Tuesday 5 July 2011

I've passed the OCSE (Offensive Security Certified Expert) exam

I didn't blog much last month, as I have been researching and studying hard.

Anyway, I am pleased to announce that I have passed the Offensive Security Certified Expert exam (OSCE), which is the certification for the "Cracking The Perimeter" course I took earlier this year.

This is a monster 48 hour exam (+24 hours for documentation). It covers techniques such as advanced web attacks, vulnerability discovery, exploit development, custom payload creation, detection avoidance, and advanced network attacks.

It's pretty specialized stuff (you have to pass a hacking challenge to even register for the course, and trust me, if you can't pass that challenge, you are definitely not ready ;o)


The CTP course was great, though I would say that anyone attempting the OCSE certification needs to do a lot of extra practice and study, to get to the level where they can creatively and confidently exploit various different types of systems and applications (especially some exploit-development research) before they take the exam.

It's definitely one of the most challenging certifications I have done (I have done quite a few recently) - and I feel that my skill levels have shot up as a result.

My next plans are
1) Continuing my research project
2) Taking the GWAPT exam
3) Crest CHECK Certification (which seems to be very important for pen-testing jobs in the UK)

26 comments:

  1. Congratulation!!

    ReplyDelete
    Replies
    1. ACTIVE & FRESH CC FULLZ WITH BALANCE
      Price $5 per each CC

      US FRESH, TESTED & VERIFIED SSN LEADS
      $1 PER EACH
      $5 FOR PREMIUM

      *Time wasters or cheap questioners please stay away
      *You can buy for your specific states too
      *Payment in advance

      CC DETAILS
      =>CARD TYPE
      =>FIRST NAME & LAST NAME
      =>CC NUMBER
      =>EXPIRY DATE
      =>CVV
      =>FULL ADDRESS (ZIP CODE, CITY/TOWN, STATE)
      =>PHONE NUMBER,DOB,SSN
      =>MOTHER'S MAIDEN NAME
      =>VERIFIED BY VISA
      =>CVV2

      SSN LEADS INFO
      First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number | Home Owner | IP Address |MMN | Income

      Contact Us

      -->Whatsapp > +923172721122
      -->Email > leads.sellers1212@gmail.com
      -->Telegram > @leadsupplier
      -->ICQ > 752822040

      *Hope for the long term deal
      *If you buy leads in bulk, I'll definitely negotiate
      *You can ask me for sample of Lead for demo

      US DUMP TRACK 1 & 2 WITH PIN CODES ALSO AVAILABLE

      Delete
    2. Hey Guys !

      USA Fresh & Verified SSN Leads with DL Number AVAILABLE with 99.9% connectivity
      All Leads have genuine & valid information

      **HEADERS IN LEADS**
      First Name | Last Name | SSN | Dob | DL Number | Address | City | State | Zip | Phone Number | Account Number | Bank Name | Employee Details | IP Address

      *Price for SSN lead $2
      *You can ask for sample before any deal
      *If anyone buy in bulk, we can negotiate
      *Sampling is just for serious buyers

      ==>ACTIVE, FRESH CC & CVV FULLZ AVAILABLE<==
      ->$5 PER EACH

      ->Hope for the long term deal
      ->Interested buyers will be welcome

      **Contact 24/7**
      Whatsapp > +923172721122
      Email > leads.sellers1212@gmail.com
      Telegram > @leadsupplier
      ICQ > 752822040

      Delete
    3. ++{Hi Everyone}++

      We are providing all type of FULLZ. Freshly spammed & verified FULLZ with good quality.
      *Bulk quantity also available*

      -->Details Available In Fullz<--
      o>SSN+don+address & SSN+dob+DL+Address
      o>Employee & Bank Account Details will be given on demand
      o>High CS Fullz with complete info
      o>Fullz for SBA, PUA, E-filling & Return Filling

      **PING ME ON**
      -->ICQ >> 752822040 -->Telegram >> @leadsupplier -->Skype >> Peeterhacks

      TOOLS & TUTORIALS AVAILABLE
      -->All Types of Tools & Tutorials also available for Learning Ethical Hacking, Carding & Spamming<--
      Working & genuine tools with good validity you can get on few taps.

      o>Ethical Hacking Ebooks, Tools & Tutorials
      o>Penetration Testing
      o>Trojan using PHP
      o>Bitcoin Cracker
      o>Kali Linux
      o>DUMPS with pins track 1 and 2 with & without pin
      o>RAT's
      o>Keylogger & Keystroke Logger
      o>Whatsapp Cracked Version
      o>Robotics
      o>BTC Flasher
      o>SQL Injector
      o>BTC Cracker
      o>SMTP Linux Root
      o>Shell Scripting
      o>SMTP's, Safe Socks, Rdp's brute
      o>PHP mailer
      o>SMS Sender & Email Blaster
      o>Cpanel
      o>Server I.P's & Proxies
      o>Viruses & VPN's
      o>HQ Email Combo's

      +All tools are genuine & valid.
      +Feel free to asked for any tool & tutorial.

