Cracking the OSCE

ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
in Offensive Security: OSCP & OSCE
Some of you followed my adventure towards OSCP. Now here is part two... becoming OSCE. icon_wink.gif

This will probably be longer as my only experience with low level stuff is from OSCP and CTFs, so my first step is to get familiar with Assembly. To tackle this, I'm taking SLAE and SGDE (GNU Debugger) first, with plans to pay for OSCE in October and start November-ish.

I have a mixed goal here. First I want to be better at binary/low level exploitation, plus I want to challenge myself and tackle OSCE. I mean it looks good on the CV, doesn't it? :)
· Share on FacebookShare on Twitter

Comments

  • EchoLakeEchoLake Registered Users Posts: 1 ■□□□□□□□□□
    I think that OSCE is the great goal for skilled offensive security professionals. A lot of low level stuff with a good opportunity to practical application it in a real-based environment. And of course it is a good for CV, which shows your skills and proofs of that. Highly recommend it. Good luck!
    · Share on FacebookShare on Twitter
  • securitychopssecuritychops Member Posts: 52 ■■■□□□□□□□
    Looking forward to reading about your progress, good luck! :D
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
    · Share on FacebookShare on Twitter
  • JoJoCal19JoJoCal19 Mod Posts: 2,834 Mod
    Yea man!!! Good luck! I'll definitely be following this closely.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
    · Share on FacebookShare on Twitter
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    wait are we still w00t dancing? it goes r00t dance, then w00t dance, then what dance after OSCE? hahahah
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
    · Share on FacebookShare on Twitter
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Probably the 0xDEADBEEF dance. :D

    Update: Finished the SecurityTube GDB Megaprimer, switching back to SLAE.
    · Share on FacebookShare on Twitter
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    I got a 14 day trial for the Embedded Developer course from Security Innovations. As my endgame is to get more familiar with embedded security, this course is a great resource, which aligns with the OSCE as well. Started yesterday and got 20% done already.
    · Share on FacebookShare on Twitter
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Very nice! I never heard of that course.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
    · Share on FacebookShare on Twitter
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    ottucsak wrote: »
    I got a 14 day trial for the Embedded Developer course from Security Innovations. As my endgame is to get more familiar with embedded security, this course is a great resource, which aligns with the OSCE as well. Started yesterday and got 20% done already.

    Thanks for this and I will be following your post. Can I check how much is the course from Security Innovations?
    · Share on FacebookShare on Twitter
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    I'm not sure about the pricing, these are training materials for enterprises and might not be available for separate purchase. Nevertheless, the Embedded Developer course is really great for developers who want to get introduced to security or to junior application security people. My only criticism with the materials is that it could be a bit more practical.
    · Share on FacebookShare on Twitter
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Finished the Embedded Developer course. Overall, I have mixed feelings: while the course wasn't a good fit for me, I can see it's value for junior appsec engineers and software developers. I guess it was worth the invested time, but I really should head back to SLAE. :)
    · Share on FacebookShare on Twitter
  • securitychopssecuritychops Member Posts: 52 ■■■□□□□□□□
    Thanks for the feedback on the Embedded Developer course, if you learned anything at all then I reckon it was time well spent :)
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
    · Share on FacebookShare on Twitter
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    care to share what do you mean by "while the course wasn't a good fit for me". do you mean its too basic for you? :)
    · Share on FacebookShare on Twitter
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Yes, too basic for someone with a few years of appsec experience. I just did the exams first and achieved a pass almost all the time, without breaking a sweat. But then again, I probably wasn't the primary audience for this course.
    · Share on FacebookShare on Twitter
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    @ottucsak, any updates on your OSCE?
    · Share on FacebookShare on Twitter
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Unfortunately, the company backed out from sponsoring it this year, so I have to put it on hold. I plan to circle back to SLAE next month, so I can start OSCE early next year with or without company funding. Until then I'm busy with Python, DevSecOps, hardware hacking and making challenges for next years local CTF event. :)
    · Share on FacebookShare on Twitter
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    I see, nice to hear that. Have an enjoyable holiday season ahead. :)
    · Share on FacebookShare on Twitter
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Small update: finished SLAE videos and exercises. Will start working on the exam assignments soon. 
    I uploaded some of the stuff I wrote, including compiler instructions for x64 and small scriptlets. One problem that I faced on 64bit is that JMP-CALL-POP doesn't seem to work. 
    https://github.com/fuzboxz/SLAE
    · Share on FacebookShare on Twitter
  • securitychopssecuritychops Member Posts: 52 ■■■□□□□□□□
    Very cool seeing another set of code being worked up for the SLAE!  :)
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
    · Share on FacebookShare on Twitter
  • nonamenewbie21nonamenewbie21 Member Posts: 1 ■■□□□□□□□□
    ottucsak said:
    Some of you followed my adventure towards OSCP. Now here is part two... becoming OSCE.

    May i ask where your osco post is plz

    · Share on FacebookShare on Twitter
  • Info_Sec_WannabeInfo_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□
    nonamenewbie21 said:
    ottucsak said:
    Some of you followed my adventure towards OSCP. Now here is part two... becoming OSCE.

    May i ask where your osco post is plz

    https://community.infosecinstitute.com/discussion/132807/not-another-oscp-blog/p1
    X year plan: (20XX) OSCP [ ], CCSP [ ]
    · Share on FacebookShare on Twitter
Sign In or Register to comment.