So I took this exam last week and it’s fair to say I failed and pretty hard too. The structure of the exam is really good and I felt that the initial contact was very well written. The Rules of Engagement are super clear and you’re given an Open VPN file to connect to the network.
The network itself is really responsive and running scripts and other attacks work really really well.
Please note the problems here are all mine. Absolutely nothing wrong with TCM and their practices.
After about 9 hours of trying to get some sort of foothold on the network and getting nowhere, I became super frustrated so frustrated I emailed TCM’s support team asking them to check the environment as I was convinced something was wrong. Let’s put it this way I didn’t send my email graciously, it was a rather panicked clumsy email that no doubt sounded like I was asking for help and tips. I wasn’t but certainly didn’t help myself. Their response was within about 10 minutes which I couldn’t quite believe. They were very gracious in their response and kindly informed me that the environment was working fine with no errors.
The second thing I did which was super stupid in hindsight is going to Discord Server and ask for general guidance on OSINT. I was convinced and still am that my OSINT sucked. What I was trying to ask for is how people take the information and make the decision on their attacking method. I was quickly pulled into a one-to-one meeting with the moderators and told off. Whilst this is an open-book exam and I felt I was being generic enough to ask, the topic in question is still pertinent to the exam. Just learn from my mistake don’t do it. Fortunately, the moderator was gracious enough to tell me off and put a temporary ban on my account on the Discord Server. They did say that should I do anything like that again, my exam would have been terminated. It’s not worth it, it’s open book just go to Google and research.
So all in all, I didn’t get very far in the exam, the thing I wanted to test my knowledge on Active Directory I never got into which is a shame. Once I submitted my report the TCM team dropped me a little hint, my jaw dropped as I looked into it and my wife started laughing her head off because it was rather stupid.
Takeaway 1: I believe the exam is designed for beginner to intermediate, if you’re spending hours and hours coming up with weird and wonderful ways to exploit something, don’t. Just stop!
Takeaway 2: In the courses, Heath talks about the importance of Enumeration. I genuinely believe he’s right here. Make sure you’re notes are right on this and make sure you include Reconniasinace and Scanning within your Enumeration.
Takeaway 3: There’s a saying “try harder” when it comes to this stuff. However, John Hammond, I think re-phrases this perfectly to “try again”. If you’re stuck. Stop, you might not be able to let go of what you’re doing in your head. I know I can’t however, take 10-20 minutes off, step away from the desk and get a cup of tea or coffee. Then when you sit back down at your desk and review all of your Enumeration, it’s likely there’s something in there that you can use which is much easier than whatever you’re looking at.
I’d like to give this another crack, however, all of my Cisco certifications are up for renewal at the end of the year and with work moving to Juniper, I don’t have access to any of their hardware so I need to put some time aside to get back to it. If I get time I’d like to have another go before the end of the year but we’ll see what happens with my other certifications. I’ll update here once I’ve had another go.