February 21, 2014 at 8:49 pm #8645Don DonzalKeymaster
This is a blog post. To read the original post, please click here »
In terms of training, Offensive Security is best known for their Pentesting with BackTrack/Kali (PWK) and Cracking the Perimeter (CTP) courses. While PWK and CTP have reputations for being intense, grueling courses that require months of sacrifice and dedication, the word “Advanced” is conspicuously absent from their titles. This fact alone should emphasize where Offensive Security AWE falls in relation to these other courses.
After registering for the course, the student must complete a reversing challenge to ensure he or she has a basic understanding of the foundation concepts that are required to digest the course content. The material in the course is far more advanced than the challenge, and successfully completing the challenge is no guarantee that the student is fully prepared for the course. However, if the student is unable to complete this challenge, or has extreme difficulty with it, there is a significant gap in requisite knowledge, and it is recommended to pursue the course at a later date after additional preparation. Did I mention “Advanced?”
February 22, 2014 at 9:12 am #53762UNIXParticipant
Nice review, dynamic, thanks for the write-up! Although AWE covers some different topics than corelan’s training, could you give a comparison of these two courses?
Again, congrats on the pass! 🙂
February 24, 2014 at 2:20 am #53763dynamikParticipant
Good question. Someone else asked me this on LinkedIn, so I’m sure others are curious as well.
The Corelan course is designed to be a boot camp that’ll take someone from a complete novice to being competent with many common exploitation techniques. I personally think it’d be best if someone had a basic understanding of assembly and CPU/memory operations prior to taking the course since that is A LOT of material to understand and retain over two days. However, the course will indeed start with the absolute basics, and there are technically no prerequisites. AWE is, of course, the polar opposite, and has an enormous amount of prerequisites.
There are several other key differences. The Corelan course is 32-bit only, and it focuses on userland exploitation. Therefore, 64-bit and kernel exploitation will be new in AWE. Corelan also revolves largely around the use of Mona.py (which is awesome). This mimics real-world exploit development in that you’d want to automate as many tedious and repetitive tasks as possible. Note: the concepts behind each technique are thoroughly explain, so it’s not like you’re just running a command that magically gives you an exploit. You still learn how everything works behind the scenes. However, per typical OffSec style, nothing in AWE is automated; they make you suffer through everything manually to truly ingrain the concepts and techniques. Actually, they do give you one ROP script that helps you find bricks. Unfortunately, it’s partially broken, and they literally make you find the error and fix it yourself 😮
As I mentioned in the review, OffSec went way out of their way to find convoluted vulnerabilities that not only covered a given technique but also brought tears to your eyes in the process. Therefore, heap spraying on the Corelan course focuses largely on that technique itself, while in the AWE course, you have to disassemble the binary with IDA and review the source code on top of that.
Comparing these two courses is really comparing apples and oranges. They each focus on unique areas and target different skill levels, and there’s no point in trying to determine which one is “better”. I think they compliment each other well, and it makes a lot of sense to do Corelan first and then move to an advanced course like AWE. I absolutely loved the Corelan course, and I would do things in the same order if I had to do everything again. It was undeniably a critical component of my AWE preparation.
Also, like the OffSec team, it was absolutely a privilege to spend that time with Peter. Despite being another leader in the field, he was completely humble and awesome to interact with. I picked up a lot of neat tips and tricks just from chatting with him during breaks and asking random questions during the course. Even if you think you have a good handle on the boot camp material, you’ll probably still get a lot out of the overall experience.
Finally, Corelan might have OffSec beat in terms of per-day intensity. He covers an insane amount of material in two days, and we went 14-16 hours each day (bring Red Bull, for both you and Peter). Peter is an absolute beast, and he was still energetic and wanting to do exercises at 10PM the second day, despite having a 6AM flight back to Belgium the next morning. Unfortunately, he had succeeded in reducing our brains to pudding at that point, and we had to draw the line there 🙂
February 25, 2014 at 3:48 pm #53764Master Of PuppetsParticipant
Congrats on this great achievement!
You must be logged in to reply to this topic.