The Ethical Hacker Network

cd1zz

Hero Member

Offline

Posts: 561

OSCE Review

« on: May 03, 2011, 02:06:43 PM »

Well, it will be nice to have my life back. I managed to get through the OSCE challenge and got word today that I obtained the cert.

I documented my experience like I did with the OSCP:

http://www.networkadminsecrets.com/2011/05/offensive-security-certified-expert.html


	Logged

OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com

millwalll

Guest

Re: OSCE Review

« Reply #1 on: May 03, 2011, 02:10:10 PM »

well done


	Logged

Agoonie

Full Member

Offline

Posts: 176

Re: OSCE Review

« Reply #2 on: May 03, 2011, 02:36:05 PM »

Great review. I will be signing up soon, definitely. I promised my wife I would take a break after the OSCP. Grin

Of course I did the FC4 already just to see if I could do it. Thanks for the review. You and MaXe had a great experience even with the pain. LOL. I have to take this course. I am really excited now. Will it matter if someone uses BackTrack 5 instead of BackTrack 4 when taking the course??


	Logged

OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com

UNIX

Hero Member

Offline

Posts: 1234

Re: OSCE Review

« Reply #3 on: May 03, 2011, 02:37:30 PM »

Congrats, cd1zz.

Quote

Will it matter if someone uses BackTrack 5 instead of BackTrack 4 when taking the course??

Doesn't matter.


	Logged

cd1zz

Hero Member

Offline

Posts: 561

Re: OSCE Review

« Reply #4 on: May 03, 2011, 03:01:19 PM »

Go for it dude. As far as BT4 or 5, it wont matter. I actually spent most of my time in Windows VMs using Immunity because most of this is windows exploit dev and windows pwnage.


	Logged

OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com

alucian

Full Member

Offline

Posts: 225

Re: OSCE Review

« Reply #5 on: May 03, 2011, 03:09:57 PM »

Congrats!

And I really liked your review.


	Logged

CISSP ISSAP, CISM/A, GWAPT, GCIH, eCPPT, OSWP

lorddicranius

Sr. Member

Offline

Posts: 447

Re: OSCE Review

« Reply #6 on: May 03, 2011, 04:55:23 PM »

Gratz and nice review


	Logged

GSEC, eCPPT, Sec+

H1t M0nk3y

Hero Member

Offline

Posts: 864

Re: OSCE Review

« Reply #7 on: May 03, 2011, 07:55:52 PM »

Congratz cd1zz!!!

I took the CPT course too and I have yet to challenge the OSCE exam. I have to say the course indeed opened my eyes big time!

After doing the exercises, I took a pause and wrote the CISSP exam (because every contract requires it...). I basicaly went from one extreme to another! Passing from "dreaming about Hex" to learning about "Business Continuity Planning" was like eating vanilla ice cream after drink whiskey. It didn't taste good...

I am going to Dallas in a bit more than a week to take "Advanced Penetration Testing Course" by Joe McCray. Then, after a little break, I will start playing in exploitdb to recreate exploits.

Quote

After I completed the course modules I jumped on exploit-db and started recreating all of the buffer overflow exploits I could find. I would take one, strip out everything in the middle and try to get the same results. I probably recreated 50 exploits. The point of this was to get very familiar inside a debugger and to see first hand some of the obstacles you encounter when writing exploits.

BTW cd1zz, would you say this tactic paid off? Would you change anything in your preparation?

Thanks and congratulations again!!!


	Logged

OSCP, GPEN, GWAPT, GSEC, CEH, CISSP

cd1zz

Hero Member

Offline

Posts: 561

Re: OSCE Review

« Reply #8 on: May 03, 2011, 08:25:55 PM »

I've been putting off the CISSP but unfortunately I think its next for me. Nice work on getting through that.

For me, recreating exploits was key because I only knew basic assembly and had basic debugger skills. It forced me to become comfortable in a debugger and learn much more about assembly. For example, if the original author of an exploit wrote it as an EIP overwrite, I'd look for the SEH overwrite and rewrite it. If they didn't use an egghunter, I would add an egghunter. If the original author only wrote it for XP, I'd write it for Vista or 7. Using this method I managed to run into all kinds of issues I had to sort out.

My biggest weakness going into this course was on the web side. I wish I would have spent more time on this. I would recommend not only focusing on the exploit dev but understand exploiting all kinds of web apps.


	Logged

OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com

H1t M0nk3y

Hero Member

Offline

Posts: 864

Re: OSCE Review

« Reply #9 on: May 04, 2011, 05:24:09 AM »

Thanks cd1zz for your comments.

Quote

If the original author only wrote it for XP, I'd write it for Vista or 7

All my machines at home are 64 bits OS... I wanted to do the same as you and rewrite exploits at home, but I am a bit stock because of that...

Thanks for the advice on the web apps. It's true, we tend to focus more on the exploit development side...

Good luck for CISSP! PM me if you need some advice.


	Logged

OSCP, GPEN, GWAPT, GSEC, CEH, CISSP

mambru

Jr. Member

Offline

Posts: 98

Re: OSCE Review

« Reply #10 on: May 05, 2011, 09:44:13 AM »

Congrats cd1zz! I know the pain of going through the CTP training and the challenge, and my time has come to suffer it again. Hopefully I'll be able to get my life back once I knock it off, unless I get hooked on with a new course.


	Logged

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: OSCE Review

« Reply #11 on: May 08, 2011, 08:40:18 AM »

Quote from: KillJ0y on May 03, 2011, 02:36:05 PM

Great review. I will be signing up soon, definitely. I promised my wife I would take a break after the OSCP. Grin

It was fun, but all the glamour has almost worn off for me now lol Grin

It won't matter which version of BackTrack you use, but different versions of Metasploit has different payloads, so you may want to grab an older version of Metasploit as well just in case if it doesn't work out. (There's more info on the student forums about this as well.)

There's a few other tools that requires different args as well, and some that works a little bit differently but this is just a part of the challenge in my opinion, so it shouldn't matter a lot since I didn't use BackTrack Wink


	Logged

I'm an InterN0T'er

tturner

Sr. Member

Offline

Posts: 432

Re: OSCE Review

« Reply #12 on: May 11, 2011, 12:26:40 PM »

Quote from: H1t M0nk3y on May 04, 2011, 05:24:09 AM

All my machines at home are 64 bits OS... I wanted to do the same as you and rewrite exploits at home, but I am a bit stock because of that...

Why can't you load up 32 bit VMs on your 64 bit host?


	Logged

Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org

Agoonie

Full Member

Offline

Posts: 176

Re: OSCE Review

« Reply #13 on: May 24, 2011, 02:53:21 PM »

Just wondering, is the book, "Fuzzing: Brute Force Vulnerability Discovery" by
Michael Sutton, et al a good book to pick up before taking the OSCE course?


	Logged

OSCE, OSCP, OSWP, CISSP, GPEN

www.agoonie.com

cd1zz

Hero Member

Offline

Posts: 561

Re: OSCE Review

« Reply #14 on: May 24, 2011, 02:59:29 PM »

I bought that book and found it to be useful at times during the course. I think its good to have in the arsenal regardless... I find myself referring to it more and more after I finished OSCE.


	Logged

OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com

Pages: [1] 2 Go Up

« previous next »