You've already done more than I did before I started. I had basic assembly knowledge but I can assure you, if you listen and watch Mati intently in the videos, he drops little hints a long the way that give you an idea of what is "possible." I feel 1000% times better in a debugger than I did when I started just by watching and re-watching the videos and then re-creating the modules.

H1t -

I am 5 weeks into OSCE. It's quite different than OSCP which I passed a few months ago. The lab is small and there are not 50 extra boxes to pop in this compared to OSCP. Extra practice is really on your own. I've been talking with other OSCEs and found out that a good way to practice is to hit exploit-db and try to recreate the exploits you see there. For example, take an exploit and write it in a different language from scratch or use a different method like an egghunter if that wasnt used in the original exploit. Also download DVWA and try to pwn it in your sleep.

The course material and video modules for this are so gnarly. I love it. I honestly thought it would all be way over my head but if you put the time in, you'll get it. It's another tremendously well thought out and challenging course. I'll be taking the challenge in about a month.

-C

OSCP for me, but now I'm in the OSCE and realized the OSCP was a walk in the park. However, there is some really good stuff in this and it's been a blast.

Consider the source

http://attrition.org/errata/charlatan/steve_gibson/

http://allthatiswrong.wordpress.com/2009/10/11/steve-gibson-is-a-fraud/

I'm an idiot - I didn't have word wrap on. I'll take a look now.

n1p

Which file did that come from?

This is a problem I've had for years and never found a solution. I have an AEBS and whenever I do a portscan outside of my network it ALWAYS shows ports 7070 554 and 21 open, even when the host doesnt have those ports open. When I replace my AEBS with a regular Linksys router, these ports dont show up in my nmap scans. It's very strange.

I've only found a few posts talking about it but never any solutions. http://discussions.apple.com/message.jspa?messageID=7252565

Anyone else use an AEBS and experience the same behavior? I've tried wiping the device and starting fresh, I'm also running the latest firmware. When looking at a packet capture, you actually see the TCP handshake complete. Any other folks have this problem? Did you fix it?

This doesn't look malicious to me. Why do you think it is?

Just depends on the situation but there are some good ideas here: http://nmap.org/book/man-bypass-firewalls-ids.html

I had my first remote code execution exploit published and I talk about the details on my blog http://networkadminsecrets.blogspot.com/2011/01/golden-ftp-470-pass-remote-exploit.html.

The exploit is here: http://www.exploit-db.com/exploits/16036/

This exploit was strange and I was wondering if anyone can help me figure out one piece that I couldn't figure out. The offset changes depending on the subnet that the FTP server is running on. This obviously makes the exploit less reliable because you have to know the subnet and failed attempts cause a DOS. If anyone has a minute, let me know why you think this might be happening!!

It really depends on your background. I went straight to the OSCP but I also had 10 years of network admin experience and a casual interest in infosec. I recently finished my OSCP and detailed my experience on my blog. I highly recommend it, it was an unbelievable experience.

http://networkadminsecrets.blogspot.com/2010/12/offensive-security-certified.html

big_fact_hunt

If I were you, run Ubuntu as your OS but take advantage of Backtrack. Like chrisj said, dont re-invent the wheel. Using their virtual machine you can blow it up and you wont mess up your host machine.

http://www.backtrack-linux.org/downloads/

The forums are pretty active so you can always ask questions here but if you'd like my personal email address just send me a private message.

If SMB is open, I've always found the SMB enumeration modules in Metasploit to be very accurate.

Hordakk

I recently discovered my first bug and was trying to figure this out as well. The bug I found wasn't very exciting, it impacted an FTP server that can be found on like page 15 of google search results. None the less, I contacted the vendor and they fixed it promptly, within 2 weeks. They were pretty gracious actually. After they fixed it I submitted it to exploit-db.com.

tturner - I see your dilemma. If you could do it while you're at work that would be nice!! Having long blocks of solid time is the best way to to conquer the course.... best of luck.