Cracking the OSCE

ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
Some of you followed my adventure towards OSCP. Now here is part two... becoming OSCE. icon_wink.gif

This will probably be longer as my only experience with low level stuff is from OSCP and CTFs, so my first step is to get familiar with Assembly. To tackle this, I'm taking SLAE and SGDE (GNU Debugger) first, with plans to pay for OSCE in October and start November-ish.

I have a mixed goal here. First I want to be better at binary/low level exploitation, plus I want to challenge myself and tackle OSCE. I mean it looks good on the CV, doesn't it? :)

Comments

  • EchoLakeEchoLake Posts: 1Registered Users ■□□□□□□□□□
    I think that OSCE is the great goal for skilled offensive security professionals. A lot of low level stuff with a good opportunity to practical application it in a real-based environment. And of course it is a good for CV, which shows your skills and proofs of that. Highly recommend it. Good luck!
  • securitychopssecuritychops Posts: 29Registered Members ■■■□□□□□□□
    Looking forward to reading about your progress, good luck! :D
  • JoJoCal19JoJoCal19 Posts: 2,711Moderators mod
    Yea man!!! Good luck! I'll definitely be following this closely.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CCSP, CCSK, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • chrisonechrisone Senior Member Posts: 1,757Registered Members ■■■■■■■□□□
    wait are we still w00t dancing? it goes r00t dance, then w00t dance, then what dance after OSCE? hahahah
    2018 Goals: SANS Advanced Security Essentials - Enterprise Defender (complete, not going for cert), SpecterOps: Adversary Tactics Red Team OPS (complete), eCPPT (obtained), OSCP PWK (in progress), Demystifying Regular Expressions (in progress), SLAE, OSCE CTP
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Probably the 0xDEADBEEF dance. :D

    Update: Finished the SecurityTube GDB Megaprimer, switching back to SLAE.
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    I got a 14 day trial for the Embedded Developer course from Security Innovations. As my endgame is to get more familiar with embedded security, this course is a great resource, which aligns with the OSCE as well. Started yesterday and got 20% done already.
  • chrisonechrisone Senior Member Posts: 1,757Registered Members ■■■■■■■□□□
    Very nice! I never heard of that course.
    2018 Goals: SANS Advanced Security Essentials - Enterprise Defender (complete, not going for cert), SpecterOps: Adversary Tactics Red Team OPS (complete), eCPPT (obtained), OSCP PWK (in progress), Demystifying Regular Expressions (in progress), SLAE, OSCE CTP
  • Skyyyyy2001Skyyyyy2001 Posts: 36Registered Members ■■□□□□□□□□
    ottucsak wrote: »
    I got a 14 day trial for the Embedded Developer course from Security Innovations. As my endgame is to get more familiar with embedded security, this course is a great resource, which aligns with the OSCE as well. Started yesterday and got 20% done already.

    Thanks for this and I will be following your post. Can I check how much is the course from Security Innovations?
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    I'm not sure about the pricing, these are training materials for enterprises and might not be available for separate purchase. Nevertheless, the Embedded Developer course is really great for developers who want to get introduced to security or to junior application security people. My only criticism with the materials is that it could be a bit more practical.
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Finished the Embedded Developer course. Overall, I have mixed feelings: while the course wasn't a good fit for me, I can see it's value for junior appsec engineers and software developers. I guess it was worth the invested time, but I really should head back to SLAE. :)
  • securitychopssecuritychops Posts: 29Registered Members ■■■□□□□□□□
    Thanks for the feedback on the Embedded Developer course, if you learned anything at all then I reckon it was time well spent :)
  • Skyyyyy2001Skyyyyy2001 Posts: 36Registered Members ■■□□□□□□□□
    care to share what do you mean by "while the course wasn't a good fit for me". do you mean its too basic for you? :)
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Yes, too basic for someone with a few years of appsec experience. I just did the exams first and achieved a pass almost all the time, without breaking a sweat. But then again, I probably wasn't the primary audience for this course.
  • Skyyyyy2001Skyyyyy2001 Posts: 36Registered Members ■■□□□□□□□□
    @ottucsak, any updates on your OSCE?
  • ottucsakottucsak Posts: 142Registered Members ■■■□□□□□□□
    Unfortunately, the company backed out from sponsoring it this year, so I have to put it on hold. I plan to circle back to SLAE next month, so I can start OSCE early next year with or without company funding. Until then I'm busy with Python, DevSecOps, hardware hacking and making challenges for next years local CTF event. :)
  • Skyyyyy2001Skyyyyy2001 Posts: 36Registered Members ■■□□□□□□□□
    I see, nice to hear that. Have an enjoyable holiday season ahead. :)
Sign In or Register to comment.