Cracking the OSCE

ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
Some of you followed my adventure towards OSCP. Now here is part two... becoming OSCE. icon_wink.gif

This will probably be longer as my only experience with low level stuff is from OSCP and CTFs, so my first step is to get familiar with Assembly. To tackle this, I'm taking SLAE and SGDE (GNU Debugger) first, with plans to pay for OSCE in October and start November-ish.

I have a mixed goal here. First I want to be better at binary/low level exploitation, plus I want to challenge myself and tackle OSCE. I mean it looks good on the CV, doesn't it? :)

Comments

  • EchoLakeEchoLake Registered Users Posts: 1 ■□□□□□□□□□
    I think that OSCE is the great goal for skilled offensive security professionals. A lot of low level stuff with a good opportunity to practical application it in a real-based environment. And of course it is a good for CV, which shows your skills and proofs of that. Highly recommend it. Good luck!
  • securitychopssecuritychops Member Posts: 52 ■■■□□□□□□□
    Looking forward to reading about your progress, good luck! :D
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    Yea man!!! Good luck! I'll definitely be following this closely.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    wait are we still w00t dancing? it goes r00t dance, then w00t dance, then what dance after OSCE? hahahah
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Probably the 0xDEADBEEF dance. :D

    Update: Finished the SecurityTube GDB Megaprimer, switching back to SLAE.
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    I got a 14 day trial for the Embedded Developer course from Security Innovations. As my endgame is to get more familiar with embedded security, this course is a great resource, which aligns with the OSCE as well. Started yesterday and got 20% done already.
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Very nice! I never heard of that course.
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    ottucsak wrote: »
    I got a 14 day trial for the Embedded Developer course from Security Innovations. As my endgame is to get more familiar with embedded security, this course is a great resource, which aligns with the OSCE as well. Started yesterday and got 20% done already.

    Thanks for this and I will be following your post. Can I check how much is the course from Security Innovations?
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    I'm not sure about the pricing, these are training materials for enterprises and might not be available for separate purchase. Nevertheless, the Embedded Developer course is really great for developers who want to get introduced to security or to junior application security people. My only criticism with the materials is that it could be a bit more practical.
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Finished the Embedded Developer course. Overall, I have mixed feelings: while the course wasn't a good fit for me, I can see it's value for junior appsec engineers and software developers. I guess it was worth the invested time, but I really should head back to SLAE. :)
  • securitychopssecuritychops Member Posts: 52 ■■■□□□□□□□
    Thanks for the feedback on the Embedded Developer course, if you learned anything at all then I reckon it was time well spent :)
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    care to share what do you mean by "while the course wasn't a good fit for me". do you mean its too basic for you? :)
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Yes, too basic for someone with a few years of appsec experience. I just did the exams first and achieved a pass almost all the time, without breaking a sweat. But then again, I probably wasn't the primary audience for this course.
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    @ottucsak, any updates on your OSCE?
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Unfortunately, the company backed out from sponsoring it this year, so I have to put it on hold. I plan to circle back to SLAE next month, so I can start OSCE early next year with or without company funding. Until then I'm busy with Python, DevSecOps, hardware hacking and making challenges for next years local CTF event. :)
  • Skyyyyy2001Skyyyyy2001 Member Posts: 57 ■■■□□□□□□□
    I see, nice to hear that. Have an enjoyable holiday season ahead. :)
  • ottucsakottucsak Member Posts: 146 ■■■■□□□□□□
    Small update: finished SLAE videos and exercises. Will start working on the exam assignments soon. 
    I uploaded some of the stuff I wrote, including compiler instructions for x64 and small scriptlets. One problem that I faced on 64bit is that JMP-CALL-POP doesn't seem to work. 
    https://github.com/fuzboxz/SLAE
  • securitychopssecuritychops Member Posts: 52 ■■■□□□□□□□
    Very cool seeing another set of code being worked up for the SLAE!  :)
    Current Certs   : OSCE, OSCP, CISSP, Pentest+, Security+, SLAE, SLAE64
    Goals for 2019 : OSEE
    Goals for 2020 : OSWE
  • nonamenewbie21nonamenewbie21 Member Posts: 1 ■■□□□□□□□□
    ottucsak said:
    Some of you followed my adventure towards OSCP. Now here is part two... becoming OSCE.

    May i ask where your osco post is plz

  • Info_Sec_WannabeInfo_Sec_Wannabe Member Posts: 428 ■■■■□□□□□□
    ottucsak said:
    Some of you followed my adventure towards OSCP. Now here is part two... becoming OSCE.

    May i ask where your osco post is plz

    https://community.infosecinstitute.com/discussion/132807/not-another-oscp-blog/p1
    X year plan: (20XX) OSCP [ ], CCSP [ ]
Sign In or Register to comment.