After the OSCP exam, I promised myself that I was done with the suffering… I broke, and ended up on the Offensive Security Cracking The Perimiter (CTP) course to take things to the next level. The course is heavily debugger and assembly based, with a few web based modules and an interesting networking module. Before starting the course, I prepared by reading through the various tutorials on Corelan.be, taking the SecurityTube Linux Assembly Expert and Windows Explotation Megaprimer course, and making good headway into The Shellcoder’s Handbook. I didn’t find the course mind bending, however it was definitely difficult, and I did need to rework and practice one of the modules in particular a few times before I felt that I’d fully “got it”. I also found the tutorials at FuzzySecurity to be helpful in preparation.
You are required to pass a challenge before even being able to pay and complete registration for the CTP course. The challenge gives a nice taste of what is to come in the course, with a series of steps required to crack it starting at obvious and finishing with something more interesting.
After the prep, I signed up for CTP lab access. I used about 20 days of lab time and then took a week after to practice for about 4h each evening before taking the exam.
While on the PWB/OSCP course and labs, completing all lab machines in multiple ways should put you in good shape for the exam, I didn’t find this to be the case on CTP/OSCE. After completing the CTP labs, I worked on a tool with another student to automate certain techniques that we’d learned in the labs. I also went ahead and re-read a lot of the exploitation tutorials on Corelan.be and manually produced several different exploits from scratch including the Ken Ward Zipper exploit and the Quickzip exploit, right from fuzz to shell. I’m glad that I put in this extra work, because I doubt I would have passed the exam in time without it.
Read the rest of this entry »