Post Thu Oct 07, 2010 7:20 pm

Re: Anyone did OSCE (CTP) ?

I'm generally against reviving old threads, but I'll keep this message here for the sake of continuity.

I'm a little more than half way through my 60 days of lab time and I can't say that I'm disappointed.  I feel comfortable with all the material I've attempted so far (I've coded some exploits before), but I wish I had a better idea of what to expect for the certification challenge.  MaXe laid out a good overview of what to expect so I won't repeat it.  I haven't seen anything so far in the labs that required custom shellcode in the sense that you had to write a lot of your own.  I've mostly been using metasploit.  That being said, I have had to do some creative assembly to get to my premade shellcode, so if you consider that shellcoding, then I suppose you do need custom shellcode.

I wouldn't start this without a solid understanding of assembly and debugging.  I do a fair amount of reverse engineering of malware (actually teach a course on it), so I'm in assembly all the time.  That might be lulling me into a false sense of how hard this is supposed to be (curse of knowledge and all).  Either that or I'm in for a rude awakening one day in November when I sit for the exam....
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk