Offensive Security CTP Course and OSCE Certification Review

After the OSCP exam, I promised myself that I was done with the suffering… I broke, and ended up on the Offensive Security Cracking The Perimiter (CTP) course to take things to the next level. The course is heavily debugger and assembly based, with a few web based modules and an interesting networking module. Before starting the course, I prepared by reading through the various tutorials on, taking the SecurityTube Linux Assembly Expert and Windows Explotation Megaprimer course, and making good headway into The Shellcoder’s Handbook. I didn’t find the course mind bending, however it was definitely difficult, and I did need to rework and practice one of the modules in particular a few times before I felt that I’d fully “got it”. I also found the tutorials at FuzzySecurity to be helpful in preparation. OSCE You are required to pass a challenge before even being able to pay and complete registration for the CTP course. The challenge gives a nice taste of what is to come in the course, with a series of steps required to crack it starting at obvious and finishing with something more interesting. After the prep, I signed up for CTP lab access. I used about 20 days of lab time and then took a week after to practice for about 4h each evening before taking the exam. While on the PWB/OSCP course and labs, completing all lab machines in multiple ways should put you in good shape for the exam, I didn’t find this to be the case on CTP/OSCE. After completing the CTP labs, I worked on a tool with another student to automate certain techniques that we’d learned in the labs. I also went ahead and re-read a lot of the exploitation tutorials on and manually produced several different exploits from scratch including the Ken Ward Zipper exploit and the Quickzip exploit, right from fuzz to shell. I’m glad that I put in this extra work, because I doubt I would have passed the exam in time without it. […]

By | May 9th, 2013|Training|2 Comments

Offensive Security PWB Course and OSCP Certification Review

I had read several positive reviews on Offensive Security’s PWB course, and decided to enrol a few months back. Having completed the course and passed the exam, I can confidently say that this is the best course that I’ve taken to date, and I’ll now expand on that a little. In terms of pricing, I think that for the course quality and depth, the cost is exceptionally low. The amount of work that has gone into the creation of the course and the extensive live training environment (labs) is obvious from the outset. The training itself is delivered through documentation and an audio/video series. All of the exercises are fully repeatable and practicable in the lab environment. The number of target machines within the lab environment and the complexity and detail of the setup is one of the biggest assets of the course. I’m not sure that a more comprehensive setup exists anywhere else. The range of different operating systems and vulnerable software is vast. OSCP I came from a background of extensive Linux system admin, LAMP web application development and LAMP pen testing. I’d done a few infrastructure pen tests, but nothing major, and this was my main reason for taking the course. My Linux experience was probably the biggest help throughout the course and while it is suggested that students have, “a solid understanding of TCP/IP, networking and reasonable Linux skills” on the offsec site, I cannot stress the importance of this enough. If I was unfamiliar with the Linux command line before starting this course, I would really have struggled and potentially bombed out half way through. I learned little major on those fronts of my existing experience however, I learned and practiced an absolute ton in areas that I hadn’t touched too often such as the exploitation of vulnerable windows services, advanced usage of metasploit, constructing and debugging win32 buffer overflows, generating different exploit payloads, and more topics than I can even list. […]

By | April 11th, 2013|Training|7 Comments

Review of the Firebrand CISSP Course and Exam

I took the CISSP bootcamp and certification at Firebrand training last month, and thought I’d write a quick review of the experience. I had previously taken the shorter PRINCE2 3 day project management course and certification with Firebrand and was very happy with the entire package. This was a 7 day bootcamp with an intensive 6 hour exam on the final day. These weren’t lazy days – we were regularly starting at or before 8am each morning, and working up until 7pm. After dinner there was usually more revision and material to be studied in private. Those that did the best on the course seemed to be the ones that immersed themselves in the environment rather than constantly checking and responding to emails, taking calls and so on. Overall, I have nothing but good things to say about the Firebrand experience. The courses aren’t cheap but you get what you pay for and the quality is fantastic. The bedrooms are by no means luxury however they don’t need to be, and they are more than comfortable for the short time spent in them. Three good meals are served each day in the restaurant, and there is plenty of choice. […]

By | April 8th, 2013|Training|5 Comments

Certified Ethical Hacker (CEH) Course and Exam Review

I took the CEH some time ago now, but I’ve only just got round to writing a review of the course and experience. I’ll start by saying that a lot of the reviews I had read before taking the course hadn’t been great, however the certification is recognised in industry, and it had caught my attention a couple of times after I’d seen it listed on requirement sheets for pen test contracts. I’d been doing a lot of web application pen testing, but hardly any infrastructure testing at the time, and this was something I was trying to get more heavily involved in. CEH Logo The gist of the negative reviews that I’d read had been that there was far too much focus on how many names of obscure ‘hacking tools’ amongst other irrelevant knowledge you can memorize and regurgitate on demand in multiple choice format. I set this aside, and decided I was going to take the certification anyway, simply because it was recognised and might be required in pen tests that I might want to go after in future. I remember looking at a few batches of sample questions online and deciding that I was just going to self-study for this – a lot of sample questions centered on basic TCP vs UDP, port numbering and networking type material and after checking out a couple of sources of sample questions, I estimated that I already had about 70% of the knowledge needed to pass the exam. I was surprised to see that if I chose to just buy the exam voucher, I would be penalized in terms of cost and additional fees, and would have to go through additional verification in order to get the certification as I had not been through “approved training”. I therefore decided to take the official EC-Council online training material which I studied over a period of 2 weeks before taking the exam. […]

By | April 7th, 2013|Training|7 Comments