cd1zz wrote:oops, I missed Sil's second link. RWSP sounds gnarly.
That makes OSCP look like childs play.
RWSP was difficult for a few reasons. 1) The attack vectors weren't run of the mill Windows 2000, 2003, NT machines. They were mainly Windows 2008 servers, hardened Linux machines, etc 2) Whatever you were attacking, your attacks had to be stealth. During the exam, the opposing team was watching and countering what you did 3) You had to think outside of the normal box...
When I was doing the recon phase of the blackhat part of the exam, I fired off many decoys at my opponents and had those decoys running continuously. I did this because I was on the defending side the first day around. I saw what the opponents did when THEY tried to "pwn my team" and I saw how easy it was to detect them.
From my POV, I didn't have it in my budget to buy a firewall nor would my manager allow it. "WTF are you talking about..?
" The premise of the exam were you were corporate defenders with a budget and a set of real life rules. My managers wouldn't approve of a "block all" rule to defend myself. The reasoning was because it would affect e-commerce. Since they wouldn't allow this rule, (block in) I decided to use budget money to purchase "block OUT" rules.
Block out rules? Sure... Just because I need to allow e-commerce in, should not mean I should allow SSH OUT from a webserver. So I purchased my block OUT rules to slow them down via their subnet. From the offensive side, I had to make quick visios to understand what it is I was protecting and why...
Now back to the offense... I needed to make sure I was a needle in a haystack during my attacks. So what I did was fire off decoy scans every time I did something. This enabled confusion for those "watching out for me." Someone on the opposing team "swore" he saw me coming in and opted to use budget money to block an attacker... Bad move, he didn't diagram his network and ended up blocking his own connections which cost his team points...
This is what I mean thinking outside of the box... Now... The difference between this exam and say the OSCP is, you weren't given any information on offense or defense. You walked into a classroom for two days. Day one offense, day two defense (or vice versa). You had one of two objectives: own or protect. The targets were NOT static targets, you actively had to deal with people locking down machines while you were attacking. When I posted my firewall rule, someone had a partial pivot into my network... Followed by fail.
The exam helps you think outside of the box and work with people as a team. It enables you to see how others operate via sharing information, tactics and techniques. I wouldn't particularly take the exam without experience. I JUST
finished up signing the NDAs and other stuff for the RWSP, months after I've taken it. Was one of my favorite classes and definitely my personal favorite certification. I also happened to win the silver coin MVP for my team, so I was hyped. Wish I could do it again