • Violent Python: https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579
  • Black Hat Python: https://nostarch.com/blackhatpython

Courses that can help you prepare for OSCP:

eLearnSecurity: eLearnSecurity offers affordable security training and a large amount of labs that you can practice in their hera lab network. They have their own certifications as well that you can take. These are the following courses that I took to help me prepare for OSCP.

  • Penetration Testing Student (PTS): https://www.elearnsecurity.com/course/penetration_testing_student/
  • Penetration Testing Professional (PTP): https://www.elearnsecurity.com/course/penetration_testing/
  • Web Application Penetration Testing (WAPT): https://www.elearnsecurity.com/course/web_application_penetration_testing/

SANS:SANS provides a wide variety of information security courses. Each of their courses are taught by very smart instructors who have been in this field for a very long time. However, these courses can be expensive if you are unable to get someone to pay for them. You can also try to apply for the SANS workforce training as well to be able to take their courses at a discount. I have taken most of the SANS course and I feel that the following courses below really helped me get a better understanding of what Pentesting is like in the actual field. Here are the courses that I would recommend if you are looking to prepare for OSCP.

  • SANS 560: https://www.sans.org/course/network-penetration-testing-ethical-hacking
  • SANS 542: https://www.sans.org/course/web-app-penetration-testing-ethical-hacking

Pentesterlabs: A lot of web app pentesting material in this course: https://pentesterlab.com/

Pentester Academy: https://www.pentesteracademy.com/topics

Other OSCP guides:

Other Links:

Welcome! You have arrived to the end of this journey (well not your OSCP journey if you decide to pursue it!). If you read this entire guide, I certainly give you props for doing so. If you read only parts of it, then I still give you props because the main thing that is important to me is that you learned something from it! I hope you are able to use my guide in your OSCP journey and are able to learn some new things, just like I did when I started mine. If this guide was able to help you let me know I want your feedback for sure. I thanked a lot of people for helping me with my journey in this guide and I want to thank them again for their time and contributions for helping me learn and grow in the cyber-security field. If anyone has any questions about this guide or feedback please let me know as you can reach out to me on twitter or on NetSecFocus!

-TJNullTwitter: https://twitter.com/TJ_Null

Github: https://github.com/tjnull

Netsec Focus: Tjnull

Hackthebox Discord AMA: https://www.youtube.com/watch?v=41DIav25Mp4

Bugcrowd: https://www.bugcrowd.com/researcher-spotlight-ambassador-tony-aka-tj-null/

P.S: Considering this journey as an extra mile, I am going to have to insist at this point for you to…… Try Harder! -Offensive Security

My eLearnSecurity Web Application Pentester experience

Exam

This blog post is a review/summary of my experience with the eLearnSecurity Web Application Pentester training path.

eLearnSecurity has this to say about this training path:

The Web Application Pentester path is the most advanced and hands-on training path on web application penetration testing in the market.

This training path starts by teaching you the fundamentals of networking and penetration testing, then proceeds to providing you with the established web application penetration testing methodology and the latest web attacks, and ultimately showcases how to execute more advanced and complicated attacks, by heavily manipulating web application components.

After completing this path, you will be able to perform a professional web application penetration test against any kind of web application or web service, by using your own custom payloads, combining different attacking techniques and evading web application firewalls.

The path develops proficiency towards the NIST role Secure Software Assessor.

A little background

I’ve been a hobby coder since I was 10, and a professional developer for a long time, so I know my way around a computer. I have also in depth networking knowledge, and have been using tools like Wireshark and Fiddler for many years (for testing and development work).

I have done the OSCP and OSWP from Offensive Security in between the parts of this training path.

The start

I had zero experience with pentesting before I started the PTS course, I had only done one HTB box and a couple challenges.

The PTS course was what I used to determine if I wanted to continue with this journey or not. So even though I didn’t spend that many hours in total on it, it took me about a month to finish. I also continued doing HTB in parallel, which also affected the time it took.

I didn’t find the exam to be very hard, but it was very relevant to the course material. This was a great start, and it gave me the confidence I needed to jump on the PWK/OSCP.

Running through the WAPT

The same week as I finished the WiFu/OSWP, which I took directly after PWK/OSCP, the SARS-CoV-2 pandemic caused Norway to go into a state of semi-voluntary lockdown. I was still determined to continue my journey, so I started the WAPT course. It took a while to adjust to the new work from home conditions, both in terms of mentally adjusting and trying to stay away from all the new distractions. This impacted the time I was able to spend on the course.

Since I had very recently finished the OSCP, and the material felt a bit basic (due to my developer background), I decided to just do the slides, and skip both videos and labs.

Once the slides was finished, I jumped straight into the exam. The exam was a lot of fun, and I thoroughly enjoyed it! I submitted my report, went for a walk, and by the time I got back, I had already received the passing grade!

The third and final

WAPT was only a step along the way for me, WAPTX was the one I was waiting for. By the time I started this, I had finally adjusted to the (temporary) “new normal”, and was able to concentrate a lot better. There was a lot of slides to read through, and a lot of great labs. I struggled with a couple of them, but they were all a lot of fun.

I jumped into the exam almost immediately after I finished the material. Compared to the other two exams, this was a beast! I got stuck, badly, several times. It felt like I wasn’t going to make it, but then something finally clicked. Then I got stuck again. But I had come too far to give up, so I managed to get 8 hours to use during the working hours (everything up to this has been after regular working hours), and that was exactly what I needed to break through the wall. I got all the objectives, made sure I had found everything I was able to find, and then it was time to write the report.

I submitted the report, and the the waiting game started. Checking my email every 5 minutes. And then, finally, while driving across the country for the first time in a long while - I received the result I had been waiting for.

WAPTX offline labs

The WAPTXv2 comes with a set of “offline labs”, which consists of a VM and a PDF with further exercises. You have to download and run the VM yourself, which also means it won’t affect your lab time. These exercises are more advanced than the regular labs. I have not done these exercises, yet, but I highly recommend at least looking at them!

Thanks to @DraconianNet for pointing this out to me!

My thoughts

There are a couple things I like about eLearnSecurity, compared to other alternatives:

  • Student dashboard with access to all resources - the progress tracker is very nice both for motivation and actually tracking progress
  • Dedicated labs - you don’t share the lab environment with any other student
  • Exam can be started whenever you are ready - no need to schedule in advance, just click the button and start hacking!
  • No restrictions on tools - use whatever tools you are comfortable with, free and commercial
  • The exam feels a lot more realistic - you have more time and have to write a professional report

There are also a couple downsides, the biggest being the support. It is much harder to get help. It should be said that the current pandemic has led to an influx of new students, probably making it a lot worse. But for some questions, I did have success asking in the forums. The moderators appear to be quite active at times, which is very nice. The course material, especially for WAPTX, does have some minor bugs, but it’s not too bad.

The labs are really great, but they do get disconnected every now and then (also during the exam), which will give you a new IP address. This is a bit annoying, and force you to keep changing your payloads. It also makes it really hard to run long/slow scans during the night (for the exams).

I also wish ELS would deliver physical certificates, especially for the Elite editions (or at least for a completed training path).

eLearnSecurity is a lot less known than other big names in the industry, but that might change in the future.

PTSv4 / eJPT

The PTS course is a good introduction and warm-up, especially when it is on sale and you can get your employer to pay for it. It is also a nice course for developers/administrators that want to learn more about security.

I consider this course to only be a preparation for the other courses, it’s not enough on its own.

This course is often free in the barebone edition. At the time of writing, you can get it by registering on The Ethical Hacker Network. The free edition is more than enough to see if this is something you want to continue with - so give it a try!

WAPTv3 / eWPT

The WAPT course did feel a bit dated, especially when you get to modules like the Flash module. But a lot of things still work the same was as they did several years ago, so there’s a lot of relevant things in there.

I didn’t do any of the labs (but still have access to them, so I might spend some time on them later), so can’t say much about them. The slides are easy to read.

Given my developer background, a lot of the material was a bit basic for me, but this is still a good course for developers that want to learn more about how attackers can exploit their applications. It is also a nice stepping stone on the way to WAPTX.

WAPTXv2 / eWPTXv2

I watched the launch webinar of WAPTXv2, and wanted to dive right into it. But I finished the PWK, WiFu and WAPT first.

Based on the launch webinar, I was expecting a bit more custom exploits, but the course was mainly focused on firewall evasion/filter bypass. The course does explain some very interesting techniques, and I learnt a lot from it. The labs were great, but the lab guide/solutions are a bit lacking in some of them. It looks like the upgrade from v1 to v2 was a bit rushed, this is apparent also in some of the slides.

I enjoyed both the course, the labs, and the exam (when I finally managed to unstuck myself). Even though there are some minor annoyances, I have no trouble recommending this course to both developers and pentesters. It would be nice to see more about modern applications (JavaScript frameworks, containers, cloud, etc.), but the content is still relevant and interesting.

My advice

This training path is not cheap. I bought all of the courses at discounted prices (end of year sale, launch sale, etc.). I highly recommend keeping an eye out for sales, eLearnSecurity have a lot of them.

Don’t worry too much about the lab time, you probably don’t need 120 hours (nice to have though). Just make sure to stop the lab when you are done with it. The Elite editions do have some nice benefits, but Full is better than nothing! I would not recommend paying for the Barebone edition, it’s simply not worth it (no exam, no video, no labs).

I recommend taking notes during the entire course, for all of the courses. Make your own notebook where you write down everything you discover along the way. I have a git repository where I keep all my notes, written in Markdown in VS Code. This allow me to quickly find commands, techniques, reverse shells, etc. whenever I need it.

Use the forums! Search before you ask. Due to the age of some of the material, you will get some issues with wrong software versions etc. Everyone have the same issues, and the solutions are thoroughly explained in the forums.

