+ Reply to Thread
Results 1 to 20 of 20

Thread: OSCE Log

  1. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #1

    Default OSCE Log

    Hi everyone! I'm usually a lurker of this forum as I go back and forth on what certification to go after next. I thought it would be better for me to log my progress towards the OSCE. I passed my OSCP back in the winter of 2015 and my role at work is infrastructure lead so I don't get direct experience with penetration testing from that.

    I recently read jollyfrog's thread and good god he's an animal.

    So my background is a computer science major from undergrad so I understand programming and I can script enough to automate the things I care to. That being said, I thought I would brush up on my python and do what JollyFrog did and automate the FC4.me challenge. This was pretty easy for part 1. Anyone that can program should be able to whip up a script for this in no time.

    For part 2, this was more interesting because I had not really a clue on what to do with my output from part 1. I started to research and read a few tutorials from corelan, fuzzysec, greycorner and even purchased the "Hacking, The art of exploitation" book to learn. Also, getting python to do what it takes to solve part 2 took a while of researching and trial and error.

    So, after about 2 days I finally completed the FC4.me challenge. Now I'm waiting to hear back from offsec since my last employers email was used for my OSCP and I need them to change that for my new employer. As soon as I get my materials and a little further I will post back.
    Last edited by BuhRock; 07-14-2017 at 07:08 PM. Reason: took out a spoiler
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member TeKniques's Avatar
    Join Date
    Jul 2004
    Location
    Oregon, USA
    Posts
    1,245

    Certifications
    OSCP, CISA, CISSP, SSCP, MCSA 2008, MCSE 2003: Security, MCDST, MCP, Security+, Network+, A+, Project+, CCENT, CCNA
    #2
    Good luck sir. We will be anxious to follow your journey!
    Reply With Quote Quote  

  4. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #3
    Awesome! Good luck man. Definitely keep this thread updated if you're able to find time. I enjoy the OffSec threads tremendously.
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  5. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #4
    Today, I read a few chapters from Hacking, The art of exploitation and also went through the greycorner stack overflow tutorial. Had to find win xp sp2 download and install that in vmware fusion. The tutorial was a good refresher. My labs start next Saturday so I will be going through corelan tutorials until then. I think the next one I do will be an ASLR tutorial to prepare. Also I will continue reading my book. I'm pretty weak in ASM I've noticed.
    Reply With Quote Quote  

  6. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #5
    Quote Originally Posted by BuhRock View Post
    Today, I read a few chapters from Hacking, The art of exploitation and also went through the greycorner stack overflow tutorial. Had to find win xp sp2 download and install that in vmware fusion. The tutorial was a good refresher. My labs start next Saturday so I will be going through corelan tutorials until then. I think the next one I do will be an ASLR tutorial to prepare. Also I will continue reading my book. I'm pretty weak in ASM I've noticed.
    My lab is also starting on 23rd of this month!! I think we are starting on the same day
    Reply With Quote Quote  

  7. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #6
    Yup, sounds like it!
    Reply With Quote Quote  

  8. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #7
    Which debugger do you prefer?
    Reply With Quote Quote  

  9. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #8
    I prefer Ollydbg.

    So today I did the SEH buffer overflow tutorial by Greycorner. This was exploiting bigant server on win xp. I am Re familiarizing myself with generating shellcode going through all the exploit dev process such as finding bad characters. Finding bad chars is such a pain to deal with.
    Reply With Quote Quote  

  10. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #9
    I received my OSCE material just now. I'll be reviewing and going through this tonight and tomorrow.
    Reply With Quote Quote  

  11. Senior Member Mooseboost's Avatar
    Join Date
    Jan 2015
    Location
    North Carolina
    Posts
    637

    Certifications
    CCNA: R&S, eJPT, JNCIS-SEC, Adtran(IPBG & IN), Dell Sonicwall CSSA, Dell Sonicwall Email Security, CompTIA Security+, CompTia Network+
    #10
    Definitely adding this to my list of threads to watch.
    2017 Certification Goals: CISSP [] eCPPT [] OSCP []

    Blog: www.networkingfox.net
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    Sep 2015
    Posts
    23