      **HIT ME UP ON**
      -->ICQ >> 752822040 -->Telegram >> @killhacks -->Skype >> Peeterhacks

      Delete
    4. QUALITY SSN DOB DL HIGH CREDIT SCORES Leads
      CC with CVV Fullz (USA, UK, CANADA)
      Tutorials & E-Books For Ethical Hacking
      Tools For Everything You Need

      I'm On Telegram = @killhacks & I C Q = 752822040

      Stuff available for
      (Spamming, Carding, Ethical Hacking, LINUX, Programming, Scripting, etc. )

      Deals in all kind of Tools, Tutorials, E-books, Leads/Fullz/Pros
      Availability 24/7
      FASTEST DELIVERY

      Build Your Own Business with proper guide & Legit Tools
      Always glad to serve

      GOOD LUCK
      Here I'm:
      I C Q = 752822040
      Tele-gram = @killhacks

      Delete
  2. Replies
    1. QUALITY SSN DOB DL HIGH CREDIT SCORES Leads
      Tutorials & E-Books For Ethical Hacking
      Tools For Everything You Need

      I'm On Telegram = @killhacks & I C Q = 752822040

      Stuff for Learning purpose
      (Spamming, Ethical Hacking, LINUX, Programming, etc. )

      Deals in all kind of Tools, Tutorials, E-books, Leads/Fullz/Pros
      Availability 24/7
      FASTEST DELIVERY

      Build Your Own Business with proper guide
      Always glad to serve

      GOOD LUCK
      Here I'm:
      I C Q = 752822040
      Tele-gram = @killhacks

      Delete
  3. Congratulations first of all. Since you mentioned that you have tried and succeeded in various certifications, can you make a post about them if you have time? I'm interested in getting one or two entry level certifications but I'm not sure which will help me more. I'm thinking of Security+ and then move to PWB (Penetration Testing Training with BackTrack) from the Offensive-Security guys. What are your thoughts? Thanks :)

    ReplyDelete
  4. Just noticed that PWB is actually OSCP that you passed already! http://insidetrust.blogspot.com/2011/04/passed-oscp-im-back-and-blogging.html

    Now, if you could only share some info about all these certs and what you would recommend, it would be great! :)

    PS. Also looking at CCNA as a more networking-related cert rather than purely security (yeah, I know, a ton of certs out there, and I'm not sure where to begin)

    PS2. Sorry for flooding your blog a bit :P

    ReplyDelete
  5. The challenge is to help make sure you are ready for the course. If you can't figure it out yet, then you are probably not ready yet.

    ReplyDelete
  6. bruteforce,
    I would recommend doing something like the CEH course or maybe a SANS before starting OSCP, but the most important things to help you are a good familiarity with both Linux and Windows - and a very keen interest in security.

    ReplyDelete
  7. Hi!

    I'm working hard on CTP modules and other exploits to prepare for the OSCE exam.
    I'm looking for some information about the exam, as there are many skills to be improved...
    Can you tell me how is the exam layout? I mean: do they indicate a vulnerable application
    and I have to fuzz, find a vulnerability and create the exploit? Or they indicate a known
    vulnerability (ie: indicating a CVE number) so I have some additional information
    (maybe a PoC)? Is there any web application exploitation or just "Olly games"?
    Can you indicate some vulnerabilitys/applications which I can try exploiting that will help
    me enhancing the required skills to pass the exam? Any tip will help me so much!

    Thanks and congratulations,

    Mateus Tymbu.

    ReplyDelete
  8. Hi,
    This course and exam are about exploit development, so you will need to fuzz, enumerate, alter things and find "new" issues.

    No CVEs will help you (this is not OSCP).

    Practice all the skill from the course, and get really familiar with Olly and a fuzzer like spike. Practice you web application hacking also.

    Best of luck
    Ben

    ReplyDelete
  9. do you read additonal books before or within the course duration, like art of exploitation or shellcoder handbook or the course material is more than enough?

    ReplyDelete
  10. Anonymous,
    Get very familiar with Ollydbg or Immunity debugger.

    I would also recommend the "Web Application Hackers Handbook". WAHH is probably the best book on hacking I have ever read.

    Ben

    ReplyDelete
  11. About to start (Sunday, Feb 5) OSCE. Nice to see yet one more success story. Looking forward to being 'beat up' and to the always infamous 'Try Harder'

    - hayabusa

    ReplyDelete
    Replies
    1. Being beaten up a bit is part of the fun, and a great way to learn ;o)

      Delete
  12. Hi, I came across your blog recently and while I don't understand almost any of the technical stuff you talk about I have been enjoying it. I want to ask you for some advice and couldnt find a contact me section. Im relatively new to all this and im in college taking some intro programming classes, started messing around with a couple different linux distros, and teaching my self python. I was wondering if you could make a post on how to get started in doing what you do as a career. I was thinking of majoring in CS and then I met some guy who does what you do (penetration testing and stuff) and I feel like i finally found something that interests me and i could eagerly spend the rest of my life doing haha Id love a response, thanks

    ReplyDelete
  13. I need to have deep undestanding of dep/aslr bypass. i know Immunity debugger,windbg,ollydbg. Is assembly language necessary to dep/aslr bypass. for instance i dont what is ROP how it is calculated.

