HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 69 guests online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Columnsarrow Linnarrow [Article]-Course Review: Cracking the Perimeter by Offensive Security
EH-Net
May 26, 2012, 02:07:57 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: [Article]-Course Review: Cracking the Perimeter by Offensive Security  (Read 22685 times)
0 Members and 3 Guests are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Offline Offline

Posts: 3917


Editor-In-Chief


View Profile WWW
« on: December 01, 2010, 09:07:18 AM »
In his ongoing series of reviewing OffSec courses, Ryan Linn takes on their advanced course. Let us know what you think.

As we move towards 2011, look for a new project for Ryan as we attempt to get security professionals on the road to coding. Stay tuned!!

Permanent link: [Article]-Course Review: Cracking the Perimeter by Offensive Security

Quote


Cracking the Perimeter (CTP) is the latest course offered by the team at Offensive Security. The course teaches expert level penetration skills including advanced tactics in web exploitation, binary manipulation and exploitation, and networking attacks. Building on material in the earlier course, Pentesting with Backtrack (PWB - Read Review), this offering provides intermediate students with a learning platform that can be used to become advanced practitioners of certain exploit methodologies. This review will attempt to provide a high-level overview of the course and set expectations for students who may be considering it.

Divided into a registration puzzle, five sections, and an exam, the course provides a more in-depth view of common web application exploits, binary analysis and backdoors, anti-virus evasion, techniques for exploitation using memory concepts, exploit writing, and network exploitation techniques. The end-of-course practical exam assures that the student has a true understanding of the course material presented, allowing employers and other security professionals to rely on the certification as a testament of capability, not only authority. 


Don
Logged
CISSP, MCSE, CSTA, Security+ SME
aweSEC
Hero Member
*****
Offline Offline

Posts: 1100


View Profile
« Reply #1 on: December 01, 2010, 09:30:13 AM »
Great review, Ryan! As expected, the course sounds like a lot of fun.
Logged
impelse
Sr. Member
****
Offline Offline

Posts: 493


View Profile
« Reply #2 on: December 01, 2010, 09:40:48 AM »
Good job.
Logged
CCNA, Security+, 70-290, 70-291
CCNA Security, Working Windows 7 70-680
xXxKrisxXx
Sr. Member
****
Offline Offline

Posts: 491



View Profile
« Reply #3 on: December 01, 2010, 01:17:21 PM »
This review is excellent. It looks like assembly is pretty necessary for the course. Did you end up passing your OSCE challenge Linn (apollo)? Thanks for posting the review Don.

-Kris
Logged
OSCP, OWSP, eCPPT
MaXe
Hero Member
*****
Offline Offline

Posts: 507


I've just upgraded myself to a cyborg muahahaa!!1


View Profile WWW
« Reply #4 on: December 01, 2010, 05:23:19 PM »
Nice review  Smiley

@xXxKrisxXx: Learning Assembly during the course or already knowing it is a very good idea.
Many parts of the course contains assembly language, so getting to know it is inevitable.

You don't have to be able to write assembly programs entirely yourself, but being able to understand most of what happens e.g. in a payload is not a bad idea at all  Wink

It's an awesome course, highly recommendable!
Logged
I'm an InterN0T'er
apollo
Moderator
Full Member
*****
Offline Offline

Posts: 142


View Profile WWW
« Reply #5 on: December 02, 2010, 12:53:18 PM »
MaXe is spot on.  You don't have to be able to write assembly, but you generally need to get binary math (bit shifting, OR, AND, XOR etc) and you should have a base understanding of registers from PWB.  From there, if you have a good assembly reference you can look stuff up,  but the more you've dealt with looking at assembly the faster you will pick stuff up.

I did pass the OSCE.  I didn't pass it anywhere near as quickly as I did the OSCP.  OSCP took me between 6-8 hrs, OSCE took me 40 hrs total with a 4 hr nap, a 6 hr nap, and a few time taking the dog for 20 min walks cause I was frustrated Smiley 

In retrospect, I followed along with the course manual too closely when I was doing labs on my own.  Some of the things where I thought I understood them, I was wrong and then I figured it out on the test.  One challenge, had I done a better job of doing labs in the course, i would have taken something that took me about 10 hrs down to probably about 4 hrs.  Although, at this point, I REALLY understand it, but in retrospect I wish I had done a better job of going through some of the labs.
Logged
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
sil
Hero Member
*****
Offline Offline

Posts: 536



View Profile WWW
« Reply #6 on: December 02, 2010, 03:21:20 PM »
So my question becomes... How does it compare to Immunity's NOP. I'm curious about that particular exam. Maybe I'll gun for the OCSE come March
Logged
http://www.infiltrated.net/mgz/puppylecter.jpg
apollo
Moderator
Full Member
*****
Offline Offline

Posts: 142


View Profile WWW
« Reply #7 on: December 02, 2010, 06:49:26 PM »
Hehe.. NOP is a funny little cert.  Immunity is still offering it it seems based on their site, but I think it started out as a marketing tool.  The deal was, get a random vulnerable binary, and see if you can write a working sploit in 45 mins using immunity debugger and their drag and drop sploit creation tool.  You end up having to understand how concepts like pattern offsets work to find offsets, and basically their tools help you a lot.  Their drag and drop sploit creation tool is pretty neat, but of course, it's all out of my personal price range. 

In all, unless you wanna do it for fun, NOP isn't going to teach you anything.  Going the OSCE path will teach you stuff unless you're already at a level where you think ASLR is a "cute defense" and laugh as you code around it or you don't deal with conventional exploitation any more because ROP is the future. 


I Reaaaaaalllly wanna take Advanced Windows Exploitation.  I wish it were offered more places than Black Hat.  I have heard some interesting things about SANS 660 and their 700 level exploit writing classes.  They are way more expensive though, so will have to figure out how to do that.
Logged
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
tturner
Sr. Member
****
Offline Offline

Posts: 329


View Profile WWW
« Reply #8 on: December 03, 2010, 08:36:07 AM »
I was planning on doing SANS SEC660 this next year in Orlando but I suspect if we wait a bit they will come out with a cert for it as well. I find myself naturally gravitating to trainings I can convert into more alphabet soup. It's becoming a disease.

I'm doing OPSE in Clearwater, FL www.isecom.org/opsefl in a couple weeks and am super excited about that as a long time OSSTMM fan. I opted for SEC/DEV (they keep changing it) 542 which is the GWAPT cert course and the 2 day Metasploit for Enterprise Pentesters course (even though there's no cert, its Metasploit!!) at Orlando SANS 2011 in March/April. I usually work the conference as a volunteer for reduced training costs. Only $800 (+ expenses) vs the $4,000 or so it normally costs and way better exposure to the SANS instructors and many of the volunteers/facilitators are top notch security pros in their own right.

In addition to the SANS Metasploit course, I'm also doing the Securitytube Metasploit videos and we are buying Metasploit Pro at my work and I added on a 2 day onsite MS Pro training piece as well so by next spring I should be a Metasploit guru between MSF and MS Pro. I hope.

All that being said, I am hugely interested in the CtP course and I really appreciate the review. This course as well as the SANS 660 and 710 courses are at the top of my list for where I want to be BEFORE I feel confident enough to really call myself a pentester. I do some pentest work internally which is about 15% of my duties but it's not what I would call high caliber since my work is primarily tool driven. It's a journey, that's for sure! Thanks again for the great review.
Logged
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GSEC, OPSE, CSWAE, VCP

Next 6 months: GCIH, CSTP, STI MSISE
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.133 seconds with 22 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.