The Offensive Security guys recommend taking the "Pentesting with Backtrack" course and successfully completing the OSCP exam challenge before you take the "Cracking the Perimeter" course. After the CTP class, you can take your Offensive Security Certified Expert exam challenge and if you pass, you become an OSCE. The OSCE course and exam challenge are significantly harder than the OSCP.
The OSCE is very different from the OSCP and I never thought I would even attempt the OSCE after the pain I endured from the OSCP. To take the Cracking the Perimeter course you have to pass an initial challenge before they will even take your money to sign up --> http://www.fc4.me/
You have to obtain the 16 byte registration key -- sounds simple enough, eh? This is their attempt to weed out the weak! I attempted this challenge one evening, just to see if I could do it. I managed to get the registration key and submit the registration form but now I had a real predicament on my hands. "Do I let the Offensive Security guys torture me again?" The answer was clearly YES, I need more pain.
So the journey begins.
There are some notable differences between this course and the OSCP course:
- The lab for the OSCE is not stocked full of vulnerable systems to compromise. In fact, its only a handful of boxes that you use to facilitate the course modules. Based on this, I would say you probably do not need the 60 days like I signed up for. That assumes you can dedicate 30 straight days on the material.
- They don't need an elaborate lab for this course because a lot of the material is on exploit development. Meaning, you can hit exploit-db and practice practice practice on your own VMs.
- In this course, you will live inside a debugger. You will become so comfortable with HEX and assembly that you will begin dreaming about EB 06. OSCP was about 5% in a debugger, OSCE is about 90%.
The material is very interesting and for the most part, still relevant today. There was one module on Anti Virus evasion that is a little dated, however this spawned additional research and I ended up finding a way to make Metasploit payloads 100% undetectable. That is a Metasploit bind shell :) I slightly expanded work that Scriptjunkie did on this subject. This is an example of how the Offensive Security guys opened up my eyes from the course and gave me ideas so I knew what to look for.
The videos and course lab guide are brilliantly put together, just like OSCP. Here is the process I used to learn the material:
- I watched all the videos and walked through each exercise in the lab as Muts narrated. Then, I went back and re-did everything on my own.
- After I completed the course modules I jumped on exploit-db and started recreating all of the buffer overflow exploits I could find. I would take one, strip out everything in the middle and try to get the same results. I probably recreated 50 exploits. The point of this was to get very familiar inside a debugger and to see first hand some of the obstacles you encounter when writing exploits.
- I would revisit the videos and course lab guide as needed.
Well, I wasn't ready..... at all. I failed the first exam. I only had 1/3 of the points I needed to pass. The exam is very hard but not impossible. This was the first time I have failed at something in a long time and it was a serious ego check. Not to mention I worked 17 straight hours the first day and another 15 the second day. Part of me wanted to throw the towel in because I had already learned much more than I ever thought possible and I wondered if the cert was really worth it. I thought I had reached my technical limit. That thought didn't last too long. I continued to perfect my skills and took the exam again about 3 weeks later. This time I was ready and passed. What an incredible feeling.
While I was practicing the exploitation techniques they taught me and trying to expand my skills, I managed to find a few software bugs on my own. Most of them are boring DoS, but one was a remote code execution buffer overflow.
I'm not sure I can recommend this course to everyone, it's pretty gnarly but again, brilliantly put together by Offensive Security. They certainly give you the tools to help you succeed, but as usual, they don't tell you everything you need to know. The content in this course is fascinating and if you're a security junkie you will find it thoroughly entertaining. It's too bad this cert doesn't get more notoriety because I have a much better grasp on more things security, much more than I did with OSCP. Two times now the Offensive Security folks have expanded what I thought was possible and it has really helped me in so many areas.
There is so much information to know in the infosec industry and this process taught me something important. To excel at the fastest pace possible in infosec I think you need to be on the edge of going crazy. What I mean is that there is too much to know and the only way to continue learning at an accelerated pace is to be on the edge of too much information. This is a fine line and if you can learn to balance it with your home/family life, you're in good shape, otherwise you'll go nuts.
Thanks again to offsec for making me a little more crazy and at the same time opening my eyes up to the significant issues infosec faces. At least I have a little better idea how to secure my networks and what to watch out for.