December 1, 2010 at 3:07 pm #5852Don DonzalKeymaster
In his ongoing series of reviewing OffSec courses, Ryan Linn takes on their advanced course. Let us know what you think.
As we move towards 2011, look for a new project for Ryan as we attempt to get security professionals on the road to coding. Stay tuned!!
Cracking the Perimeter (CTP) is the latest course offered by the team at Offensive Security. The course teaches expert level penetration skills including advanced tactics in web exploitation, binary manipulation and exploitation, and networking attacks. Building on material in the earlier course, Pentesting with Backtrack (PWB – Read Review), this offering provides intermediate students with a learning platform that can be used to become advanced practitioners of certain exploit methodologies. This review will attempt to provide a high-level overview of the course and set expectations for students who may be considering it.
Divided into a registration puzzle, five sections, and an exam, the course provides a more in-depth view of common web application exploits, binary analysis and backdoors, anti-virus evasion, techniques for exploitation using memory concepts, exploit writing, and network exploitation techniques. The end-of-course practical exam assures that the student has a true understanding of the course material presented, allowing employers and other security professionals to rely on the certification as a testament of capability, not only authority.
December 1, 2010 at 3:30 pm #36738UNIXParticipant
Great review, Ryan! As expected, the course sounds like a lot of fun.
December 1, 2010 at 3:40 pm #36739impelseParticipant
December 1, 2010 at 7:17 pm #36740KrisTeasonParticipant
This review is excellent. It looks like assembly is pretty necessary for the course. Did you end up passing your OSCE challenge Linn (apollo)? Thanks for posting the review Don.
December 1, 2010 at 11:23 pm #36741MaXeParticipant
Nice review 🙂
@xXxKrisxXx: Learning Assembly during the course or already knowing it is a very good idea.
Many parts of the course contains assembly language, so getting to know it is inevitable.
You don’t have to be able to write assembly programs entirely yourself, but being able to understand most of what happens e.g. in a payload is not a bad idea at all 😉
It’s an awesome course, highly recommendable!
December 2, 2010 at 6:53 pm #36742apolloParticipant
MaXe is spot on. You don’t have to be able to write assembly, but you generally need to get binary math (bit shifting, OR, AND, XOR etc) and you should have a base understanding of registers from PWB. From there, if you have a good assembly reference you can look stuff up, but the more you’ve dealt with looking at assembly the faster you will pick stuff up.
I did pass the OSCE. I didn’t pass it anywhere near as quickly as I did the OSCP. OSCP took me between 6-8 hrs, OSCE took me 40 hrs total with a 4 hr nap, a 6 hr nap, and a few time taking the dog for 20 min walks cause I was frustrated 🙂
In retrospect, I followed along with the course manual too closely when I was doing labs on my own. Some of the things where I thought I understood them, I was wrong and then I figured it out on the test. One challenge, had I done a better job of doing labs in the course, i would have taken something that took me about 10 hrs down to probably about 4 hrs. Although, at this point, I REALLY understand it, but in retrospect I wish I had done a better job of going through some of the labs.
December 2, 2010 at 9:21 pm #36743silParticipant
So my question becomes… How does it compare to Immunity’s NOP. I’m curious about that particular exam. Maybe I’ll gun for the OCSE come March
December 3, 2010 at 12:49 am #36744apolloParticipant
Hehe.. NOP is a funny little cert. Immunity is still offering it it seems based on their site, but I think it started out as a marketing tool. The deal was, get a random vulnerable binary, and see if you can write a working sploit in 45 mins using immunity debugger and their drag and drop sploit creation tool. You end up having to understand how concepts like pattern offsets work to find offsets, and basically their tools help you a lot. Their drag and drop sploit creation tool is pretty neat, but of course, it’s all out of my personal price range.
In all, unless you wanna do it for fun, NOP isn’t going to teach you anything. Going the OSCE path will teach you stuff unless you’re already at a level where you think ASLR is a “cute defense” and laugh as you code around it or you don’t deal with conventional exploitation any more because ROP is the future.
I Reaaaaaalllly wanna take Advanced Windows Exploitation. I wish it were offered more places than Black Hat. I have heard some interesting things about SANS 660 and their 700 level exploit writing classes. They are way more expensive though, so will have to figure out how to do that.
December 3, 2010 at 2:36 pm #36745tturnerParticipant
I was planning on doing SANS SEC660 this next year in Orlando but I suspect if we wait a bit they will come out with a cert for it as well. I find myself naturally gravitating to trainings I can convert into more alphabet soup. It’s becoming a disease.
I’m doing OPSE in Clearwater, FL http://www.isecom.org/opsefl in a couple weeks and am super excited about that as a long time OSSTMM fan. I opted for SEC/DEV (they keep changing it) 542 which is the GWAPT cert course and the 2 day Metasploit for Enterprise Pentesters course (even though there’s no cert, its Metasploit!!) at Orlando SANS 2011 in March/April. I usually work the conference as a volunteer for reduced training costs. Only $800 (+ expenses) vs the $4,000 or so it normally costs and way better exposure to the SANS instructors and many of the volunteers/facilitators are top notch security pros in their own right.
In addition to the SANS Metasploit course, I’m also doing the Securitytube Metasploit videos and we are buying Metasploit Pro at my work and I added on a 2 day onsite MS Pro training piece as well so by next spring I should be a Metasploit guru between MSF and MS Pro. I hope.
All that being said, I am hugely interested in the CtP course and I really appreciate the review. This course as well as the SANS 660 and 710 courses are at the top of my list for where I want to be BEFORE I feel confident enough to really call myself a pentester. I do some pentest work internally which is about 15% of my duties but it’s not what I would call high caliber since my work is primarily tool driven. It’s a journey, that’s for sure! Thanks again for the great review.
- You must be logged in to reply to this topic.