Tools

I recommend the following tools:

  • XMind - Mind mapping for the exams (and later engagements)
  • VSCode - Personal notes
  • Joplin - For findings during the exam (easy to organize, and you can paste screenshots directly into it)
  • Greenshot - This is the best screenshot application you can get if you use Windows as the host OS

Exam

The exam connection will drop at random intervals, reconnecting will give you a new IP address, so make sure to update your payloads. In some cases you can make the exam environment end up in a state where further exploitation is impossible - this is what we have reverts for, don’t be too afraid to use them.

eJPT exam

If you have done the course material, this exam shouldn’t be too hard. Just make sure you have enough time (maybe do it on a weekend).

I made a excel sheet with all the requirements, printed it, and used it to track my progress during the exam. Double check before you submit your answer.

eWPT exam

This exam will require a lot more time than eJPT, so make sure you have enough time to spend during the 7 day exam period.

Set manual DNS entries or block the exam domain in your DNS server (if you have one - if not, I recommend setting up a pi-hole). The domain used does actually exist. The exam connection will disconnect at random intervals, which may lead to you targeting actual servers on the internet!

Take regular breaks, especially when you are stuck! Make sure you take notes, and screenshots. I recommend mind mapping in XMind, and notes of findings and tool outputs in Joplin.

Write the report like ELS was a customer, focus on quality and presentation. This made it a lot more interesting for me, and I subconsciously put a lot more effort into it.

Elearnsecurity Exam Guide Questions

eWPTX exam

Unless you are a seasoned pentester, I recommend taking a day or two off from work for this one. Or start on a Friday and use the weekend to see if you need to take a day off or not. This exam is considerably harder than the other two. I got stuck, which cost me a lot of time. I would have used a lot less if I didn’t get stuck, but it would probably still take 30-40 hours.

I don’t think I could have done the exam without Burp Suite Professional. I probably could have, but it would have been a lot harder without it. So if you can, use Burp Pro!

Script it if you can. Python was very helpful for me during the exam.
Nothing very difficult, just slight modifications to scripts I used during the labs.

The exam is a bit CTF-ish, but make sure you don’t stop after finding the thing you are looking for.
Make sure you find all the other things as well.

Touchcopy 16 serial key code Sep 01, 2020 TouchCopy Crack 64-bit is the leading solution which delivers an easy and safe way to transfer and backup all iPod, iPhone, and iPad content.If you’ve recently replaced your computer or are recovering after a hard drive failure, TouchCopy Crack lets you save your music, playlists, podcasts, and videos from your iPod, iPhone or iPad to your hard drive or directly into iTunes, at the touch of. Aug 21, 2020 TouchCopy 16 Crack. TouchCopy Crack 64-bit is the leading solution which delivers an easy and safe way to transfer and backup all iPod, iPhone and iPad content.If you’ve recently replaced your computer or are recovering after a hard drive failure, TouchCopy Crack lets you save your music, playlists, podcasts and videos from your iPod, iPhone or iPad to your hard drive or directly into iTunes. 2 days ago TouchCopy 16.63 Crack is the data transfer utility application for iPod and iPhone. You can make the transfer of your files from the device to Mac easily with one click. TouchCopy Crack Mac supports all types of media files. So, you can transfer the files easily using this simple application.

Just as with eWPT, take regular breaks, especially when you are stuck! Make sure you take notes, and screenshots. I recommend mind mapping in XMind, and notes of findings and tool outputs in Joplin.

Same for the report here, think of ELS as a customer.

Time spent

I decided that I wanted to track all the time I spent doing the courses and the exams, resulting in very accurate numbers of time spent.

Time spent across all courses/certifications, not just this training path

Total hours spent: 278 hours, 16 minutes (eJPT: 45 hours, 21 minutes - eWPT: 51 hours, 27 minutes - eWPTX: 181 hours, 28 minutes)

TaskHours spent eJPTHours spent eWPTHours spent eWPTX
Study (slides/videos)26 hours, 17 minutes25 hours, 49 minutes57 hours, 2 minutes
Exercises/Labs13 hours, 17 minutesN/A45 hours, 6 minutes
Exam5 hours, 47 minutes17 hours, 46 minutes70 hours, 4 minutes
Exam ReportN/A7 hours, 52 minutes9 hours, 16 minutes

My timeline

  • October 16th, 2019: PTP purchased
  • November 17th, 2019: eJPT Exam done
  • January 23rd, 2020: WAPT and WAPTX purchased
  • March 17th, 2020: Started working on WAPT
  • March 29th, 2020: WAPT slides finished
  • March 31st, 2020: WAPT Exam started
  • April 5th, 2020 21:35: WAPT Exam report submitted
  • April 5th, 2020 22:02: WAPT Exam graded - passed!
  • April 8th, 2020: Started working on WAPTX
  • April 25th, 2020: WAPTX slides and lab exercises finished
  • April 25th, 2020: WAPTX exam started
  • May 2nd, 2020: WAPTX exam report submitted
  • May 8th, 2020: WAPTX exam graded - passed!