+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 45
  1. Member
    Join Date
    May 2015
    Posts
    79
    #1

    Default OSCE - JollyFrogs' Tale

    I have well and truly started preparing for the OSCE now. Unfortunately, things are still very busy at work (my original reason not to do this course any sooner) but it's looking like things will stay busy for a while longer. That's good news since I won't be looking for another job anytime soon, however it means I will not have dedicated time for studying OSCE. I've decided now that I will spend as much time as needed preparing for the OSCE.

    So, what have I done to date? Lots already! It's part of the reason to start this post now: If I don't keep track on a weekly basis, I'll forget half the things I did to prepare.

    Let's start with what I did over the last couple of days:
    Today, I completed the FC4 challenge. The SLAE course really helped me to fully understand the second part of the FC4 challenge. Not only did I complete the challenge but I automated the whole process in Python. Overall it wasn't too hard to automate the FC4 challenge but my lack of Python skills resulted in me taking about 20-30 hours (~3 days) of reading about python modules and string manipulation and coding. I consider myself a beginner Python coder.

    I figured there are two things I can do to fix my lack of Python skills:
    1) I can take a Python course (SecurityTube offers "Python for Pentesters and Hackers" which is taught by Vivek. I really liked the SLAE32 course which was tutored by Vivek also, so I'm pretty much sold on this course already)
    2) Do lots of reading and keep writing more Python scripts

    I'll most likely do both, as Python lends itself very well to exploit writing (and, as it turns out, solving OSCE challenges!).

    For This is the output of my "fc4solver.py" script (I've kept the print statements generic as to not spoil the challenge for others):

    root@kali20:~/osce# python fc4solver.py test3@nowhere3.com
    Using email address: test3@nowhere3.com
    Retrieving http://www.fc4.me
    Solving first challenge...
    Security String: f2d91faf22b2953285201f1e7391343b
    Sending HTTP POST request to http://www.fc4.me
    Solving second challenge...

    Registration Code: 25408
    Secret Key: b6cc34cb4c8c6ee880424e2a14c8ae2e58623d231fa6a12f0b 9d46633d9433a95d516e5e07d0b401d595dba0f22a8558a8d2 de0b449ea9c63ec91bd2085be65e
    root@kali20:~/osce# python fc4solver.py test4@nowhere4.com
    Using email address: test4@nowhere4.com
    Retrieving http://www.fc4.me
    Solving first challenge...
    Security String: f2d91faf22b2953285201f1e7391343b
    Sending HTTP POST request to http://www.fc4.me
    Solving second challenge...

    Registration Code: 25409
    Secret Key: 73e04e5ec6824d799836372f778f5f9d8098b5f613cebecd8a e62e715b413b5797f26d8869ac16507fdc653f626343a270e4 5024e8d656fd95b365449ebab611

    Before these last few days, I've been reading up on blog posts and forums on other people's experience.
    These are the things I took away from blogs and forums about OSCE (They might not be correct!):
    - The exam is the hard part -- expect to learn as much in the exam as in the whole course
    - A lot of people fail their first exam try due to not having understood the concepts well enough
    - There are 4 hosts in the exam, and you'll need to crack most or even all to get enough points
    - There is one host in particular that is difficult: Most people got stuck for 12-20 hours on this one
    - There are two that take most people 1-5 hours each. And another that takes about 10 hours total.
    - So that's 5+5+10+20 hours = 40 hours... pretty spot on since the total time allotted for this exam is 48 hours
    - Basic python skills are critical for this course -- Advanced Python skills make this course a whole lot easier
    - Basic Assembly skills are critical for this course -- Advanced Assembly skills make this course a whole lot easier
    - The concepts do touch on ASLR but not DEP and ROP as far as I understand
    - Corelan and Fuzzylogic seem to be two sites that everyone recommends so I'll be preparing there as well
    - People recommend a plethora of books, mostly Assembly books, I will read as many as I believe necessary
    - Most of the course is spent in a debugger (OllyDbg/ImmunityDebugger)
    - Most people indicate 30 days is enough exam time (as opposed to 90 days for OSCP for instance)

    Similar to my earlier OSCP challenge, I have challenged myself to complete this exam on the first try, with a 100% score.

    That's it for my first post, I'll try to post updates on at least a weekly basis.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member Mooseboost's Avatar
    Join Date
    Jan 2015
    Location
    North Carolina
    Posts
    644

    Certifications
    CEH, CCNA: R&S, eJPT, JNCIS-SEC, Dell Sonicwall CSSA, Dell Sonicwall Email Security,CompTIA CSA+, CompTIA Security+, CompTia Network+
    #2
    Looking forward to following this thread! You definitely seem to be the kind of person who makes sure they are ready for the challenge. I except your OSCE thread to be every bit as good as the OSCP one was.
    2018 Certification Goals: OSCP []

    Blog: www.hackfox.net
    Reply With Quote Quote  

  4. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,362

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #3
    Excited to follow your journey in this thread.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  5. Member
    Join Date
    Jul 2015
    Posts
    63

    Certifications
    CEH, ECSA, eCPPT
    #4
    Hi Jollyfrogs,

    Good to see your thread on OSCE, You are one Kind of Motivator in Offsec course when I see myself feeling down.... Keep up good work, Looking forward for your journey.... Good luck

    Ciao
    Reply With Quote Quote  

  6. Member
    Join Date
    May 2015
    Posts
    79
    #5
    Ok, time for an update! Over the last 2 weeks I've been busy reconstructing the course materials. Starting with the syllabus, then visiting a lot of various blogs and forums, I was able to reconstruct the 9 exercises. I've brought back to life some ISOs of old operating systems, namely Windows XP SP0 (no service pack), Windows 2003 SP1, and Windows Vista SP0 (no service pack) - I still had these laying around in an old CDrom container, lucky me!

    The exercises range from:
    XSS (OSCP prepared me enough for that)
    Manually modifying an .exe file to inject shellcode (essentially what msfvenom does automatically with the -x option)
    Bypassing anti-virus systems (SLAE opened the door and showed how to do this on Linux but I need to practice on Windows as well)
    ASLR and DEP bypass (plenty of online blogs and training resources, corelan seems to be favored here)
    Fuzzing (again, plenty of good resources out there like Sulley and Spike)
    NNM 7.51 exploit (complete with a "shameless plug" to "Backtrack to the Max" here: https://www.exploit-db.com/exploits/5342/)
    Cisco SNMP exploit (Exploiting Cisco Routers - From Vulnerability to Exploit - Praise for Gray Hat Hacking: The Ethical Hacker?s Handbook, Fourth Edition (2015) and Cisco SNMP configuration attack with a GRE tunnel | Symantec Connect)

    So I'm currently rebuilding each of these exercises in my own lab. I know - I'm probably just wasting time - but since I only have weekends to do these exercises, I want to be well prepared before going in to the real labs. I've created a few XSS and manual exe modification exercises, and I'm about to move in to AV bypassing. I'm automating every exercise in Python, even the XSS exploits where my python script (threaded!) will listen on a port while sending out the XSS exploit etc. Of course, it takes a lot of time to program these scripts but I'm learning all the time. I really wish I'd done the SecurityTube Python course first... and I might either do it in the middle of the exercises, or before the labs but I will definitely do it before the exam as I feel it is one of my weak areas and it's really slowing down my progress.

    I'll be sharing some of these scripts via Github. I've kept meticulous notes on the various exercises I've done which I'll be sharing over the next couple of weeks. I will only share what I'm permitted to do by Offensive Security obviously.
    Reply With Quote Quote  

  7. Member
    Join Date
    Jul 2016
    Posts
    43
    #6
    Good luck with this new adventure and thank you very much for sharing it with us!
    Reply With Quote Quote  

  8. Member
    Join Date
    May 2015
    Posts
    79
    #7
    It's been a while since I posted and I thought it would be good to write about my progress. I haven't updated this post because I was busy with various other things. I was requested at work to do another course in August, I still have my SecurityTube Forensic course to complete (I've decided to postpone starting that one until after the OSCE), I've also assisted an OEM manufacturer with fixing some security flaws including remote unauthenticated root RCE (they sent me two of their high-end devices as a thank-you present), I've had some pretty busy and big projects at work, and I'm helping my elderly neighbor with the installation of a new PC, an Amazon FireTV (she loves Game of Thrones) and setting up her wireless network and teaching her to browse the web safely. And of course I've been very busy with the OSCE itself. I've done so much reading and concentrating of late that my eyes actually were starting to dry out and hurt a little (not kidding) so I've had to use some eye drops and some forced breaks (no reading about overflows on my mobile phone for 2 days, no computer at night for two days (ouch!). Instead, I had some time to enjoy movies and series with my partner which we both enjoyed. She's very supportive of what I do which helps tremendously.

    So, I've rebooked my OSCE which was originally scheduled to start this Sunday, to early September, in order to be able to sit the other (5-day) course from work. Had I known what I know now, I believe I would have moved OSCE either way because I'm not ready for OSCE.

    The more I read, the more I learn, and the more I learn the more I know that I don't know as much as I thought I knew. I'm starting to understand why so many students fail their first exam try: They simply weren't ready. I know I'm not ready. That doesn't mean my aim has changed: I will achieve a 100% passing score in the exam - I just need to study harder, focus on my weak areas more, and automate as much as possible to save time on the exam for surprise events. The phrase "Try Harder" is well chosen.

    So what have I completed in the last few weeks, apart from non-OSCE related things:
    - I finished reading as many reviews as I could find online and sorted them by usefulness. There are 100s of reviews out there and I have read most of them. The reviews come with varying levels of usefulness in terms of what to expect from the course and the exam. I list below the ones I found most useful (in no particular order):
    Offensive Security's CTP and OSCE - My Experience - Security SiftSecurity Sift
    OSCE and Me
    Offensive Security CTP Course and OSCE Certification Review
    Your Friendly Neighbourhood Ethical Hacker • OSCE Exam Prep
    https://blog.g0tmi1k.com/2013/08/cra...ctp-offensive/
    https://infamoussyn.com/resources/
    Shellcoding for Linux and Windows Tutorial
    0x5 Course Review: Cracking The Perimeter (OSCE)
    OSCE Review
    tekwizz123's Blog: OSCE Review and Experience
    https://networkfilter.blogspot.sg/20...ce-review.html

    Based on these reviews, I was able to get quite a lot of information about the course, as well as the exam - even though individually these reviews do not give very much away. I've started creating my own lab using VirtualBox and am creating various exercises relating to the course. I'm using a Windows 2003 machine and a Windows Vista machine to create various exercises. I'm not sure I've got the correct programs to exploit, but that doesn't matter - it's the methods that count. I've automated various XSS exploits via a multi-threaded Python script (I'll share my scripts after I start the course through a GitHub account).

    A few people have asked on the IRC channel whether I would be creating my own blog or website. I haven't yet concluded whether to create one or not. On one hand I like the idea of having a blog, but it would be yet another thing to add to my ever growing list of things to do. But I must admit that something like jollyfrogs.ninja does have a ring to it.

    Apart from having finished reading many, many reviews, I've also compiled a list of "Expected curve balls". I have covered off a lot of possible curve balls that OffSec can throw at me during the exam, but I silently hope to be pleasantly surprised and see a new type of curve ball during the exam - if only to learn more. I'm not sure whether I can share my "Expected curve balls" list yet because I could be giving away actual exam tips which is against the OffSec policy - so for now I will keep the list in my KeepNote.