    Certifications
    OSCE, OSCP, CEH, CCSK, MCSA
    #11
    Quote Originally Posted by BuhRock View Post
    I received my OSCE material just now. I'll be reviewing and going through this tonight and tomorrow.
    Enjoy the course!
    Reply With Quote Quote  

  13. Junior Member
    Join Date
    Jul 2017
    Posts
    16
    #12
    Will definitely watch this thread. Planning to take OSCE if ever I pass my OSCP
    Reply With Quote Quote  

  14. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #13
    I went through module 1 last night and this morning. Module 1 was based on XSS attacks and different ways to utilize this. I had to do a bunch of yard work today, so I won't be doing module 2 tonight. I'll read and watch the video, just won't do the exercise tonight.
    Reply With Quote Quote  

  15. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #14
    I have went through module 2 and 3 by now. Module 3 was pretty interesting and I must say that I wish I had went through the SLAE course before hand. It would help, but I'm getting by. I'm starting to understand execution flow in ASM now. Module three took me about 4 hours to get right. I'm a little confused and if there are any OSCEs out here I wonder if you can answer this. It seems that I only have 3 lab machines and we work on those the whole class? This isn't like OSCP where I can go and scan for machines. So I guess I just need to master the modules and schedule the exam once I feel comfortable?
    Reply With Quote Quote  

  16. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #15
    The OSCE isn't like the OSCP. You only get 4 or 5 machines, but they are all yours. It isn't a big open lab like OSCP.

    You see three, maybe two more exist but you haven't found them yet.
    Reply With Quote Quote  

  17. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #16
    I've now completed module 4 and 5. I spent all evening working on these. To be honest, I grasped these concepts quicker than I thought I would (or at least I think I have). Module 5 had to do with bypassing ASLR. Had a few hiccups because versions of tools being used from the videos are different than what I am using, but it worked out in the end.
    Reply With Quote Quote  

  18. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #17
    Just spent the last 2 hours struggling to figure out how to calculate memory address locations needed for jumping. I realized I had went through the module 5 without fully understanding one piece. So being able to calculate hex on the fly would be helpful, but we have calculators in 2017.
    Reply With Quote Quote  

  19. Member
    Join Date
    Sep 2010
    Posts
    71

    Certifications
    M.S. Cyber Security, sec+, Linux +, CCNA RS, CCNA Sec, OSCP
    #18
    I have just completed module 6 which was about egghunters. I should mention that when I say I am going through these modules, I mean I am doing the exercises and not just watching the videos. I'm saving notes on the whole process along the way. To be honest, It's hard to read PDF material about debugging and asm. I'd rather just do it myself. So I am first watching the videos from the module without following along. Then I re watch them and follow along and do the exercise. 3 more modules to go and then I plan on recreating exploits from scratch based on my notes.
    Reply With Quote Quote  

  20. California Kid JoJoCal19's Avatar
    Join Date
    Mar 2009
    Location
    Jacksonville, FL
    Posts
    2,324

    Certifications
    CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, MSISA, BSBA
    #19
    Awesome to follow your progress!
    Have: CISSP, CISM, CISA, CRISC, GCIA, GSEC, CEHv8, CHFIv8, ITIL-F, BSBA - University of Florida, MSISA - WGU
    Currently Working On: MS Cybersecurity, Learning Python
    Next Up:​ None
    Reading:​ Python Crash Course
    Reply With Quote Quote  

  21. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #20
    Quote Originally Posted by BuhRock View Post
    I have just completed module 6 which was about egghunters. I should mention that when I say I am going through these modules, I mean I am doing the exercises and not just watching the videos. I'm saving notes on the whole process along the way. To be honest, It's hard to read PDF material about debugging and asm. I'd rather just do it myself. So I am first watching the videos from the module without following along. Then I re watch them and follow along and do the exercise. 3 more modules to go and then I plan on recreating exploits from scratch based on my notes.
    We are almost on the same track BuhRock. I too completed module 6 yesterday and I plan on practicing some exploits related to all these 6 modules from Exploit-db for the 2 days and plan on working with the rest of the modules during the weekend.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks