Nailing the OSCE - CTP
mokaz
Member Posts: 172
Hi all,
I've been pretty silent here around for the last few months... Well to cut a story short, I've had the luck to switch jobs lately (to pursue in Information Security solely) and in between my two positions, I've had a free month. Well, in order not to party too much during that time, I've decided that i should do something meaningful. And there you've found me registering for the CTP/OSCE.
Well, it's been a while since I've decided i'll take the OSCE as my next certification, that idea didn't came yesterday. So i've had done some studying already, spent some time at SLAE (didn't did the cert, simply followed the course) which was really helpfully at simply get me past the OSCE registration challenge... Offensive Security Online Security Training Challenge (don't ****, it will certainly not help you really...)
Once this was done and i knew my way around the challenge, it was just a matter of time as to when would I've been able to find the needed time to do the CTP.
Let me demystify it a little bit. It seems hard but indeed as with anything if you inject enough time it suddenly becomes all clear and crystal. With my poor understanding of roughly 50 assembly instructions, i could crawl around CTP and more importantly the OSCE exam.
1st i've been very afraid of one thing, every reports I've been reading about it stated a lot of automation, i'm pretty bad at this. Of course i know my python basics and i'm able to craft a skeleton script. But 1st i need to understand the whole process and this by doing it by hands.. So clearly you do not need to be Dan The Automator, your hands and brain are plenty enough.
More importantly I think that a few things saved me. Build yourself a few development VMs (Zindows / Visual Studio). I've installed two VMs one with W10/VS2015 and one with Vista/VS2008. That'll help you a lot at compiling code destined at Windows in general.
Along your researches you'll stumble many time on .C sources which you'll need to compile on your own...
Train yourself on vulnserver - get the point of crafting exploits, egg hunters, manually encoding shellcode and so on.
There are so many resources online for that, corelan, fuzzysecurity to name a few...
CTP does not touch DEP or more advanced protection techniques. That's left for their AWE course i think.
So you're rather left free with code execution...
Last but not least, the training talks briefly about some fuzzing techniques. The things taught are good but there are far better ways of fuzzing nowadays, I've went for Sulley which is python based.
Also, do not fear re-creating things on your own, replicate the CTP lab systems locally where you can easily upload any binary/kits you'd want to try out. I've done so and i'm glad i did.
Here are the resources I've been using in order to get there:
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Fuzzing: Brute Force Vulnerability Discovery
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
Hacking: The Art of Exploitation, 2nd Edition
Assembly Language Step-by-Step: Programming with Linux
I've also bought and registered for this:
SecurityTube Linux Assembly Expert
Another really great resource to get ideas was this:
https://vulners.com/
Finally, if that is of any interest, I've been able to fully compromise all the OSCE exam targets..
May the force be with you, help ever, hurt never !
M.
I've been pretty silent here around for the last few months... Well to cut a story short, I've had the luck to switch jobs lately (to pursue in Information Security solely) and in between my two positions, I've had a free month. Well, in order not to party too much during that time, I've decided that i should do something meaningful. And there you've found me registering for the CTP/OSCE.
Well, it's been a while since I've decided i'll take the OSCE as my next certification, that idea didn't came yesterday. So i've had done some studying already, spent some time at SLAE (didn't did the cert, simply followed the course) which was really helpfully at simply get me past the OSCE registration challenge... Offensive Security Online Security Training Challenge (don't ****, it will certainly not help you really...)
Once this was done and i knew my way around the challenge, it was just a matter of time as to when would I've been able to find the needed time to do the CTP.
Let me demystify it a little bit. It seems hard but indeed as with anything if you inject enough time it suddenly becomes all clear and crystal. With my poor understanding of roughly 50 assembly instructions, i could crawl around CTP and more importantly the OSCE exam.
1st i've been very afraid of one thing, every reports I've been reading about it stated a lot of automation, i'm pretty bad at this. Of course i know my python basics and i'm able to craft a skeleton script. But 1st i need to understand the whole process and this by doing it by hands.. So clearly you do not need to be Dan The Automator, your hands and brain are plenty enough.
More importantly I think that a few things saved me. Build yourself a few development VMs (Zindows / Visual Studio). I've installed two VMs one with W10/VS2015 and one with Vista/VS2008. That'll help you a lot at compiling code destined at Windows in general.
Along your researches you'll stumble many time on .C sources which you'll need to compile on your own...
Train yourself on vulnserver - get the point of crafting exploits, egg hunters, manually encoding shellcode and so on.
There are so many resources online for that, corelan, fuzzysecurity to name a few...
CTP does not touch DEP or more advanced protection techniques. That's left for their AWE course i think.
So you're rather left free with code execution...
Last but not least, the training talks briefly about some fuzzing techniques. The things taught are good but there are far better ways of fuzzing nowadays, I've went for Sulley which is python based.
Also, do not fear re-creating things on your own, replicate the CTP lab systems locally where you can easily upload any binary/kits you'd want to try out. I've done so and i'm glad i did.
Here are the resources I've been using in order to get there:
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
Fuzzing: Brute Force Vulnerability Discovery
The Shellcoder's Handbook: Discovering and Exploiting Security Holes
Hacking: The Art of Exploitation, 2nd Edition
Assembly Language Step-by-Step: Programming with Linux
I've also bought and registered for this:
SecurityTube Linux Assembly Expert
Another really great resource to get ideas was this:
https://vulners.com/
Finally, if that is of any interest, I've been able to fully compromise all the OSCE exam targets..
May the force be with you, help ever, hurt never !
M.
Comments
-
eth0 Member Posts: 86 ■■□□□□□□□□For me fc4 challenge is problematic on last step when I have asm code (or probably step before with "Now decode your CTP Secret Key and you are done!"). So after reading some posts I decided to learn from SecurityTube Linux Assembly Expert (SLAE) because I have only experience around re/asm/expl dev (on that level)/debuggers from OSCP exploit development basics. Is this good way (not sure what was your experience with that asm/debuggers etc stuff before)?
Why you needed book about web exploitation? -
mokaz Member Posts: 172Why you needed book about web exploitation?
Though, if you check the CTP syllabus, you'll see that there are indeed a few Web Appz based modules.
[QUOTE=JollyFrogs --> Grats Mokaz![/QUOTE]
Thanks my friend !!
[/COLOR] -
eth0 Member Posts: 86 ■■□□□□□□□□ah I see, anyway there is mainly problem with Windows exploitation as I know
there is websec on exam? -
mokaz Member Posts: 172ah I see, anyway there is mainly problem with Windows exploitation as I know
there is websec on exam?
Well obviously i can't talk about what's in or isn't concerning the OSCE exam. Although you're clearly subject of being examined on any of the syllabus items, which in turn should answer your question..
But i'd say if you're looking at it and are interested by the OSCE, go for it !! it was really a great experience for me, it's more relaxed than the OSCP for example, you crawl the CTP modules and do each exercise (i did them at my sauce trying always to make my personal moves here and there rather than stupidly following each exercises) and once you feel ready, go for the exam. Also, your LAB VMs are yours so you can keep them at their status during your whole lab time...
As well, there is a lot of personal researches involved with the OSCE, the OffSec guys give you some keys but you need to find others as well in order to fully get the whole picture. But again, i think this is exactly what appeals me so much at the OffSec stuff, because it is really rewarding to be shown a way and then craft your own way of doing it, to me that's learning and applying.
Cheers,
m.