OSCE Log

BuhRock

Hi everyone! I'm usually a lurker of this forum as I go back and forth on what certification to go after next. I thought it would be better for me to log my progress towards the OSCE. I passed my OSCP back in the winter of 2015 and my role at work is infrastructure lead so I don't get direct experience with penetration testing from that.

I recently read jollyfrog's thread and good god he's an animal.

So my background is a computer science major from undergrad so I understand programming and I can script enough to automate the things I care to. That being said, I thought I would brush up on my python and do what JollyFrog did and automate the FC4.me challenge. This was pretty easy for part 1. Anyone that can program should be able to whip up a script for this in no time.

For part 2, this was more interesting because I had not really a clue on what to do with my output from part 1. I started to research and read a few tutorials from corelan, fuzzysec, greycorner and even purchased the "Hacking, The art of exploitation" book to learn. Also, getting python to do what it takes to solve part 2 took a while of researching and trial and error.

So, after about 2 days I finally completed the FC4.me challenge. Now I'm waiting to hear back from offsec since my last employers email was used for my OSCP and I need them to change that for my new employer. As soon as I get my materials and a little further I will post back.

TeKniques

Good luck sir. We will be anxious to follow your journey!

JoJoCal19

Awesome! Good luck man. Definitely keep this thread updated if you're able to find time. I enjoy the OffSec threads tremendously.

BuhRock

Today, I read a few chapters from Hacking, The art of exploitation and also went through the greycorner stack overflow tutorial. Had to find win xp sp2 download and install that in vmware fusion. The tutorial was a good refresher. My labs start next Saturday so I will be going through corelan tutorials until then. I think the next one I do will be an ASLR tutorial to prepare. Also I will continue reading my book. I'm pretty weak in ASM I've noticed.

saraguru

BuhRock wrote: »

Today, I read a few chapters from Hacking, The art of exploitation and also went through the greycorner stack overflow tutorial. Had to find win xp sp2 download and install that in vmware fusion. The tutorial was a good refresher. My labs start next Saturday so I will be going through corelan tutorials until then. I think the next one I do will be an ASLR tutorial to prepare. Also I will continue reading my book. I'm pretty weak in ASM I've noticed.

My lab is also starting on 23rd of this month!! I think we are starting on the same day

BuhRock

Yup, sounds like it!

adrenaline19

Which debugger do you prefer?

BuhRock

I prefer Ollydbg.

So today I did the SEH buffer overflow tutorial by Greycorner. This was exploiting bigant server on win xp. I am Re familiarizing myself with generating shellcode going through all the exploit dev process such as finding bad characters. Finding bad chars is such a pain to deal with.

BuhRock

I received my OSCE material just now. I'll be reviewing and going through this tonight and tomorrow.

Mooseboost

Definitely adding this to my list of threads to watch.

deyavi

BuhRock wrote: »

I received my OSCE material just now. I'll be reviewing and going through this tonight and tomorrow.

Enjoy the course!

bladeism

Will definitely watch this thread. Planning to take OSCE if ever I pass my OSCP

BuhRock

I went through module 1 last night and this morning. Module 1 was based on XSS attacks and different ways to utilize this. I had to do a bunch of yard work today, so I won't be doing module 2 tonight. I'll read and watch the video, just won't do the exercise tonight.

BuhRock

I have went through module 2 and 3 by now. Module 3 was pretty interesting and I must say that I wish I had went through the SLAE course before hand. It would help, but I'm getting by. I'm starting to understand execution flow in ASM now. Module three took me about 4 hours to get right. I'm a little confused and if there are any OSCEs out here I wonder if you can answer this. It seems that I only have 3 lab machines and we work on those the whole class? This isn't like OSCP where I can go and scan for machines. So I guess I just need to master the modules and schedule the exam once I feel comfortable?

adrenaline19

The OSCE isn't like the OSCP. You only get 4 or 5 machines, but they are all yours. It isn't a big open lab like OSCP.

You see three, maybe two more exist but you haven't found them yet.

BuhRock

I've now completed module 4 and 5. I spent all evening working on these. To be honest, I grasped these concepts quicker than I thought I would (or at least I think I have). Module 5 had to do with bypassing ASLR. Had a few hiccups because versions of tools being used from the videos are different than what I am using, but it worked out in the end.

BuhRock

Just spent the last 2 hours struggling to figure out how to calculate memory address locations needed for jumping. I realized I had went through the module 5 without fully understanding one piece. So being able to calculate hex on the fly would be helpful, but we have calculators in 2017.

BuhRock

I have just completed module 6 which was about egghunters. I should mention that when I say I am going through these modules, I mean I am doing the exercises and not just watching the videos. I'm saving notes on the whole process along the way. To be honest, It's hard to read PDF material about debugging and asm. I'd rather just do it myself. So I am first watching the videos from the module without following along. Then I re watch them and follow along and do the exercise. 3 more modules to go and then I plan on recreating exploits from scratch based on my notes.

JoJoCal19

Awesome to follow your progress!

saraguru

BuhRock wrote: »

I have just completed module 6 which was about egghunters. I should mention that when I say I am going through these modules, I mean I am doing the exercises and not just watching the videos. I'm saving notes on the whole process along the way. To be honest, It's hard to read PDF material about debugging and asm. I'd rather just do it myself. So I am first watching the videos from the module without following along. Then I re watch them and follow along and do the exercise. 3 more modules to go and then I plan on recreating exploits from scratch based on my notes.

We are almost on the same track BuhRock. I too completed module 6 yesterday and I plan on practicing some exploits related to all these 6 modules from Exploit-db for the 2 days and plan on working with the rest of the modules during the weekend.