5t19

Hi, I'm fairly sure most people who get involved in security, pen testing etc, will know things about networks, linux, and a handful of languages and understanding of exploits depending on what they're doing. A part from things like becoming a better programmer or learning more about networks what are some things you would assume security experts to know? I'm looking for things to do with security but mainly things that don't necessarily come under security like linux kernel development or AI but could be incredibly beneficial to someone in security. Thanks!

Hey, I'm signed up for the 30 day OSCP course to start in about a month and have a few questions, I understand everyone is supposed to keep quiet about the exam so if this is breaking the rules please let me know. So in the exam I've heard you have 5 machines on the network you have to get root on, are they all in the same IP range for example 192.168.0.1 -> 192.168.0.255 or is it more complicated than that? I'm guessing at the start they won't tell you what the IP addresses are as well? Also are there more machines on the network you aren't supposed to target to make things trickier? I managed to get all the way through the Kioptrix 1.1 machine (walkthrough in the link is the way I did it) past the command injection part without a problem but then the rest I managed to do with a bit of difficulty. For the sake of my sanity I was wondering how difficult are the machines in the lab compared to this, disregarding the four or so scary ones I've heard about? The one issue I'm having with the Kioptrix labs and metasploitable, which is making me feel a hell of a lot like a script kiddie is always searching searchsploit and google to find vulnerabilities and not being able to write them myself, I hear people saying a lot about in the OSCP you need to modify scripts but so far all I have had to do is download/find scripts, compile them or make them executable. Are there any other ways I'm supposed to modify scripts for the labs/exam and will I need to write my own scripts for exploitation or just for enumeration? In a review of the course I read online someone mentioned the first two stages of a pentest should almost always be enumeration/ports etc, then finding services running etc, so far I assume these two are the same thing and I'm worried i'm missing something out, surely something like nmap -A or -sV would enumerate and find services right? As I'm taking the 30 day i'm quite paranoid to get all of the basics covered as I possibly can before the time starts, I'm comfortable with the following: nmap, command line, bash, python, perl, c, assembly, metasploit, decent understanding of a lot of the network protocols, wireshark, nc, dns zone transfers, SQL injections, basic javascript in XSS Is there anything else I should look into before to give myself the best chance to do it in 30 days? Thanks for spending the time to read, I hope this doesn't come under yet another OSCP thread

Hey, i'm reading a book Metasploit The Penetration Testers Guide and in it the author mentions that in general you should not set the THREADS value in Metasploit to more than 16 on Windows machines and more than 128 on UNIX style machines. I'm just curious as to why, and also why so little on windows? Later in the book the author also uses 255 threads for a port scan. Thanks