Offensive Security Community Chat User Guide – Offensive Security Support Portal

What is it?

The Offensive Security Community Platform (OSPL) Chat is a platform where Offensive Security students, staff, and members of the info-sec community can connect, communicate, and collaborate with one another. The main purpose of this platform is to foster a sense of community between our staff, students, and fellow info-sec professionals.

Registration

To create an OSPL Chat account, sign up to our Offensive Security Community Portal at: https://portal.offensive-security.com/sign-up/community

Installation

You can log in to the OSPL chat platform via a web browser or the Rocket Chat app. To download the app, visit https://rocket.chat/install/ and install the version applicable to your operating system.

After installing Rocketchat, you will be prompted for the server URL during the initial launch of the application. Enter “community.offensive-security.com” as the server URL and click connect as outlined below.

Screen_Shot_2020-09-01_at_7.06.47_PM.png

Web Browser

To access the chat platform via web browser, you must first sign in to the Offsec Community Platform at: https://portal.offensive-security.com/sign-in

Once logged in, click on the “Community” link at the upper right side of the page to reach Rocketchat.

ezgif.com-gif-maker__4_.png

Public Channels

The chat platform offers public and private channels. Any user can join a public channel by first searching for the channel name they want to join with the search icon located at the upper right portion of the Rocketchat app or web page:

Once they have found the channel, they can click the “Join” button at the right side of the text field to join.

Screen_Shot_2020-09-06_at_2.59.24_PM.png

Below is a list of the public channels you should check for important announcements and information:

#rules: This channel defines the purpose of the community platform as well as how students should legally abide by it under our Academic Policies.
#announcements: This channel contains general announcements such as any updates to courses and labs, raffles and giveaways, and any other Offsec related news.
#general: Is a channel for open discussion and an offtopic area where students can get to know each other
#jobs: This channel contains job postings that require any Offsec certification
#off-topic: A channel to discuss anything non-infosec related
#whoami: A channel where members can introduce themselves
#invitation-request: A channel where members can request to join private channels

The channels are updated on a regular basis. Please check the platform for the most up-to-date channels.

Private Groups

Offensive Security students have an avenue where they can discuss the courses and exercises.

To avoid spoiling the fun and challenge of the exercises, there are rules that must be followed:

Students are not allowed to share complete solutions or walkthroughs of any exercise as we still want students to complete them on their own.
Students are not allowed to share complete source codes, scripts, or commands that are required for the exercises. Sharing sample code snippets are allowed as long as they don’t give the answers away.

Students can also ask for hints on the lab machines if they have exhausted all their options and have put enough effort in enumerating the target. However, lab machine questions will be stricter in moderation as we do not want the machine’s solutions to be spoiled to everyone. The following are examples of spoilers that should be avoided in the groups:

Providing a detailed walkthrough or steps needed to exploit a lab machine.
Providing the exact exploit, command, CVE, or URL of the exploit to use on a specific lab machine
Providing detailed information on how to leverage the vulnerability of an exploit is not allowed. Although discussing the general concept such as RFI is acceptable.
Discussing hidden information that should be enumerated, such as a hidden port number, hidden URL, or hidden files is not allowed. Giving details on such information defeats the purpose of having them hidden in the first place.

Student Administrators (SAs) will assist, help and moderate the groups to ensure the rules and guidelines are complied.

How to join Private Groups

To join, message the #invitation-request channel with the private group name. One of the OffSec members will review and once approved, students will be added. You will be added if you have registered the courses.

Screen_Shot_2020-09-03_at_6.28.41_PM.png

Below are some of the private groups:

pwk-oscp: A channel where students can discuss the PWK course modules and exercises
awae-oswe: A channel where students can discuss the AWAE course modules and exercises
ctp-osce: A channel where students can discuss the CTP course modules and exercises
wifu-oswp: A channel where students can discuss the WiFu course modules and exercises

How to Ask for Help

When asking for help, please include as much detail as possible. Provide the steps, commands, codes, and any other relevant information to http://www.paste.offsec.com. This way, the students and SAs will have a good understanding of what’s going on so they can better assist you. Please do not copy & paste your sample codes to the groups, as it will be difficult to read and to be mindful of other users also discussing in the channel.

Avoid: Hi I need help!

Avoid: I need help with x.x.x.x machine

Propose: I’ve been working on getting low-level access to x.x.x.x machine. I found credentials from another machine, but they do not seem to be working. Can someone help me?

Avoid: I’m stuck on exercise 123

Propose:I’m trying to get the exploit for exercise 123 to work, however I get an error when launching it. Here are the commands and outputs: http://www.paste.offsec.com/SdDfLvsw

Note: If you ask a vague question, “Hi I need help” or “Can one of the SAs DM me,” it shows that you are not trying or putting the effort in. As a result, we will not respond to you.

Channel Behaviour

Please be polite and courteous within the chat platform as we do not tolerate unmannerly behavior of any kind. Below are the list of unacceptable topics within any of our channels:

We do not allow discussing information on the course exams outside of what is publicly available in the course Exam Guides.
We do not allow discussing illegal activities such as hacking private individuals or corporations.
Please see #rules on Rocketchat for more restrictions.

We also request students to keep discussions related to the group topic. If you are not sure please check the #off-topic and #general channels.

Threads

To avoid clutter in the discussions, students should write their replies within threads of the original message as part of best practices. This keeps all the discussions on a specific topic in one location so users can easily follow along. This also avoids multiple replies to different messages overlapping with one another, causing confusion and will be difficult to read. To reply in a thread, simply click on the message icon located at the right side of the message you are replying to as shown in the screenshot below:

ezgif.com-gif-maker__2_.png

Student Administrators (SAs)

Our SAs are Offsec alumni that have joined the company to mentor students since they have gone through the courses. The SAs will be available to mentor, support and monitor the channels/groups.

To identify an SA, please check if the Student Admin tag is present at the right side of their username:

ezgif.com-gif-maker__1_.png

If a student wishes to DM an SA, the SA may not be available as he/she may be helping other students or working on other assignments. If the SA is not available, the SA will get back to the student once he/she is available. If the student would like a faster response, please message in the private group where another SA will assist.

Note: Extra Mile exercises require independent research and are meant to be completed by the student on their own. Therefore, SAs will not be able to help or provide assistance for it.