Cracking the OSCE

ottucsakottucsak Posts: 146Member ■■■■□□□□□□
Some of you followed my adventure towards OSCP. Now here is part two... becoming OSCE. icon_wink.gif

This will probably be longer as my only experience with low level stuff is from OSCP and CTFs, so my first step is to get familiar with Assembly. To tackle this, I'm taking SLAE and SGDE (GNU Debugger) first, with plans to pay for OSCE in October and start November-ish.

I have a mixed goal here. First I want to be better at binary/low level exploitation, plus I want to challenge myself and tackle OSCE. I mean it looks good on the CV, doesn't it? :)

Comments

  • EchoLakeEchoLake Posts: 1Registered Users ■□□□□□□□□□
    I think that OSCE is the great goal for skilled offensive security professionals. A lot of low level stuff with a good opportunity to practical application it in a real-based environment. And of course it is a good for CV, which shows your skills and proofs of that. Highly recommend it. Good luck!
  • securitychopssecuritychops OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64 Posts: 52Member ■■■□□□□□□□
    Looking forward to reading about your progress, good luck! :D
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
  • JoJoCal19JoJoCal19 California Kid Posts: 2,801Mod Mod
    Yea man!!! Good luck! I'll definitely be following this closely.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,900Member ■■■■■■■■□□
    wait are we still w00t dancing? it goes r00t dance, then w00t dance, then what dance after OSCE? hahahah
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • ottucsakottucsak Posts: 146Member ■■■■□□□□□□
    Probably the 0xDEADBEEF dance. :D

    Update: Finished the SecurityTube GDB Megaprimer, switching back to SLAE.
  • ottucsakottucsak Posts: 146Member ■■■■□□□□□□
    I got a 14 day trial for the Embedded Developer course from Security Innovations. As my endgame is to get more familiar with embedded security, this course is a great resource, which aligns with the OSCE as well. Started yesterday and got 20% done already.
  • chrisonechrisone CISSP, CRTP, eCPPT, LFCS, CEH, Azure Fundamentals, Retired Cisco NPs Posts: 1,900Member ■■■■■■■■□□
    Very nice! I never heard of that course.
    2020 Goals:
    Courses: SpecterOps Adversary Tactics: Detection
    Certs: AZ-500 (in-progress), MS-500, Pentester Academy - PACES, Pentester Academy - CRTE, OSCP
  • Skyyyyy2001Skyyyyy2001 Posts: 57Member ■■■□□□□□□□
    ottucsak wrote: »
    I got a 14 day trial for the Embedded Developer course from Security Innovations. As my endgame is to get more familiar with embedded security, this course is a great resource, which aligns with the OSCE as well. Started yesterday and got 20% done already.

    Thanks for this and I will be following your post. Can I check how much is the course from Security Innovations?
  • ottucsakottucsak Posts: 146Member ■■■■□□□□□□
    I'm not sure about the pricing, these are training materials for enterprises and might not be available for separate purchase. Nevertheless, the Embedded Developer course is really great for developers who want to get introduced to security or to junior application security people. My only criticism with the materials is that it could be a bit more practical.
  • ottucsakottucsak Posts: 146Member ■■■■□□□□□□
    Finished the Embedded Developer course. Overall, I have mixed feelings: while the course wasn't a good fit for me, I can see it's value for junior appsec engineers and software developers. I guess it was worth the invested time, but I really should head back to SLAE. :)
  • securitychopssecuritychops OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64 Posts: 52Member ■■■□□□□□□□
    Thanks for the feedback on the Embedded Developer course, if you learned anything at all then I reckon it was time well spent :)
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
  • Skyyyyy2001Skyyyyy2001 Posts: 57Member ■■■□□□□□□□
    care to share what do you mean by "while the course wasn't a good fit for me". do you mean its too basic for you? :)
  • ottucsakottucsak Posts: 146Member ■■■■□□□□□□
    Yes, too basic for someone with a few years of appsec experience. I just did the exams first and achieved a pass almost all the time, without breaking a sweat. But then again, I probably wasn't the primary audience for this course.
  • Skyyyyy2001Skyyyyy2001 Posts: 57Member ■■■□□□□□□□
    @ottucsak, any updates on your OSCE?
  • ottucsakottucsak Posts: 146Member ■■■■□□□□□□
    Unfortunately, the company backed out from sponsoring it this year, so I have to put it on hold. I plan to circle back to SLAE next month, so I can start OSCE early next year with or without company funding. Until then I'm busy with Python, DevSecOps, hardware hacking and making challenges for next years local CTF event. :)
  • Skyyyyy2001Skyyyyy2001 Posts: 57Member ■■■□□□□□□□
    I see, nice to hear that. Have an enjoyable holiday season ahead. :)
  • ottucsakottucsak Posts: 146Member ■■■■□□□□□□
    Small update: finished SLAE videos and exercises. Will start working on the exam assignments soon. 
    I uploaded some of the stuff I wrote, including compiler instructions for x64 and small scriptlets. One problem that I faced on 64bit is that JMP-CALL-POP doesn't seem to work. 
    https://github.com/fuzboxz/SLAE
  • securitychopssecuritychops OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64 Posts: 52Member ■■■□□□□□□□
    Very cool seeing another set of code being worked up for the SLAE!  :)
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
  • nonamenewbie21nonamenewbie21 Posts: 1Member ■■□□□□□□□□
    ottucsak said:
    Some of you followed my adventure towards OSCP. Now here is part two... becoming OSCE.

    May i ask where your osco post is plz

  • Info_Sec_WannabeInfo_Sec_Wannabe Senior Member Posts: 385Member ■■■□□□□□□□
    ottucsak said:
    Some of you followed my adventure towards OSCP. Now here is part two... becoming OSCE.

    May i ask where your osco post is plz

    https://community.infosecinstitute.com/discussion/132807/not-another-oscp-blog/p1
    Three year plan: (2018) CISSP [X] and eJPT [ ]; (2019) eCPPT [ ]; (2020) OSCP [ ]
Sign In or Register to comment.