Wow. I am still in awe right now.
I enjoyed the OSCE exam and the CTP course immensely. The Offsec folks have done a great job of putting the CTP course together. It is by no means an easy course, and much more complex than PWB. Of course just like PWB, no spoon-feeding is involved. Instead, the course materials equip you with the essential concepts and the knowledge to use various techniques.
Finding out when and why to apply the concepts and techniques however, is entirely up to your own study, research, practice, practice and practice.
And that, I believe, is the way it should be. That is what hacking (in the strictest positive sense of the word) is all about.
I studied really intensely for this course, way more than PWB. Part of the reason is that there's hardly any information online about what the OSCE certification exam would entail. All I knew was that there would be a few challenges, and that I needed to complete them within 48 hours. Hence, I wanted to cover all bases. The main reason however, was that I simply could not stop learning. Studying for CTP opened a door where a new and wondrous world awaits. In fact, I learnt so much that I found myself deep in AWE territory. Still, it was all good.
Having already gotten a sense of how an Offsec exam works from OSCP, I felt little stress going into the OSCE exam. I won't elaborate on the exam, but well, if you understand the concepts taught in CTP, you should do fine. 48 hours will be more than sufficient - I was jumping around with elation by the 30th hour. But if you haven't fully grasped the concepts, I would venture to say that you won't be able to crack the more difficult challenges even if you have a week.
All in all, it was one of the most satisfying experiences of my life. Looking back, I am quite overwhelmed by my journey from PWB to OSCE in the past half-year. It's as if I have completed a long and rewarding trek up a mountain. Yet, at the end of the trek, I discovered that I have not reached the peak. I have reached something even better. I stand only at the foot of Mount Everest. And a new journey awaits.
As Buzz Lightyear would say - To infinity and beyond!
Add.: I can't believe I quoted Buzz Lightyear.
Wednesday, February 15, 2012
Tuesday, February 14, 2012
Offensive Security Certified Expert
After one month plus of intensive study and practice, I have passed my CTP (Cracking the Perimeter) Certification Exam! I am now an OSCE.
Saturday, February 4, 2012
Fuzzy Fuzzing
You know you have been doing too much fuzzing when you see "%%%%%..." and think that it is a string of "/////...".
Anyway, I have been fuzzing stuff the whole day, without much success. Taking a break, I coded a basic fuzzer, which provides me with good control over the length of the fuzzing strings. It can be found here: http://code.google.com/p/dearmo-projects/downloads/list. Or this older page.
dearmo-fuzzer.py is also a billion times easier to install than Sulley...
Still, if you need a more comprehensive scanner, try out Dave Aitel's SPIKE, or Pedram Amini's Sulley instead.
Anyway, I have been fuzzing stuff the whole day, without much success. Taking a break, I coded a basic fuzzer, which provides me with good control over the length of the fuzzing strings. It can be found here: http://code.google.com/p/dearmo-projects/downloads/list. Or this older page.
dearmo-fuzzer.py is also a billion times easier to install than Sulley...
Still, if you need a more comprehensive scanner, try out Dave Aitel's SPIKE, or Pedram Amini's Sulley instead.
Subscribe to:
Posts (Atom)