My OSCE journey

Day 1

I started the research process for my Offensive Security OSCE exam and I selected multiple PDF/web pages that might be useful to me in the preparation process for the Cracking the Perimeter course.

My lab time will start in 5 days and I believe that I am lacking multiple skills/knowledge, like everything related to Assembly, egg hunting, advanced exploit development.

I mainly selected resources from Abatchy’s OSCE study plan and converted the web pages to pdf and then joined all the PDFs together using pdfunite.

The result is a 300 page PDF file that will hopefully help me learn and pass the OSCE exam. I couldn’t print the PDF to my Xerox printer, so I had to open the file with Adobe Reader and do a “Save as”, to fix some errors.

No fancy solution here, but it worked…

Day 2

I printed my 300+ pages PDF file and started reading from it. I choose the Assembly part, because I suck at it.

I saw Muts explain how he got a 0day from HP OpenView NNM.

This presentation was actually beautiful and got me thinking that I could actually pull this off (if I sweat enough). If you passed OSCP you will actually understand easier what he is doing and why.

Day 3:

I received my CTP documentation from Offensive Security and I started to the watch the videos.

I am having some issues connecting to the VPN, but I get them sorted out the VPN server had some issues, now it’s working.

The first 2 chapters are easy to follow, most of them are making reference to web exploitation techniques that I have encountered in the OSCP.

In the 3rd chapter, the stuff begins to be interesting: portable executable stuff, code caves, execution hijacking, etc – this will need to be researched because this is where you start to encounter Assembly stuff more.

I am beginning to wonder if my short induction to Assembly was enough for my OSCE journey and if I really need to take the SLAE course from SecurityTube.

I also print my PDF from Offsec, because I find it easier to read/learn from paper-printed materials.

A Kindle friendly format would have done the job too, but that option is not available and the CTP PDF is not optimized for the Kindle, so paper is the solution.

Day 4:

I am not having the free time I would want and I manage to not study at all for 3-4 days.

I finally managed to go through all the video materials from Offensive Security.

The most accessible chapters seem to be the first two (Web Apps and Web foo) and the last one, chapter 9 – Cisco Gre sniffing.

Having more than 8 years of experience in the Networking/Telecom field, it was actually easy to follow the man-in-the-middle stuff from chapter 9. Unfortunately, I can’t say the same for the advanced buffer overflow stuff – the constant bouncing in the shellcode is difficult to follow at this time. However, I did understand the spike fuzzing part.

After watching the videos, I finally have a clear idea of what I need to do, in order to actually move forward with the Cracking the Perimeter course:

To do:

  1. I actually watched this a couple of months ago, but I need a refresh:

Assembly Primer For Hackers (Part 1) System Organization

2. Corelan SEH buffer overflow tutrial

3. Start working on the exercises. Write them very detailed, as if I would send them to Offsec.

Day 5

I am in fuzzer land right now. For my OCE certification and for some bug bounty rlated stuff, I decided to look into the fuzzers that people use these days.

Offensive Security recommends the spike fuzzer, but I find it difficult to use, so I started looking into other fuzzers.

Powerfuzzer seems easy to use, but it unstable. I also used sfuzzer, which seems versatile and easy to use.

I actually tested sfuzzer against my Asus router and I ended up liking it, so I’ll have to decide if I will replace spike with this one, but not sure if it’s the best idea.

</over&out> – for now

Posted in OSCE. Tagged with , , .

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.