Thursday, March 9, 2017

Offensive Security Certified Expert - My Journey


I recently took "Cracking the Perimeter" course and successfully completed my Offensive Security Certification Challenge. In this blog, I will be covering my journey of taking the course to successfully completing my exams. The Intention of this blog is simply share my experience and in the process try and help anyone who is currently doing this course or are planning to do it in the near future.

The Beginning.

I completed my OSCP (Offensive Security Certified Professional) course some time back and since then I had been itching to take up the CTP Course. The reasons were simple, if you looking to upgrade your skill-sets there is nothing better than offensive security courses. Their courses don't just teach you the solutions but rather push you in the direction of understanding the process of arriving at a solution often with little or no hand-holding. I had an amazing time in the labs during my OSCP course, the buffer overflow section just left me wanting for more. So as soon as I had everything in place, I decided to enroll for the CTP Course.

The Entry Challenge:

The Cracking the Perimeter course is not a beginners course and so an entry challenge must be completed prior to registering for the course. I had early crack at this challenge during my OSCP days and was able to do this easily. However the challenge had been updated later nonetheless I was able to crack the challenge and complete my registration. The only way I was able to complete the challenge was to learn more about Assembly language.

The Course:

The Course is divided into 9 modules, each of those modules are case-studies which are re-created in the labs to practise and hone your skills. Unlike OSCP, all these modules expect the students to have a certain degree of understanding about the web application attacks. The exploit development part is well-covered from scratch. So if you have zero or little knowledge about exploit development, this course will certainly help you.

The Course-material was really pretty straight-forward. I enjoyed studying each of the modules and redoing them in the labs. If you ever get stuck anywhere remember the forums are the best place to clear your doubts. Every module takes you one step further up until you hit the big one...the HP NNM Module. A simply mind-blowing exploit by the Offensive Security that will easily take 2-3 days to recreate it in the lab. Overall, I did not feel the course was outdated in any way (except for bypassing the antivirus module but to be honest bypassing the av is a cat and mouse game and the techniques required to bypass it will be continuously evolving), being a newbie to exploit development, I learned something new in all the modules. I was able to cover all these modules without any major hiccups and was feeling reasonably confident about the exams but I had no idea what was about to hit me in the exams.

The Exam

First Attempt
To say that the exam was tough is actually an understatement, it is simply BRUTAL and UNFORGIVING. 48 hours of exam time is pure hell. There are total of 4 machines with two of them worth 15 points each and the other two 30 points each.To clear the exam you should be able to score 75 points so to be sure that you have passed the exam you had to root both the 30 point machines. I worked my way and finished off the two 15 points machine in around 12-15 hours. I started working on first of the 30 point machine, I started off well and was working up my way to rooting the machine however I soon hit a dead-end and was simply unable to go beyond this point. I tried everything I possibly could but nothing worked for me. I took a break and started working on the other 30 point machine. I knew exactly what I wanted on this machine but somehow it just wasn't working for me. This machine really demanded a lot of creativity in order get full points. I pretty much spend the rest of time working on these machines although I had a foothold in them but wasn't really able to exploit it fully. I had accepted the fact that I had really given my best and had fallen short. It was time to TRY HARDER.

Second Attempt
I was absolutely determined to clear the exam on my second attempt. I knew exactly where I had fallen short and started working on those specific areas. I had written detailed notes of everything I was supposed to do should I face a similar situation again. As it turned out I was able to clear the exams pretty comfortably this time. Moreover I came to know exactly the mistakes I making earlier which lead me to a dead-end. Knowing that I had conquered this beast gave me an immense satisfaction.I was so proud that I had tried hard and succeeded.


Conclusion

Offensive Security Courses are simply the best. The teaching methodology and the "Try Harder" concept will certainly help you not only in the course but also in other areas of your Life. The CTP Course was easily the hardest thing I have ever done and so it by far my most satisfying academic achievement.  

Word of Advice:


  • Anyone who is planning to take the course should know that course is challenging and requires a high degree of self-learning.
  • If you simply walk-through the course materials you will certainly fail, the exam is very challenging and requires you to completely master all the concepts that are taught in the course. 
  • Always keep looking on the offensive security forums, there are vital clues that you can pick up which will be helpful during the course.
  • When I cleared my exam, I was able to relate all the solutions in some or the other way to the concepts that are taught in the course. Although there will be some offsec curve balls.
  • As far as the exam goes, keep a positive attitude and don't give up at any point of time, being mentally strong is absolutely vital to clearing the exams. You never know your last attempt to root the target may work.