    I've also completed a list of "practice sites" which contain material I can use to practice. There's a whole bunch of sites on the list, and I'm not yet sure how effective these sites are compared to the OSCE materials, so I'll share this list once I start in early September. And finally, I've compiled a list of tutorial sites. The main difference between practice and tutorial sites being that tutorials are guided, typically with screenshots and explanations, whereas for the practice sites I will be more on my own (the practice sites contain exploit-db articles for instance, whereas the tutorial sites include sites like corelan and fuzzysecurity).

    I've also updated my OSCP Kali 2.0 VM which I still had laying around and I've installed various tools I think I might need either during practice of during the exam. I'll be sharing my OSCE VM installation installation guide after completing the labs; this ensures that all tools etc are included and I don't end up confusing people with differing versions of installation guides. I've created various .asm and .py snippets, and also some larger pieces of code like my fc4_solver.py.

    So where to from here? There is still a lot of work to do before I start the labs. I want to maximize my time in the OSCE labs much like I did on the OSCP. The various things I need to research are fuzzing with various fuzzing tools, SEH exploits, shellcode restrictions like ascii-only shellcode, egghunters and ASLR bypass. Overall, I'm starting to see the light at the end of the tunnel: I finally have a (probably way too extensive) list of research I need to do, I have a destination, and am ready to engage at warp 9.
    Last edited by JollyFrogs; 07-28-2016 at 10:23 AM. Reason: Minor spelling corrections
    Reply With Quote Quote  

  9. Member
    Join Date
    Sep 2015
    Posts
    84

    Certifications
    OSCP, OSWP, eWPT
    #8
    Good thread, I also want take OSCE and I am in middle (or even less) of SLAE.

    Can you share your GitHub login? I want subscribe and will wait for your scripts .
    Reply With Quote Quote  

  10. Member
    Join Date
    Jul 2016
    Posts
    31

    Certifications
    A+, Net+, Sec+, Linux+, CCNA, CSA+, CEH, OSCP
    #9
    Quote Originally Posted by JollyFrogs View Post
    The more I read, the more I learn, and the more I learn the more I know that I don't know as much as I thought I knew.
    Truer words never spoken!! I feel the exact way you feel. But it only encourages me, as I'm sure it does you too. The hunger really excites me. Its a fascinating world we live in.

    Thanks for all of your wonderful information.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Nov 2013
    Location
    NoVa
    Posts
    217
    #10
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Jul 2016
    Posts
    10

    Certifications
    CCNA, MCSA, Sec+, OSCP
    #11
    Also looking forward to the OSCE, but will wait for your tale to end first
    Reply With Quote Quote  

  13. Member
    Join Date
    May 2015
    Posts
    79
    #12
    Just a quick update that I've got tons of notes but haven't had time to write a post yet - trying to maximize my time in the labs as I only have a month and work's busy so can only study during weekends. I've completed all the exercises, now updating notes and redo-ing the exercises without guide.
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Apr 2014
    Posts
    161
    #13
    So Jolly,

    What up with this ??? hehe.. Looking forward to read more =)
    By the time, i've smashed my 1st DEP bypass exploit with a ROP chain at VirtualProtect() works just so great !!!

    Hope to read from you soon,
    Mokaz
    Reply With Quote Quote  

  15. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,584

    Certifications
    SpecterOps: Powershell Adversary Tactics, SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #14
    Great work so far! very interesting and motivating your journey has become!
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), SpecterOps: PowerShell Adversary Tactics (completed), eCPPT (2nd attempt), LFCS (4th attempt )
    2018 Goals: eCPPT, OSCP
    Reply With Quote Quote  

  16. Junior Member DataFox's Avatar
    Join Date
    Mar 2016
    Location
    Ireland
    Posts
    10

    Certifications
    CISSP, MCP, MCT, MCSA, MCSE, CCNA (R|S), VCP 5.5 DCV, 6.0 DCV, C|EH
    #15
    Hey Jolly,
    Hows are things coming with the OSCE, your OSCP notes have been a great help
    Reply With Quote Quote  

  17. Junior Member Registered Member
    Join Date
    Jun 2015
    Posts
    3
    #16
    Hey JollyFrogs, I'll keep this brief. I know your time is valuable. I would just like some advice.

