.

OSCE vs OSCP

<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Feb 08, 2011 8:09 am

OSCE vs OSCP

Hey,

I am about to start Offensive-Security "Cracking the Perimeter (CTP)" course, which leads to the OSCE exam.

Having done "Pentesting with Backtrack (PWB)", I now the guys at Offensive-Security will once again provide me with a tough but excellent course.

To get ready, I have spent the last 2 weeks getting back to Intel x86 Assembly programming. Call me crazy, but I actualy enjoy coding in assembly! I bought a 60 day lab package and my goal is, in order:

1) Go through all videos and do all exercises.

2) Start hacking machines in the lab and build my "toolbox".

3) After the lab time is over, spend a month or two in my own lab working on my weaknesses.

4) Once I feel I master what is in the course content, buy another 30 days of lab and start getting ready for the exam.

So for those who have done both courses, did you change your approach from PWB to CTP?

I am very excited to start this course! I am ready to suffer once again!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Tue Feb 08, 2011 10:49 am

Re: OSCE vs OSCP

Ha, you masochist!  ;) I admire your will to learn!

I think the greatest advantage you have right now is that you know how Offensive Security works. By now you know what approach they want to see when you attack a box and what technical techniques they like to see when you exploit it. And last but not least, you will know the suffering involved to reach the goal but that is something you like, apparently  :P
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Feb 08, 2011 11:22 am

Re: OSCE vs OSCP

No pain, no gain!  ;D

Seriously, I pay for my training and being a consultant, I don't get paid when I sit in a classroom. So only training is good for me. In addition, as you know, Offensive Security provides excellent training materials. So to me, it is the best bang for my buck.

And like you mentioned, I will approach this course completely differently than PWB. A lot more seriously and more I am way more humble.

Last thing, I believe that if I aim low, I will get low results. But if I aim high, it either works or I would have learn a ton of things! Either way, I win!

I took a good study break and finish my kitchen's floor. Nothing better than manual work to relax from studying!  ;D
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

TheXero

User avatar

Full Member
Full Member

Posts: 112

Joined: Tue Dec 07, 2010 12:24 pm

Post Tue Feb 08, 2011 11:26 am

Re: OSCE vs OSCP

Good luck :)

MaXe (InterN0T) recently passed his OSCE exam and I'm sure he's more than willing to give you a few pointers to ease the pain if you ask :)

I believe OSCE/CTP is mostly about finding 0days whereas OSCP/PWB is about writing basic exploits and Penetration testing in general

So yeah you Try Harder! hehe
<<

mambru

Jr. Member
Jr. Member

Posts: 98

Joined: Wed Jun 03, 2009 3:11 pm

Post Tue Feb 08, 2011 11:53 am

Re: OSCE vs OSCP

Hey H1t M0nk3y,

Glad to hear you will be pursuing OSCE.

Right now I'm halfway with the CTP training, and I don't think the approach from PWB fits here, since you don't have a similar environment where you are free to attack and compromise whatever you want. Once you receive your material you'll understand what I mean.

Good luck!
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Feb 08, 2011 1:11 pm

Re: OSCE vs OSCP

I don't think the approach from PWB fits here, since you don't have a similar environment where you are free to attack and compromise whatever you want.

So you don't have a lab with many machines to compromize?!?

Humm, I didn't know that. There is something you are not allow to say?

Now you got me thinking!!  :D
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

apollo

Full Member
Full Member

Posts: 146

Joined: Fri Apr 04, 2008 7:44 pm

Post Tue Feb 08, 2011 4:07 pm

Re: OSCE vs OSCP

The thing that will help you most in OSCE is to verify you really understand each lesson as it is presented.  For instance, you will be walked through an exercise, then you will have to complete it on your own.  You should try this:

1) Do the exercise with the video
2) At end of chapter, re-create the exercise referencing the manual
3) Rinse and Repeat until you don't need to reference the manual at all

This takes more time, but the worst time to figure out that you didn't really get what was going on is during the exam.  Also, don't be afraid to reference other material.  When I didn't get the explanation of something, I hit up google and on occasion found some complimentary stuff which helped. 
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Feb 08, 2011 5:46 pm

Re: OSCE vs OSCP

H1t -

I am 5 weeks into OSCE. It's quite different than OSCP which I passed a few months ago. The lab is small and there are not 50 extra boxes to pop in this compared to OSCP. Extra practice is really on your own. I've been talking with other OSCEs and found out that a good way to practice is to hit exploit-db and try to recreate the exploits you see there. For example, take an exploit and write it in a different language from scratch or use a different method like an egghunter if that wasnt used in the original exploit. Also download DVWA and try to pwn it in your sleep.