    Thanks

    ReplyDelete
  14. Very interesting blog. Alot of blogs I see these days don't really provide anything that I'm interested in, but I'm most definately interested in this one. Just thought that I would post and let you know. Nice! thank you so much!
    geometry dash 2.0 l geometry dash 2.0 apk l geometry dash online l geometry dash 2.0 download l geometry dash

    ReplyDelete
  15. ACTIVE & FRESH CC FULLZ WITH BALANCE
    Price $5 per each CC

    US FRESH, TESTED & VERIFIED SSN LEADS
    $1 PER EACH
    $5 FOR PREMIUM

    *Time wasters or cheap questioners please stay away
    *You can buy for your specific states too
    *Payment in advance

    CC DETAILS
    =>CARD TYPE
    =>FIRST NAME & LAST NAME
    =>CC NUMBER
    =>EXPIRY DATE
    =>CVV
    =>FULL ADDRESS (ZIP CODE, CITY/TOWN, STATE)
    =>PHONE NUMBER,DOB,SSN
    =>MOTHER'S MAIDEN NAME
    =>VERIFIED BY VISA
    =>CVV2

    SSN LEADS INFO
    First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank NAME | DL Number | Home Owner | IP Address |MMN | Income

    Contact Us

    -->Whatsapp > +923172721122
    -->Email > leads.sellers1212@gmail.com
    -->Telegram > @leadsupplier
    -->ICQ > 752822040

    *Hope for the long term deal
    *If you buy leads in bulk, I'll definitely negotiate
    *You can ask me for sample of Lead for demo

    US DUMP TRACK 1 & 2 WITH PIN CODES ALSO AVAILABLE

    ReplyDelete
  16. ++{Hi Everyone}++

    We are providing all type of FULLZ. Freshly spammed & verified FULLZ with good quality.
    *Bulk quantity also available*

    -->Details Available In Fullz<--
    o>SSN+don+address & SSN+dob+DL+Address
    o>Employee & Bank Account Details will be given on demand
    o>High CS Fullz with complete info
    o>Fullz for SBA, PUA, E-filling & Return Filling

    **PING ME ON**
    -->ICQ >> 752822040 -->Telegram >> @leadsupplier -->Skype >> Peeterhacks

    TOOLS & TUTORIALS AVAILABLE
    -->All Types of Tools & Tutorials also available for Learning Ethical Hacking, Carding & Spamming<--
    Working & genuine tools with good validity you can get on few taps.

    o>Ethical Hacking Ebooks, Tools & Tutorials
    o>Penetration Testing
    o>Trojan using PHP
    o>Bitcoin Cracker
    o>Kali Linux
    o>DUMPS with pins track 1 and 2 with & without pin
    o>RAT's
    o>Keylogger & Keystroke Logger
    o>Whatsapp Cracked Version
    o>Robotics
    o>BTC Flasher
    o>SQL Injector
    o>BTC Cracker
    o>SMTP Linux Root
    o>Shell Scripting
    o>SMTP's, Safe Socks, Rdp's brute
    o>PHP mailer
    o>SMS Sender & Email Blaster
    o>Cpanel
    o>Server I.P's & Proxies
    o>Viruses & VPN's
    o>HQ Email Combo's

    +All tools are genuine & valid.
    +Feel free to asked for any tool & tutorial.

    **HIT ME UP ON**
    -->ICQ >> 752822040 -->Telegram >> @killhacks -->Skype >> Peeterhacks

    ReplyDelete
  17. Your car could be stolen if you don't keep this in mind!

    Imagine that your vehicle was taken! When you visit the police, they inquire about a particular "VIN check"

    A VIN decoder is what?

    Similar to a passport, the "VIN decoder" allows you to find out the date of the car's birth and the identity of its "parent" (manufacturing facility). You can also figure out:

    1.The type of engine

    2.Model of a car

    3.The limitations of the DMV

    4.The number of drivers in this vehicle

    You'll be able to locate the car, and keeping in mind the code ensures your safety. The code can be examined in the online database. The VIN is situated on various parts of the car to make it harder for thieves to steal, such as the first person sitting on the floor, the frame (often in trucks and SUVs), the spar, and other areas.

    What happens if the VIN is harmed on purpose?

    There are numerous circumstances that can result in VIN damage, but failing to have one will have unpleasant repercussions because it is illegal to intentionally harm a VIN in order to avoid going to jail or being arrested by the police. You could receive a fine of up to 80,000 rubles and spend two years in jail. You might be stopped by an instructor on the road.

    Conclusion.

    The VIN decoder may help to save your car from theft. But where can you check the car reality? This is why we exist– VIN decoders!

    ReplyDelete
  18. Чтобы получить возможность рулить погрузчиком, очень важно пройти специальное обучение и хорошо сдать экзамены, указывающие знания в этой области. Удостоверение тракториста-машиниста выдается в Гостехнадзоре и обязательно для тех, кто планирует трудиться на специальной технике - https://onpravar.com/spectehnika/pogruzchik

    ReplyDelete