HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 54 guests and 3 members online
 
Free Business and Tech Magazines and eBooks

You are here: Home arrow Columnsarrow Linnarrow [Article]-Course Review: Cracking the Perimeter by Offensive Security
EH-Net
May 20, 2013, 10:18:09 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: [Article]-Course Review: Cracking the Perimeter by Offensive Security  (Read 35930 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 4165


Editor-In-Chief


View Profile WWW
« on: December 01, 2010, 09:07:18 AM »
In his ongoing series of reviewing OffSec courses, Ryan Linn takes on their advanced course. Let us know what you think.

As we move towards 2011, look for a new project for Ryan as we attempt to get security professionals on the road to coding. Stay tuned!!

Permanent link: [Article]-Course Review: Cracking the Perimeter by Offensive Security

Quote


Cracking the Perimeter (CTP) is the latest course offered by the team at Offensive Security. The course teaches expert level penetration skills including advanced tactics in web exploitation, binary manipulation and exploitation, and networking attacks. Building on material in the earlier course, Pentesting with Backtrack (PWB - Read Review), this offering provides intermediate students with a learning platform that can be used to become advanced practitioners of certain exploit methodologies. This review will attempt to provide a high-level overview of the course and set expectations for students who may be considering it.

Divided into a registration puzzle, five sections, and an exam, the course provides a more in-depth view of common web application exploits, binary analysis and backdoors, anti-virus evasion, techniques for exploitation using memory concepts, exploit writing, and network exploitation techniques. The end-of-course practical exam assures that the student has a true understanding of the course material presented, allowing employers and other security professionals to rely on the certification as a testament of capability, not only authority. 


Don
Logged
CISSP, MCSE, CSTA, Security+ SME
UNIX
Hero Member
*****
Offline Offline

Posts: 1234


View Profile
« Reply #1 on: December 01, 2010, 09:30:13 AM »
Great review, Ryan! As expected, the course sounds like a lot of fun.
Logged
impelse
Hero Member
*****
Offline Offline

Posts: 565


View Profile WWW
« Reply #2 on: December 01, 2010, 09:40:48 AM »
Good job.
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« Reply #3 on: December 01, 2010, 01:17:21 PM »
This review is excellent. It looks like assembly is pretty necessary for the course. Did you end up passing your OSCE challenge Linn (apollo)? Thanks for posting the review Don.

-Kris
Logged
eCPPT, GCIH, OSCP, OSWP
MaXe
Hero Member
*****
Offline Offline

Posts: 669


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #4 on: December 01, 2010, 05:23:19 PM »
Nice review  Smiley

@xXxKrisxXx: Learning Assembly during the course or already knowing it is a very good idea.
Many parts of the course contains assembly language, so getting to know it is inevitable.

You don't have to be able to write assembly programs entirely yourself, but being able to understand most of what happens e.g. in a payload is not a bad idea at all  Wink

It's an awesome course, highly recommendable!
Logged
I'm an InterN0T'er
apollo
Moderator
Full Member
*****
Offline Offline

Posts: 146


View Profile WWW
« Reply #5 on: December 02, 2010, 12:53:18 PM »
MaXe is spot on.  You don't have to be able to write assembly, but you generally need to get binary math (bit shifting, OR, AND, XOR etc) and you should have a base understanding of registers from PWB.  From there, if you have a good assembly reference you can look stuff up,  but the more you've dealt with looking at assembly the faster you will pick stuff up.

I did pass the OSCE.  I didn't pass it anywhere near as quickly as I did the OSCP.  OSCP took me between 6-8 hrs, OSCE took me 40 hrs total with a 4 hr nap, a 6 hr nap, and a few time taking the dog for 20 min walks cause I was frustrated Smiley 

In retrospect, I followed along with the course manual too closely when I was doing labs on my own.  Some of the things where I thought I understood them, I was wrong and then I figured it out on the test.  One challenge, had I done a better job of doing labs in the course, i would have taken something that took me about 10 hrs down to probably about 4 hrs.  Although, at this point, I REALLY understand it, but in retrospect I wish I had done a better job of going through some of the labs.
Logged
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
sil
Hero Member
*****
Offline Offline

Posts: 549



View Profile WWW
« Reply #6 on: December 02, 2010, 03:21:20 PM »
So my question becomes... How does it compare to Immunity's NOP. I'm curious about that particular exam. Maybe I'll gun for the OCSE come March
Logged
http://www.infiltrated.net/mgz/puppylecter.jpg
apollo
Moderator
Full Member
*****
Offline Offline

Posts: 146


View Profile WWW
« Reply #7 on: December 02, 2010, 06:49:26 PM »
Hehe.. NOP is a funny little cert.  Immunity is still offering it it seems based on their site, but I think it started out as a marketing tool.  The deal was, get a random vulnerable binary, and see if you can write a working sploit in 45 mins using immunity debugger and their drag and drop sploit creation tool.  You end up having to understand how concepts like pattern offsets work to find offsets, and basically their tools help you a lot.  Their drag and drop sploit creation tool is pretty neat, but of course, it's all out of my personal price range. 

In all, unless you wanna do it for fun, NOP isn't going to teach you anything.  Going the OSCE path will teach you stuff unless you're already at a level where you think ASLR is a "cute defense" and laugh as you code around it or you don't deal with conventional exploitation any more because ROP is the future. 


I Reaaaaaalllly wanna take Advanced Windows Exploitation.  I wish it were offered more places than Black Hat.  I have heard some interesting things about SANS 660 and their 700 level exploit writing classes.  They are way more expensive though, so will have to figure out how to do that.
Logged
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
tturner
Sr. Member
****
Offline Offline

Posts: 432


View Profile WWW
« Reply #8 on: December 03, 2010, 08:36:07 AM »
I was planning on doing SANS SEC660 this next year in Orlando but I suspect if we wait a bit they will come out with a cert for it as well. I find myself naturally gravitating to trainings I can convert into more alphabet soup. It's becoming a disease.

I'm doing OPSE in Clearwater, FL www.isecom.org/opsefl in a couple weeks and am super excited about that as a long time OSSTMM fan. I opted for SEC/DEV (they keep changing it) 542 which is the GWAPT cert course and the 2 day Metasploit for Enterprise Pentesters course (even though there's no cert, its Metasploit!!) at Orlando SANS 2011 in March/April. I usually work the conference as a volunteer for reduced training costs. Only $800 (+ expenses) vs the $4,000 or so it normally costs and way better exposure to the SANS instructors and many of the volunteers/facilitators are top notch security pros in their own right.

In addition to the SANS Metasploit course, I'm also doing the Securitytube Metasploit videos and we are buying Metasploit Pro at my work and I added on a 2 day onsite MS Pro training piece as well so by next spring I should be a Metasploit guru between MSF and MS Pro. I hope.

All that being said, I am hugely interested in the CtP course and I really appreciate the review. This course as well as the SANS 660 and 710 courses are at the top of my list for where I want to be BEFORE I feel confident enough to really call myself a pentester. I do some pentest work internally which is about 15% of my duties but it's not what I would call high caliber since my work is primarily tool driven. It's a journey, that's for sure! Thanks again for the great review.
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog  @tonylturner http://bsidesorlando.org
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.078 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.