Cracking the Perimeter and OSCE Review
by Keramas
After a short break from finishing up OSCP, I decided to plunge into more Offensive Security pain, and it was well worth it. With a much more focused curriculum, the Cracking the Perimeter course and the accompanying OSCE certification test was once again another amazing Offsec experience. With everything fresh in my mind, here are my personal thoughts and some advice for those who are gearing up to take the course.General Thoughts
Offensive Security is the best at explaining things. Hands down. I had already felt this way from PWK, but all of the case studies and teachings for CTP really drove this point home. While the lab may not be nearly as extensive and immersive as the PWK course, it gives you what you need to drill in the initial material, but then it is up to you to go out on your own and find ways to practice what you have learned. In terms of value for the price you pay, some may argue that the lab is lacking, and while I am guilty of thinking this way initially, I think the way the material was presented and taught was well worth the cost and my opinion definitely changed after the course was over.In terms of the other argument that the material is dated, who cares? I feel that this provides an awesome foundation of exploit development and arms you with the initial skills needed to grow more. You have to walk before you can run, and this course was awesome at building a base of knowledge to then take and look at more modern exploitation techniques.
I would definitely recommend this course to anyone who is interested in exploit development and advanced penetration testing techniques.
The Examination
For the OSCE exam you get a full 48 hours to complete the challenges, and an additional 24 hours to turn in the report. It sounds like a lot of time, but with proper rest and other functions necessary to keep your mind healthy and on point, I would say it is the perfect amount of time. The pressure is still very real, but I did not feel strapped for time.My exam started at 2PM, and I used most of the given time to complete all challenges and ensure I had everything needed for report documentation. This time frame included maintaining a schedule of breaks, which also contained some thinking time at the gym to overcome some of Offsec's usual curveballs. I had secured enough points to pass early on, but I strove for full completion of all objectives, which I was able to do. After completing my report and turning it in, I was happily greeted with an email about a day later stating that I had passed.
It was definitely a challenging exam, but as long as you take the time to exercise what you learned during the course on other things (see below), you will be in tip-top shape for the test. I would say that the real hold-ups for me were constant typos and other silly blunders that cost me a lot of time. It's hard to stay calm when you have epiphanies during the test, nerves are making you jittery, and adrenaline is rushing because its go-time, so if you run into a similar situation, try to stop for a moment to catch a breath.
Pre-course Knowledge / Preparation
Everyone's situation and background is different, but these are some of the things you should be comfortable with going into CTP (note that I say comfortable and not 'be a pro at'):- Scripting with Python
- Assembly
- Working knowledge of vanilla buffer overflows
- Basic shellcoding
There have been recommendations to do SLAE before taking OSCE, and while I can see that it would definitely help, it is by no means a prerequisite. I opted to go right for OSCE. However, this all depends on how much prior exposure you have to assembly, exploitation development, and shellcoding, so YMMV.
Study Materials and Further Practice
- Corelan Exploit Development Series
- https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
- I would recommend reading this stuff beforehand, but it is great to go back and read again after the course as well to drill in some of the techniques.
- Fuzzy Security
- http://fuzzysecurity.com/tutorials.html
- A great resource for deepening exploitation knowledge.
- Vulnserver
- https://github.com/stephenbradshaw/vulnserver
- Take the time to fuzz and exploit everything you can from this. It will allow you to practice much of what you learned and hone your creativity for exploitation development.
- ExploitDB
- https://www.exploit-db.com/platform/?p=Windows
- Hunt down some local exploits, download the vulnerable software, and try to develop the exploit from the ground up.
- Hack the Box
- https://www.hackthebox.eu/
- For the web application-side of things, this is indispensable for practice. HTB has a ton of great boxes to really test out-of-the-box thinking for web application hacking.
tags: