Passed SecurityTube Linux Assembly Expert (SLAE)
securitychops
OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64Posts: 52Member ■■■□□□□□□□
After passing the OSCP, much like many others here, I started eyeing the OSCE. Unfortunately, it was pretty clear to me that I was not ready to just immediately jump in as I paused at the second half of the sign up challenge as I had not ever done what they were asking me to do. However, researching other peoples experiences through blogs and thread posts (here on this very forum) I was quickly pointed in the direction of the SecurityTube Linux Assembly Expert (SLAE).
It had been quite a while since I was actively writing any kind of assembly code, however this course really did a great job of bringing me back up to speed quickly and focusing on x86 shellcode. The self paced format was a welcomed change of pace after spending three months heads down on the OSCP, and the final exam format requiring blogging/github really forced me to dig deep into concepts in order to be able to properly explain them.
I learned an absolute ton in this course and would recommend it to anyone who has any interest in learning more about shellcode! After completing it I went back to the OSCE signup page again and this time it took about five minutes to produce the value needed to proceed forward with registration, so this course provided me with exactly the outcome that I was hoping for! As soon as DefCon is over this year I am planning on signing up for the OSCE, but in the meantime I just wanted to give my two cents on why I thought the SLAE was such a good course!
It had been quite a while since I was actively writing any kind of assembly code, however this course really did a great job of bringing me back up to speed quickly and focusing on x86 shellcode. The self paced format was a welcomed change of pace after spending three months heads down on the OSCP, and the final exam format requiring blogging/github really forced me to dig deep into concepts in order to be able to properly explain them.
I learned an absolute ton in this course and would recommend it to anyone who has any interest in learning more about shellcode! After completing it I went back to the OSCE signup page again and this time it took about five minutes to produce the value needed to proceed forward with registration, so this course provided me with exactly the outcome that I was hoping for! As soon as DefCon is over this year I am planning on signing up for the OSCE, but in the meantime I just wanted to give my two cents on why I thought the SLAE was such a good course!
Current Certs : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
Goals for 2019 : OSEE
Goals for 2020 : OSWE
Goals for 2019 : OSEE
Goals for 2020 : OSWE
Comments
Courses: TBD
Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
Currently Working On: Python, OSCP Prep
Next Up: OSCP
Studying: Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
For me the timeline was:
May 5, 2018: Course Purchased
May 6, 2018: Course materials arrived via email (7ish GB download)
July 7, 2018: Sent in final exam (links to blog posts, github, exploit-db submission, etc)
July 12, 2018: Received email congratulating me on passing
The time I spent on this exam was around two months of my spare time, although this course ended up taking a lot more work than I was anticipating. Seven assignments does not really sound like a lot at first, but assignment five and six both had three parts so the exam really ended up being closer to eleven assignments. I also really wanted to understand the material so if I did not understand something I would generally spend as much time as it took to fully understand the instruction(s) (and why they were being used) line by line by line. If I couldn't explain it in detail then I would not move on to the next part.
As for study materials, here is most of what I used:
https://en.wikibooks.org/wiki/X86_Disassembly
https://www.google.com/
One of the main benefits of the SLAE is that every new student generates a new set of resources since it requires all code being written be open source and each blog post to be published online! While I tried to limit the amount of help I would give myself I did on occasion check out a previous students posts in order to get a better understanding of a concept if I was struggling with it. I found that by the SLAE asking the student to provide an in depth analysis to be published online in a blog it really pushed me to make sure I was publishing higher quality results.
Going into this course I had never really stopped and thought much about shellcode, but by the end of it I was able to generate my own shellcode from assembly code that I had written myself and was even able to submit shellcode to the exploit-db that was accepted and added! All in all a wonderful course and was definitely worth the cost for me!
Goals for 2019 : OSEE
Goals for 2020 : OSWE
2018: CySA+ | PenTest+ |CCNA CyberOps
2019: VHL 20 boxes
2020: OSCP eCPPT OSCP eCPPT (a bit undecided)
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff
Goals for 2019 : OSEE
Goals for 2020 : OSWE
Thank you for the motivation.
Courses: TBD
Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP