After OSCP and OSWP, I finally got my OSCE certification also. I’m continuing with my personal plan to complete all Offsec certs and just got another beast! As always, I wanted to share my experience and personal studies for OSCE.
Status Before OSCE: I was capable of exploiting Basic Buffer overflows and had a solid understanding of Memory.
Status After OSCE: I learned many complex techniques and able to write my own exploits from scratch.
** I was trying to understand how to exploit a basic buffer overflow during OSCP prep and spend hours to exploit Minishare. After OSCE, I was able to write a script for Minishare in 4 minutes. I think this explains everything 😀
Before the Lab/Self Prep:
- I read as many blog posts & paths as I can for OSCE and created my own path as always.
Finished the SLAE course to refresh my understanding of Assembly. That course is outstanding.
- I read and wrote exploits from the exploit dev topics of Corelan and FuzzySecurity blogs. They are super cool. These blogs helped me a lot.
- I learned how to do fuzzing with different scripts (spike, boofuzz, custom scripts)
- I wrote many many many exploits on SEH, Egg hunting. You can check out my Github page to understand what I meant by many 🙂
- I read other people’s exploits on ExploitDB and blogposts. I realized that in time, I had my own style for writing exploits.
- I started working on AV Bypass. I was working on AV Bypass 3 times per week while writing exploits the other 4 days.
- I learned different techniques such as Socket Reuse, Custom Shellcode writing, Alphanumeric Shellcoding (killed me for days, now I can do it even in my dreams)
- I worked on my assembly knowledge specifically.
- Fell in love with Immunity Debugger 😀
I had a very demanding consultancy job at the same time so had a schedule for self-study as follows:
- Coming home from work: 19.00-19.30
- Self Study: 20.00- 24.00
- Self Study2: 04.00-07.00
- Go to work: 08.00
Human Time: ???!
Believe me, doing this for 4 consecutive months was pretty crazy. But is there anything more beautiful than hacking at night? 😀
– And the last but not the least, during my preparation, I wrote exploits for the following applications:
- BigAnt Server 2.52 SP5
- BlazeDVD 5 Professional
- Cesar FTP 0.9.9g
- Dup Scout Enterprise 10.0.18
- DVD X Player 5.5
- Easy CD DVD Copy v1.3.24
- Easy File Management Web Server 5.3 –
- Easy File Sharing FTP Server 3.5
- Easy File Sharing Web Server 7.2
- Easy RM to MP3 Converter 184.108.40.206
- FreeFloat FTP
- FreeFTP 1.0.8
- HP NNM 7.53
- Kolibri v2.0 HTTP Server
- LabF nfsAxe FTP Client 3.7
- Millenium MP3 Studio1.0
- MinaliC WebServer 2.0.0
- Minishare 1.4.1
- ProSysInfo TFTP Server TFTPDWIN 0.4.2
- Quick Zip v4.60.019
- R v3.4.4
- Ricoh DC Software DL-10 FTP Server
- Savant Web Server 3.1
- Serv-U 220.127.116.11
- Solar FTP Server 2.1.1
- Soritong MP3 Player 1.0
- Spipe (McAfee HTTP Server (NAISERV.exe))
- SysGauge Pro v4.6.12
- Vulnserver GMON
- Vulnserver HTER
- Vulnserver KSTET
- Vulnserver LTER
- Vulnserver TRUN
- Xitami Webserver 2.5
I shared most of them on my Github page already. Then I think I was ready for the lab 😀
Lab:– I already do web pentest with my freelance job all the time so the web section was not a problem for me. – After my pre-lab, I was already familiar with SEH, Egghunting, ASLR Bypass. I refreshed my knowledge in the lab- AV bypass was pretty straightforward. I did my pre-study very well apparently- I solved all sections in the lab 4 times during my lab time.
Exam:I’m sorry but I won’t write anything lovely in this section. The exam was brutal. You need to be really familiar with everything and have many practices. I checked my sanity a couple of times during the exam. I finished the exam on the second day.
Conclusion:After OSCE, I realized that I’ve born to do binary exploitation. I’m really into it now and I don’t think that I will ever be able to stop. Before jumping into OSWE, I created a roadmap for myself to continue on binary exploitation nonstop already. So thanks Offsec guys one more time to help me find my way with TryHarder philosophy. You guys are amazing!
Hope this helps people who prepare for OSCE and stay tuned for the next blogpost for OSWE 🙂 In the meantime, I’ll dive into reverse engineering world 😀
Automated fuzzing: (Spike)
Assembly and Shellcode basics:
Security Tube Linux Assembly Expert (32 bit) course