The course material and video modules for this are so gnarly. I love it. I honestly thought it would all be way over my head but if you put the time in, you'll get it. It's another tremendously well thought out and challenging course. I'll be taking the challenge in about a month.

-C
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Feb 08, 2011 8:17 pm

Re: OSCE vs OSCP

Thanks guys for your feedback!

1) Do the exercise with the video
2) At end of chapter, re-create the exercise referencing the manual
3) Rinse and Repeat until you don't need to reference the manual at all

That's what I learned the hard way for OSCP. Understanding what they do in the videos is quite easy compare to doing it yourself. I take good note of this.


I've been talking with other OSCEs and found out that a good way to practice is to hit exploit-db and try to recreate the exploits you see there. For example, take an exploit and write it in a different language from scratch or use a different method like an egghunter if that wasnt used in the original exploit. Also download DVWA and try to pwn it in your sleep.

That's a good idea. I will keep this in mind.


I have another question: How good should you be in Assembly? I am currently going through Vivek's video (www.securitytube.net) and it is going quite well. It's been 13 years since I used it in university and I was pretty rusty. My guess is I will know enough for OSCE after I am don with these videos. At the very least, I should be able to read 90% of any assembly code without reference. Am I going too far or not enough?

Thanks for these great replies.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Feb 08, 2011 8:47 pm

Re: OSCE vs OSCP

You've already done more than I did before I started. I had basic assembly knowledge but I can assure you, if you listen and watch Mati intently in the videos, he drops little hints a long the way that give you an idea of what is "possible." I feel 1000% times better in a debugger than I did when I started just by watching and re-watching the videos and then re-creating the modules.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Wed Feb 09, 2011 3:19 am

Re: OSCE vs OSCP

wow, all this sounds exciting! It almost makes me want to quit my "time off" and start with it right now! Anyway, i want to wish H1t M0nk3y good luck and i am sure it will be a blast to give it a try!
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Feb 09, 2011 8:21 pm

Re: OSCE vs OSCP

You guys can be sure I will post my comments!
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu Feb 10, 2011 12:27 pm

Re: OSCE vs OSCP

H1t M0nk3y wrote:1) Go through all videos and do all exercises.

2) Start hacking machines in the lab and build my "toolbox".

3) After the lab time is over, spend a month or two in my own lab working on my weaknesses.


Good luck! You will need it  ;D

1) Watch the videos => Read the document. I used the same approach and it's also what they recommend I think  :)

2) You don't need a huge toolbox, besides pure hacking skills in your mind. Knowing Web Application Security and e.g. PHP is a good idea too though, along with Exploit Development of Buffer Overflows (etc), Fuzzing, Protocol Attacks, etc.

3) Excellent idea, know your strengths and your weaknesses. That is one of the ways to succeed.


The most important thing is that if you don't understand something in one of the modules, take your time to research about it so you understand exactly what was covered during the course, and try to go beyond so you know more than what is covered during the course, when you're attempting the examination.

Feel free to message me on IRC, I'm usually idling there 24/7 but I'm of course also online on occasion  :)
I'm an InterN0T'er
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Feb 11, 2011 1:37 pm

Re: OSCE vs OSCP

Thanks MaXe!

I will be contacting you on OffSec IRC shortly!

My last question is: Would you guys think it is ok to use backtrack 4 R2 for the course or should I use a custom version for the course?

Other than that, I am done going through Vivek's videos on Assembly. So I am where I wanted to be before my course starts.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Fri Feb 11, 2011 1:38 pm

Re: OSCE vs OSCP

R2 is fine - that's what I'm using.
Next

Return to OSCP - Offensive Security Certified Professional

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software