I haven't taken the exam myself yet, but from what I was told by people who sat for the exam, not a single one described it nearly as extreme as you did. It will certainly take quite a time before I attempt it, if at all, but I'm curious how difficult it will be.

I listed a couple of useful resources in my review, when I did the OSCE a couple of months ago:


Certainly more than needed for the OSCE exam, though.

I'd recommend to get a couple of vulnerable programs and to try to discover and exploit the vulnerabilities yourself. For appropriate targets you could refer to exploit-db and similar sites. A good practice would also be to try to create exploits that utilize different exploitation techniques than the ones that are publicly available.

The labs can easily be recreated at home, in case you consider to enroll again for some lab time. Also feel free to ask any specific questions that may arise while you go through the materials.

In terms of SQL Injection attacks, I'd recommend the book SQL Injection Attacks and Defense, which is a great read.

Congratulations, H1t M0nk3y! Let us know how you are progressing with OSCE.

Congrats! Are you also going to buy the LPT?

Do you already have plans for your next certification(s)?

Source and syllabus: http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/

Thanks for the fast clarification, cd1zz!

I was told that GPEN is required in order to sit for the GXPN exam, however, I couldn't find such statement on the official website. Can anyone confirm whether GPEN is required for GXPN or not? I might give it a try this year, so I'm wondering.

Here is a list with some more targets to practice on.

If you are more interested in information security management, I'd recommend to take a look at CISM, CISA and CISSP.

Is anyone still working on this one?

Congratulations to both of you!

Great, congrats again, now officially.

Even if you have no official word yet, congratulations!