A review of Encription’s QSTM training course

July 23rd, 2013

I took the QSTM training course from Encription at the beginning of the year, and I wanted to put together a quick review. From the outset, I found Ian who was my trainer on the course to be highly professional and technically competent. He had a thorough grasp of the material being taught and was able to answer a whole range of my questions without any difficulty.



My best advice is to come prepared with some basic Linux command line knowledge (I’d recommend the Backtrack/Kali distribution), and an understanding of networking and common protocols. The course itself covers a range of both technical and non technical theory, however practical techniques are taught from the outset and the pace of this increases throughout the course. This course was anything but a ‘death by powerpoint’ seminar! The QSTM itself is a certification provided by TigerScheme, and a portion of the course is dedicated to the requisite understanding of the TigerScheme structure and code of conduct.

Once done, we moved immediately on to the different steps required during a penetration test and started some practical work in the controlled lab environment. The pace picked up quickly from there with each day including some theory followed by lots of practical hands on work ranging from Windows and Linux exploitation to web application and social engineering techniques.

The course itself is relatively entry level and I highly recommend it for junior pen testers as well as developers, system administrators and technical managers looking for a solid foundation in penetration testing. Encription has a relationship with a nearby hotel, and the room, dining and facilities there were more than sufficient. Everything else needed during the week including lunches and materials are included.

The last day of the week’s course was dedicated to the exam, covering a multiple choice, essay based questions, a practical assessment and a viva (spoken). The viva involves discussing the findings of the practical assessment with the assessor and answering his questions to confirm that you have a good understanding of what you’ve done and why during the practical assessment rather than just regurgitating commands. The exam wasn’t tough and I was pleased with my performance.

Once complete, the exam output is sent to the University of Glamorgan for assessment and marking, and there’s a 2-3 week wait for the results. I was pretty confident and fortunately I passed! I can’t recommend the course enough – not only was it educational and a good course to have under my belt, but it was also good fun and highly enjoyable. Encription made me feel very comfortable throughout the course.

I’m currently studying and practicing for the TigerScheme SST (Senior Security Tester) which is significantly more difficult for the QSTM. I’m not sure that I expect to pass first time, although I’m going to go as prepared as possible and give it my best.

Offensive Security CTP Course and OSCE Certification Review

May 9th, 2013

After the OSCP exam, I promised myself that I was done with the suffering… I broke, and ended up on the Offensive Security Cracking The Perimiter (CTP) course to take things to the next level. The course is heavily debugger and assembly based, with a few web based modules and an interesting networking module. Before starting the course, I prepared by reading through the various tutorials on Corelan.be, taking the SecurityTube Linux Assembly Expert and Windows Explotation Megaprimer course, and making good headway into The Shellcoder’s Handbook. I didn’t find the course mind bending, however it was definitely difficult, and I did need to rework and practice one of the modules in particular a few times before I felt that I’d fully “got it”. I also found the tutorials at FuzzySecurity to be helpful in preparation.



You are required to pass a challenge before even being able to pay and complete registration for the CTP course. The challenge gives a nice taste of what is to come in the course, with a series of steps required to crack it starting at obvious and finishing with something more interesting.

After the prep, I signed up for CTP lab access. I used about 20 days of lab time and then took a week after to practice for about 4h each evening before taking the exam.

While on the PWB/OSCP course and labs, completing all lab machines in multiple ways should put you in good shape for the exam, I didn’t find this to be the case on CTP/OSCE. After completing the CTP labs, I worked on a tool with another student to automate certain techniques that we’d learned in the labs. I also went ahead and re-read a lot of the exploitation tutorials on Corelan.be and manually produced several different exploits from scratch including the Ken Ward Zipper exploit and the Quickzip exploit, right from fuzz to shell. I’m glad that I put in this extra work, because I doubt I would have passed the exam in time without it.
Read the rest of this entry »

Offensive Security PWB Course and OSCP Certification Review

April 11th, 2013

I had read several positive reviews on Offensive Security’s PWB course, and decided to enrol a few months back. Having completed the course and passed the exam, I can confidently say that this is the best course that I’ve taken to date, and I’ll now expand on that a little.

In terms of pricing, I think that for the course quality and depth, the cost is exceptionally low. The amount of work that has gone into the creation of the course and the extensive live training environment (labs) is obvious from the outset. The training itself is delivered through documentation and an audio/video series. All of the exercises are fully repeatable and practicable in the lab environment. The number of target machines within the lab environment and the complexity and detail of the setup is one of the biggest assets of the course. I’m not sure that a more comprehensive setup exists anywhere else. The range of different operating systems and vulnerable software is vast.



I came from a background of extensive Linux system admin, LAMP web application development and LAMP pen testing. I’d done a few infrastructure pen tests, but nothing major, and this was my main reason for taking the course. My Linux experience was probably the biggest help throughout the course and while it is suggested that students have, “a solid understanding of TCP/IP, networking and reasonable Linux skills” on the offsec site, I cannot stress the importance of this enough. If I was unfamiliar with the Linux command line before starting this course, I would really have struggled and potentially bombed out half way through. I learned little major on those fronts of my existing experience however, I learned and practiced an absolute ton in areas that I hadn’t touched too often such as the exploitation of vulnerable windows services, advanced usage of metasploit, constructing and debugging win32 buffer overflows, generating different exploit payloads, and more topics than I can even list.
Read the rest of this entry »

Review of the Firebrand CISSP Course and Exam

April 8th, 2013

I took the CISSP bootcamp and certification at Firebrand training last month, and thought I’d write a quick review of the experience.

I had previously taken the shorter PRINCE2 3 day project management course and certification with Firebrand and was very happy with the entire package. This was a 7 day bootcamp with an intensive 6 hour exam on the final day. These weren’t lazy days – we were regularly starting at or before 8am each morning, and working up until 7pm. After dinner there was usually more revision and material to be studied in private. Those that did the best on the course seemed to be the ones that immersed themselves in the environment rather than constantly checking and responding to emails, taking calls and so on. Overall, I have nothing but good things to say about the Firebrand experience. The courses aren’t cheap but you get what you pay for and the quality is fantastic. The bedrooms are by no means luxury however they don’t need to be, and they are more than comfortable for the short time spent in them. Three good meals are served each day in the restaurant, and there is plenty of choice.
Read the rest of this entry »

Certified Ethical Hacker (CEH) Course and Exam Review

April 7th, 2013

I took the CEH some time ago now, but I’ve only just got round to writing a review of the course and experience. I’ll start by saying that a lot of the reviews I had read before taking the course hadn’t been great, however the certification is recognised in industry, and it had caught my attention a couple of times after I’d seen it listed on requirement sheets for pen test contracts. I’d been doing a lot of web application pen testing, but hardly any infrastructure testing at the time, and this was something I was trying to get more heavily involved in.

CEH Logo

CEH Logo

The gist of the negative reviews that I’d read had been that there was far too much focus on how many names of obscure ‘hacking tools’ amongst other irrelevant knowledge you can memorize and regurgitate on demand in multiple choice format. I set this aside, and decided I was going to take the certification anyway, simply because it was recognised and might be required in pen tests that I might want to go after in future. I remember looking at a few batches of sample questions online and deciding that I was just going to self-study for this – a lot of sample questions centered on basic TCP vs UDP, port numbering and networking type material and after checking out a couple of sources of sample questions, I estimated that I already had about 70% of the knowledge needed to pass the exam. I was surprised to see that if I chose to just buy the exam voucher, I would be penalized in terms of cost and additional fees, and would have to go through additional verification in order to get the certification as I had not been through “approved training”. I therefore decided to take the official EC-Council online training material which I studied over a period of 2 weeks before taking the exam.
Read the rest of this entry »