I have started my journey towards OSCE! Apparently one round of torture wasn't enough, so I'm back for round two.
OSCP was such an incredible journey. I have grown quite fond of Offensive Security Training!
This thread will serve as a way for me to keep track of my progress, and perhaps help some others that may be looking to follow this path as well.
Some background:
I am a systems engineer with 15+ plus years of technical experience.
I do some level of security in my day job, but I am not a red teamer by trade. I have a pretty solid grasp on techniques and methods. However, my exploit development game is basically non existent aside from what I had to do for my OSCP.
As for other certifications, I currently hold the OSCP, CEH, SSCP. I also just recently hacked my way to domain admin in the Pro lab offering from Hack the Box.
I feel like I have a pretty good working knowledge in this realm now. But one of by big glaring weaknesses is be ability to develop my own exploit code rather than work with pre-made exploit code.
Therefore -- Enter the OSCE
For those that don't know, the OSCE registration process is "safe guarded" by a hacking challenge. This challenge must be solved before you can even register for the course. I looked at this challenge during my OSCP studies, and I think I have a solution. However, the nature of this challenge is to ensure that people are not getting in over their heads. As such, I want to ensure I am not getting in over my head
So, my journey is starting with preparations. Today I have started by brushing up on my register knowledge, and have begun brushing up on my assembly knowledge.
Below are some great resources on the topic:
https://www.securitysift.com/windows-exploit-development-part-1-basics/https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
Next up: SLAE