    I have the opportunity through work to take an AccessData forensics course, or continue the Python for Pentesters and Hackers course. My employer will pay for either, but not both. I'm currently a Jr. Network Admin with a CCNA, Security+, and 2 years of networking experience, and dual Associates in Networking/Cybersecurity.

    In summary, I'm looking to get into the pen testing field in the next 2-3 years. Is forensics important, or should I focus on Python & Networking (CCNP R&S), considering my background?

    I really hope this isn't considered a hijack. I would never impose on your thread like that, I respect you too much. I will totally delete this reply if it is deemed inappropriate for this thread.

    Good luck with your OSCE. I can only hope to one day be where you are.
    Reply With Quote Quote  

  18. Senior Member Mooseboost's Avatar
    Join Date
    Jan 2015
    Location
    North Carolina
    Posts
    644

    Certifications
    CEH, CCNA: R&S, eJPT, JNCIS-SEC, Dell Sonicwall CSSA, Dell Sonicwall Email Security,CompTIA CSA+, CompTIA Security+, CompTia Network+
    #17
    I will admit I am curious here JF is on this these days.

    Always love following their threads.
    2018 Certification Goals: OSCP []

    Blog: www.hackfox.net
    Reply With Quote Quote  

  19. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,362

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #18
    I'm curious on how he's doing as well.

    @Fermion, I would copy what you pasted there and then start a new thread with it as you will get a ton more replies that way.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  20. Member
    Join Date
    May 2015
    Posts
    79
    #19
    Hey Guys,

    Haven't had much time to update this thread as I've spent ALL my time practicing for the exam. The PDF is deceptively small, and I thought I'd had plenty of time to update as I went. However, the rabbit hole is almost endless, and I've found that a simple ~140 page PDF has turned into a massive 10.000 page reading material. I've kept plenty of notes, including all the reading materials, which I'll be sharing like on the OSCP. My exam is in 4 days, and I'll be keeping you updated on whether I pass or fail. Right now, I've prepared fairly well for the exam and am comfortable in most areas that whatever they throw at me I'll be able to fix. The question is: Can I do it within 48 hours?

    Cheers,
    The Frog
    Reply With Quote Quote  

  21. Stayed at a Holiday Inn.. the_Grinch's Avatar
    Join Date
    May 2007
    Posts
    3,850

    Certifications
    BS-CST CISSP GMON MPSC Security+ XRY 1+2+3 XAMN AAA AA CMFF CCO CCPA
    #20
    Can't wait to see the PASSED post!
    WIP:
    MS in Legal Studies - Drexel University
    Mobile Forensics
    Kotlin
    Python
    Reply With Quote Quote  

  22. Senior Member xxxkaliboyxxx's Avatar
    Join Date
    Dec 2013
    Location
    Cyber, USA
    Posts
    427

    Certifications
    GCIH, C|EH, Sec+, eJPT, SCCC
    #21
    Good luck mate, get that coffee ready!
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
    Reply With Quote Quote  

  23. Senior Member Mooseboost's Avatar
    Join Date
    Jan 2015
    Location
    North Carolina
    Posts
    644

    Certifications
    CEH, CCNA: R&S, eJPT, JNCIS-SEC, Dell Sonicwall CSSA, Dell Sonicwall Email Security,CompTIA CSA+, CompTIA Security+, CompTia Network+
    #22
    I know Jolly is going to ace this - looking forward for the passing post and the awesome review that I know will be written.
    2018 Certification Goals: OSCP []

    Blog: www.hackfox.net
    Reply With Quote Quote  

  24. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,362

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #23
    Good luck on the exam!! Can't wait to read your review and overall experience.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  25. Member
    Join Date
    Jul 2016
    Posts
    43
    #24
    Best of luck for the exam JollyFrogs !!!
    Reply With Quote Quote  

  26. Member
    Join Date
    Oct 2016
    Posts
    42
    #25
    Exam tomorrow then? Break a leg mate
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks