Tuesday, 5 July 2011

I've passed the OCSE (Offensive Security Certified Expert) exam

I didn't blog much last month, as I have been researching and studying hard.

Anyway, I am pleased to announce that I have passed the Offensive Security Certified Expert exam (OSCE), which is the certification for the "Cracking The Perimeter" course I took earlier this year.

This is a monster 48 hour exam (+24 hours for documentation). It covers techniques such as advanced web attacks, vulnerability discovery, exploit development, custom payload creation, detection avoidance, and advanced network attacks.

It's pretty specialized stuff (you have to pass a hacking challenge to even register for the course, and trust me, if you can't pass that challenge, you are definitely not ready ;o)


The CTP course was great, though I would say that anyone attempting the OCSE certification needs to do a lot of extra practice and study, to get to the level where they can creatively and confidently exploit various different types of systems and applications (especially some exploit-development research) before they take the exam.

It's definitely one of the most challenging certifications I have done (I have done quite a few recently) - and I feel that my skill levels have shot up as a result.

My next plans are
1) Continuing my research project
2) Taking the GWAPT exam
3) Crest CHECK Certification (which seems to be very important for pen-testing jobs in the UK)

26 comments:

  1. Congratulation!!

    ReplyDelete
  2. Congratulations first of all. Since you mentioned that you have tried and succeeded in various certifications, can you make a post about them if you have time? I'm interested in getting one or two entry level certifications but I'm not sure which will help me more. I'm thinking of Security+ and then move to PWB (Penetration Testing Training with BackTrack) from the Offensive-Security guys. What are your thoughts? Thanks :)

    ReplyDelete
  3. Just noticed that PWB is actually OSCP that you passed already! http://insidetrust.blogspot.com/2011/04/passed-oscp-im-back-and-blogging.html

    Now, if you could only share some info about all these certs and what you would recommend, it would be great! :)

    PS. Also looking at CCNA as a more networking-related cert rather than purely security (yeah, I know, a ton of certs out there, and I'm not sure where to begin)

    PS2. Sorry for flooding your blog a bit :P

    ReplyDelete
  4. The challenge is to help make sure you are ready for the course. If you can't figure it out yet, then you are probably not ready yet.

    ReplyDelete
  5. bruteforce,
    I would recommend doing something like the CEH course or maybe a SANS before starting OSCP, but the most important things to help you are a good familiarity with both Linux and Windows - and a very keen interest in security.

    ReplyDelete
  6. Hi!

    I'm working hard on CTP modules and other exploits to prepare for the OSCE exam.
    I'm looking for some information about the exam, as there are many skills to be improved...
    Can you tell me how is the exam layout? I mean: do they indicate a vulnerable application
    and I have to fuzz, find a vulnerability and create the exploit? Or they indicate a known
    vulnerability (ie: indicating a CVE number) so I have some additional information
    (maybe a PoC)? Is there any web application exploitation or just "Olly games"?
    Can you indicate some vulnerabilitys/applications which I can try exploiting that will help
    me enhancing the required skills to pass the exam? Any tip will help me so much!

    Thanks and congratulations,

    Mateus Tymbu.

    ReplyDelete
  7. Hi,
    This course and exam are about exploit development, so you will need to fuzz, enumerate, alter things and find "new" issues.

    No CVEs will help you (this is not OSCP).

    Practice all the skill from the course, and get really familiar with Olly and a fuzzer like spike. Practice you web application hacking also.

    Best of luck
    Ben

    ReplyDelete
  8. do you read additonal books before or within the course duration, like art of exploitation or shellcoder handbook or the course material is more than enough?

    ReplyDelete
  9. Anonymous,
    Get very familiar with Ollydbg or Immunity debugger.

    I would also recommend the "Web Application Hackers Handbook". WAHH is probably the best book on hacking I have ever read.

    Ben

    ReplyDelete
  10. About to start (Sunday, Feb 5) OSCE. Nice to see yet one more success story. Looking forward to being 'beat up' and to the always infamous 'Try Harder'

    - hayabusa

    ReplyDelete
    Replies
    1. Being beaten up a bit is part of the fun, and a great way to learn ;o)

      Delete
  11. Hi, I came across your blog recently and while I don't understand almost any of the technical stuff you talk about I have been enjoying it. I want to ask you for some advice and couldnt find a contact me section. Im relatively new to all this and im in college taking some intro programming classes, started messing around with a couple different linux distros, and teaching my self python. I was wondering if you could make a post on how to get started in doing what you do as a career. I was thinking of majoring in CS and then I met some guy who does what you do (penetration testing and stuff) and I feel like i finally found something that interests me and i could eagerly spend the rest of my life doing haha Id love a response, thanks

    ReplyDelete
  12. I need to have deep undestanding of dep/aslr bypass. i know Immunity debugger,windbg,ollydbg. Is assembly language necessary to dep/aslr bypass. for instance i dont what is ROP how it is calculated.

    Thanks

    ReplyDelete
  13. Mostly people have all the same things when they are writing academic task or any other writing, especially light music most people like during the writing.

    subway surf , baixar subway surf, subway surf download , download subway surf

    ReplyDelete
  14. You need to have time to take care of the active. It in fact was a amusement account it. Look advanced to far added agreeable from you.
    banana kong ,
    banana kong baixar ,
    baixar banana kong ,
    download banana kong

    ReplyDelete
  15. You need to have time to take care of the active. It in fact was a amusement account it. Look advanced to far added agreeable from you.
    Hotmail
    Hotmail Iniciar Sesión
    Iniciar Sesión
    Iniciar Sesión Hotmail
    Iniciar Sesión
    Iniciar Sesión Hotmail

    ReplyDelete
  16. Mostly people have all the same things when they are writing academic task or any other writing, especially light music most people like during the writing.
    dream league soccer download , dream league soccer apk , download dream league soccer , dream league soccer

    ReplyDelete
  17. Mostly people have all the same things when they are writing academic task or any other writing, especially light music most people like during the writing.
    facebook iniciar sesión , facebook, iniciar sesion , iniciar sesion facebook

    ReplyDelete
  18. I really thank you for the valuable info on this great subject and look forward to more great posts. Thanks a lot for enjoying this beauty article with me.

    geometry dash pc, geometry Dash, geometry dash lite, geometry dash play, geometry dash online

    ReplyDelete
  19. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software. And after hours of work stress you can also

    Square Quick
    Square Quick
    Square Quick
    Square Quick
    Square Quick

    ReplyDelete
  20. You need to have time to take care of the active. It in fact was a amusement account it. Look advanced to far added agreeable from you.

    entrar hotmail agora , hotmail entrar, entrar hotmail , entrar no hotmail

    ReplyDelete
  21. Life becomes more interesting and wonderful when you share your memorable moments with friends and family through unique photographs. You can create your own unique style impressed with image editing software. And after hours of work stress you can also

    whatsapp messenger
    baixar whatsapp
    whatsapp plus
    download whatsapp
    whatsapp baixar

    ReplyDelete
  22. Very interesting blog. Alot of blogs I see these days don't really provide anything that I'm interested in, but I'm most definately interested in this one. Just thought that I would post and let you know. Nice! thank you so much!
    geometry dash 2.0 l geometry dash 2.0 apk l geometry dash online l geometry dash 2.0 download l geometry dash

    ReplyDelete
  23. Your blog posts are more interesting and impressive. I think there are many people like and visit it regularly, including me.I actually appreciate your own position and I will be sure to come back here.
    b612 l b612 app l baixar b612 l download b612 l b612 apk

    ReplyDelete