craftwa.re

A walk outside the sandbox

Home Blog Cheat Sheets MacOS Tips Area 51 About

Cracking the Perimeter - Course and OSCE Exam Review

|

Logo

Overview

After OSCP exam, I was eager to start the CTP training as soon as possible. The course is mostly assembly based. I’ve spent most of the time in OllyDbg. Besides that part, the course has a also web based module, and a networking module. All of them are very interesting and require extra reading and practice to fully understand and be able to reproduce the techniques (during the stressful exam hours!).

Challenge

Before being able to register for the CTP training, you’re required to pass a short, fun, multi-staged challenge. You can attempt the challenge before paying for the actual course. The challenge starts on the web and finishes with some low-level assembly stuff. If you liked the challenge you’ll definitely love the course.

Study

After reading through other reviews, I didn’t dive straight into the course after the challenge. I prepared by going through various exploit development resources. There are many many places with good documentation but I wanted to list at least the following, which group together a lot of techniques and are very detailed and relevant:

One month of lab time is more than enough to complete the exercises from all the chapters in the course, but extra work will prove very useful. Also, as a prerequisite, Python and reverse engineering skills helped a lot. Especially for the manual shellcode encoding module, which requires some automation. Fun times!

Exam

The exam is not easy and requires concentration (and inspiration:), not only a good understanding of the techniques used in the lab. The problems cover all the topics from the lab (including the one you’re thinking “I won’t get this, it’s impossible to get it done in time!”). Some problems have small tricks (which may seem bigger, depending on how confident you are about the topic and ultimately how much you’ve practised).

I’ve used both the allocated days for the exam, with a lot of sleep in between (~8h). It’s very important not to panic and, if something doesn’t work, keep hammering :)

Overall, I learned a lot while preparing for the exam. The course is stimulating and very interesting. In the end you get out what you put in. If you need motivation, find your dinosaur and do it!

dino