Passed Offensive Security Certified Expert (OSCE)

securitychopssecuritychops Member Posts: 52 ■■■□□□□□□□
I wanted to take a moment and post about my experience with taking, and passing, the Offensive Security Cracking the Perimeter/OSCE course to add another few data points to the forum about my experience.

The Course
Some might argue that the course material is getting a bit dated, as a lot of the techniques are a bit older. I would still disagree with that after having taken the course. While it is true that a lot of the techniques learned/explored in the course are not cutting edge I was blown away at how relevant they still are. For example, I supplemented additional exercises in the course with attempting to locate zero days in "current" software and was amazed at just how many applications are still built for x86 without SafeSEH, DEP or ASLR being enabled on the libraries, etc. So while the course is a bit older I still found it very useful! Plus, I was actually able to find a few zero days in some older software that I am in the process of responsible disclosure on right now!


How I Prepared
OSCP: While this is not strictly required in order to pass the OSCE, I would still highly encourage going through it first. It absolutely gave me a leg up on several of the areas in the CTP.


SLAE: I absolutely can not stress enough how much this course helped me in preparing for the OSCE. If you are not already completely comfortable slinging custom shell code then truthfully, this is going to be the best money you can spend in preparing for this. I absolutely think taking this course is directly related to me passing on my first try. See my previous post about taking the SLAE here: http://www.techexams.net/forums/security-certifications/132948-passed-securitytube-linux-assembly-expert-slae.html


VulnServer: I fuzzed and broke vulnserver in every single way that I could think of, and the time that I spent on it was absolutely paid back to me ten fold, I highly recommend it. Here is a link to my GitHub for the vulnserver exercises/exploits if you would like additional information on it: https://github.com/securitychops/exploits/tree/master/vulnserver/windows/x86


Zero Days: I spent more hours than I care to tell you just sitting at my computer in a Windows XP SP3 Virtual Machine fuzzing older applications that I found on places like Tucows and MajorGeeks. In the end it was time well spent again, as each of those exploits/zero days taught me a world of information I otherwise would not have known!


Conclusion
Again, I am super excited to have passed this and would recommend it to anyone who has any interest in exploring more about exploit development!


My plan at the moment is to take a few weeks off and then roll directly into the x64 version of the SLAE: x86/64 Assembly and Shellcoding on Linux « SecurityTube Training


After the SLAE64 I can only hope to be lucky enough to figure out a way to go for the OSEE ... but that is a problem for another day!
Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
Goals for 2019 : OSEE
Goals for 2020 : OSWE

Comments

  • TeKniquesTeKniques Member Posts: 1,262 ■■■■□□□□□□
    Congratulations - there's some hope that Offensive Security will offer AWE/OSEE online soon. Good luck on your next adventure!
  • COBOL_DOS_ERACOBOL_DOS_ERA Member Posts: 205 ■■■■■□□□□□
    Congrats!!!
    CISM, CRISC, CGEIT, PMP, PMI-ACP, SEC+, ITIL V3, A-CSM. And Many More.
  • CyberCop123CyberCop123 Member Posts: 338 ■■■■□□□□□□
    Nice! Well done.

    Good post too, very informative. If I ever choose to do this I will definitely have to do some leg work first. Although I've done my OSCP I barely use it as my job doesn't involve it at all.

    The SLAE sounds really good and very beneficial
    My Aims
    2017: OSCP -
    COMPLETED
    2018: CISSP -
    COMPLETED
    2019: GIAC GNFA - Advanced Network Forensics & Threat Hunting -
    COMPLETED
               GIAC GREM - Reverse Engineering of Malware -
    COMPLETED

    2021: CCSP
    2022: OSWE (hopefully)
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Congrats, and thank you for the post! Some really good information in here!

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
  • averageguy72averageguy72 Member Posts: 323 ■■■■□□□□□□
    Congrats!
    CISSP / CCSP / CCSK / CRISC / CISM / CISA / CASP / Security+ / Network+ / A+ / CEH / eNDP / AWS Certified Advanced Networking - Specialty / AWS Certified Security - Specialty / AWS Certified DevOps Engineer - Professional / AWS Certified Solutions Architect - Professional / AWS Certified SysOps Administrator - Associate / AWS Certified Solutions Architect - Associate / AWS Certified Developer - Associate / AWS Cloud Practitioner
  • MitMMitM Member Posts: 622 ■■■■□□□□□□
    congratulations!
  • kurtkobaindtkurtkobaindt Member Posts: 15 ■□□□□□□□□□
    congrats...nice journey icon_thumright.gificon_thumright.gificon_thumright.gif
  • u1trasu1tras Member Posts: 81 ■■■□□□□□□□
    Congrats! You have done a great job! Respect for Zero Days!
    Certs: OSCP, eCTHP
    2019 Goals:
    eCTHP (done), FOR578 (done), FOR555 (done), Python (in progress), ELK, eCIR, SEC599, NetWars DFIR, FOR610
  • securitychopssecuritychops Member Posts: 52 ■■■□□□□□□□
    @TeKniques: Thanks and I like the sound of that rumor since it being online would make it much simpler to get it done for sure! :D

    Thanks everyone for the positive feedback, if anyone reading is on the fence and can already get through Offensive Security Online Security Training Challenge without any help then go for it! :D
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    woah! that is epic! congrats man! ottosack and myself are right behind you!
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
Sign In or Register to comment.