.

[Article]-Course Review: Cracking the Perimeter by Offensive Security

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Dec 01, 2010 10:07 am

[Article]-Course Review: Cracking the Perimeter by Offensive Security

In his ongoing series of reviewing OffSec courses, Ryan Linn takes on their advanced course. Let us know what you think.

As we move towards 2011, look for a new project for Ryan as we attempt to get security professionals on the road to coding. Stay tuned!!

Permanent link: [Article]-Course Review: Cracking the Perimeter by Offensive Security


Image


Cracking the Perimeter (CTP) is the latest course offered by the team at Offensive Security. The course teaches expert level penetration skills including advanced tactics in web exploitation, binary manipulation and exploitation, and networking attacks. Building on material in the earlier course, Pentesting with Backtrack (PWB - Read Review), this offering provides intermediate students with a learning platform that can be used to become advanced practitioners of certain exploit methodologies. This review will attempt to provide a high-level overview of the course and set expectations for students who may be considering it.

Divided into a registration puzzle, five sections, and an exam, the course provides a more in-depth view of common web application exploits, binary analysis and backdoors, anti-virus evasion, techniques for exploitation using memory concepts, exploit writing, and network exploitation techniques. The end-of-course practical exam assures that the student has a true understanding of the course material presented, allowing employers and other security professionals to rely on the certification as a testament of capability, not only authority. 



Don
CISSP, MCSE, CSTA, Security+ SME
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Dec 01, 2010 10:30 am

Re: [Article]-Course Review: Cracking the Perimeter by Offensive Security

Great review, Ryan! As expected, the course sounds like a lot of fun.
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Wed Dec 01, 2010 10:40 am

Re: [Article]-Course Review: Cracking the Perimeter by Offensive Security

Good job.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Wed Dec 01, 2010 2:17 pm

Re: [Article]-Course Review: Cracking the Perimeter by Offensive Security

This review is excellent. It looks like assembly is pretty necessary for the course. Did you end up passing your OSCE challenge Linn (apollo)? Thanks for posting the review Don.

-Kris
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Dec 01, 2010 6:23 pm

Re: [Article]-Course Review: Cracking the Perimeter by Offensive Security

Nice review  :)

@xXxKrisxXx: Learning Assembly during the course or already knowing it is a very good idea.
Many parts of the course contains assembly language, so getting to know it is inevitable.

You don't have to be able to write assembly programs entirely yourself, but being able to understand most of what happens e.g. in a payload is not a bad idea at all  ;)

It's an awesome course, highly recommendable!
I'm an InterN0T'er
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Thu Dec 02, 2010 1:53 pm

Re: [Article]-Course Review: Cracking the Perimeter by Offensive Security

MaXe is spot on.  You don't have to be able to write assembly, but you generally need to get binary math (bit shifting, OR, AND, XOR etc) and you should have a base understanding of registers from PWB.  From there, if you have a good assembly reference you can look stuff up,  but the more you've dealt with looking at assembly the faster you will pick stuff up.

I did pass the OSCE.  I didn't pass it anywhere near as quickly as I did the OSCP.  OSCP took me between 6-8 hrs, OSCE took me 40 hrs total with a 4 hr nap, a 6 hr nap, and a few time taking the dog for 20 min walks cause I was frustrated :) 

In retrospect, I followed along with the course manual too closely when I was doing labs on my own.  Some of the things where I thought I understood them, I was wrong and then I figured it out on the test.  One challenge, had I done a better job of doing labs in the course, i would have taken something that took me about 10 hrs down to probably about 4 hrs.  Although, at this point, I REALLY understand it, but in retrospect I wish I had done a better job of going through some of the labs.
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Thu Dec 02, 2010 4:21 pm

Re: [Article]-Course Review: Cracking the Perimeter by Offensive Security

So my question becomes... How does it compare to Immunity's NOP. I'm curious about that particular exam. Maybe I'll gun for the OCSE come March
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Thu Dec 02, 2010 7:49 pm

Re: [Article]-Course Review: Cracking the Perimeter by Offensive Security

Hehe.. NOP is a funny little cert.  Immunity is still offering it it seems based on their site, but I think it started out as a marketing tool.  The deal was, get a random vulnerable binary, and see if you can write a working sploit in 45 mins using immunity debugger and their drag and drop sploit creation tool.  You end up having to understand how concepts like pattern offsets work to find offsets, and basically their tools help you a lot.  Their drag and drop sploit creation tool is pretty neat, but of course, it's all out of my personal price range. 

In all, unless you wanna do it for fun, NOP isn't going to teach you anything.  Going the OSCE path will teach you stuff unless you're already at a level where you think ASLR is a "cute defense" and laugh as you code around it or you don't deal with conventional exploitation any more because ROP is the future. 


I Reaaaaaalllly wanna take Advanced Windows Exploitation.  I wish it were offered more places than Black Hat.  I have heard some interesting things about SANS 660 and their 700 level exploit writing classes.  They are way more expensive though, so will have to figure out how to do that.
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Fri Dec 03, 2010 9:36 am

Re: [Article]-Course Review: Cracking the Perimeter by Offensive Security

I was planning on doing SANS SEC660 this next year in Orlando but I suspect if we wait a bit they will come out with a cert for it as well. I find myself naturally gravitating to trainings I can convert into more alphabet soup. It's becoming a disease.

I'm doing OPSE in Clearwater, FL www.isecom.org/opsefl in a couple weeks and am super excited about that as a long time OSSTMM fan. I opted for SEC/DEV (they keep changing it) 542 which is the GWAPT cert course and the 2 day Metasploit for Enterprise Pentesters course (even though there's no cert, its Metasploit!!) at Orlando SANS 2011 in March/April. I usually work the conference as a volunteer for reduced training costs. Only $800 (+ expenses) vs the $4,000 or so it normally costs and way better exposure to the SANS instructors and many of the volunteers/facilitators are top notch security pros in their own right.

In addition to the SANS Metasploit course, I'm also doing the Securitytube Metasploit videos and we are buying Metasploit Pro at my work and I added on a 2 day onsite MS Pro training piece as well so by next spring I should be a Metasploit guru between MSF and MS Pro. I hope.

All that being said, I am hugely interested in the CtP course and I really appreciate the review. This course as well as the SANS 660 and 710 courses are at the top of my list for where I want to be BEFORE I feel confident enough to really call myself a pentester. I do some pentest work internally which is about 15% of my duties but it's not what I would call high caliber since my work is primarily tool driven. It's a journey, that's for sure! Thanks again for the great review.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org

Return to Linn

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software