OSCE Review

Hi There,

Ever since passing the OSCP exam I was thinking of taking the CTP course However, it was not a priority at that time since I have to focus on web stuffs. But In the last few months I had a free time to do.

as usual to register the course you have to solve the challenge at http://www.fc4.me/ I was able to solve the first part easily however the second part was a reality check for me, since I did not read/write *value* for years and I don’t do reverse stuffs on daily basis.

I went a head and start preparing for the course following tulpa guide https://tulpa-security.com/2017/07/18/288/ which was excellent. at the same time I did practice VulnServer extensively, it’s really a good piece of code to practice and understand different scenarios.

after 2 months of preparing and practicing I felt ready and register for the course. the course contents is small but specific and expect the student to be familiar with the terms used in the course materials. I did finish reading the materials quickly and start solving the lab boxes. the course is outdated really however the concepts represented is fundamental and you can apply it to modern systems with a little different.

I booked for the exam after finishing the 1 month lab time. I can’t say a much about the exam except that you are expected to research during the exam and try different tricks to get the results. the 48 hours is enough to solve the exam if you manage the time properly and understand the exam objectives clearly.

In the end I did enjoy doing the course although I don’t do reverse engineering daily. but the course do fill a big space in understanding how certain and important types of attacks do happen.




eWPTX Review

Hello There,

In this post I will talk about my experience with eWPTX certificate.

I did register for this course since I was looking for advanced training in Web Hacking, eWPTX was the best option out there after reading the syllabus.

Registration went smoothly, there is no waiting queue like OSCP. pay and start the course instantly!

Materials:

The materials is very good and cover many topics in details. however I found it annoying that many slides contains a few line of sentences, This can be rearrange to be presented in better way. But I like the option to read the materials in many forms like PDF,HTML5 or Flash.

The materials covers XSS, CSRF, SQLi and XML attacks But what makes this course interesting is the use of evasion and obfuscation techniques to carry on a successful attacks. That’s why its important to study and focus in the first portion of the materials that talks about the different encoding used in the web.

Labs:

The lab was great! well maintained with many nice feature. the lab is isolated so each student has his own scenario to test and practice. Course topics is divided in separate labs with many small tasks to be tested. Also there is a solutions provided for each labs in case student need it.

Exam:

the student can start the exam at any time. I decided to start mine after 3 months of reading the materials and practicing in labs.

The exam is quite nice, You are tasked to do a black box approach for a small web app. There is no specific tasks assigned, You have to find as many vulnerabilities as you can in one week time frame.

It was a great/ frustrating experience 🙂 I kept coming to the web app every day and question everything until the last day. after that you have one week to write the report and submit it, I did write/review in 2 days.

After 3 weeks I received the pass email.

Fin:

The eWPTX is a great course, I did learn many new topics like 2nd Order SQLi and make the best of Tools like SQLMap.

However I think eLs should maintain the course, many typos exists since 2014 and some of the provided solutions for labs does not work and need to be checked.

But this will not effect the course and anyone interested in advanced web hacking will find this course great.

 

 

 

 

 

CISSP Review

Hello There,

In this post I will talk about my experience with CISSP Certificate. Why I study it and how I manage to get certified.

Intro:

After finishing OSCP certificate I start studying CISSP the next day, it was in my plan to study CISSP right after finishing OSCP. I felt that I need to read/study about information security from managerial level with bird’s-eye view. Many people look down on CISSP and think its useless, However I can assure you that the materials in CISSP is really good and can be beneficial for anyone want to know more about information security from managing position. 

Study Plan:

for studying the materials I focused on books only, I hate videos and though its unnecessary since the course is theoretical and no hands-on is required.

below is the list of books I used:

In total I spent 4 months reading and studying the materials, this is what I did during this period:

  • I was not in a hurry so I spent 2.5 months reading the official study guide, it’s a 1000 page and by that I was reading for 1-2 hours during the workdays and rest at weekends.
  • after finishing the official guide I start reading the 11th hour book and finish it in one week to recap what I did learn in the official guide.
  • next I start solving the practice test kits but only the questions focused on domains, there is 8 chapters having 100 questions associated with each domains.
  • after knowing my weak points I start reading CISSP Study guide by Eric conrad. it’s a fantastic guide ! I wish I started with it in the beginning, However I did read it fast since I was already done with the official guide. But Also I was taking notes for hard things since Mr.Conrad way of illustrating things is great.
  • back again to solve the rest of the practice test kits which is 2 full 250 questions exams to test my progress. still need to study and improve in some weak areas, and in this step I was solving each question and correct my answer at the same time.
  • before the exam I start skimming through the official guide, at the end of each chapters there is a good summary to read. Also I was skimming through the practice test kits questions specially the red flag ones.
  • before entering the exam room I did read for the last time my personal notes and skim through the 11th hour book to memorize the hard stuffs.

Exam:

I can’t say much about the exam ( NDA ) but the questions is not the same in practice test kits, it’s scenario based and need to think about the best answer that fits the mentioned case.

I did consume the whole 6 hours exam time as I did evaluate and double check every question, did not take any breaks.

Endorsement:

After passing the exam you need some CISSP fella to endorse your application, I do not know anyone so I did choose ISC2. Submitted my papers and exactly after 4 weeks I got the congratulations letter.

Fin:

I recommend CISSP for anyone interested in information security, I do agree that it’s not a technical training and with respectable experience in the field you do not need a certificate to approve you. But the materials do serve as a great refresh for anyone working in the field or someone want to start in managing position.

 

OSCP Review

Intro:

I have been developing Software for years, However had a great chance to switch my career path to be in security field recently and that’s why I started looking for trainings to gain more skills.
Security for a software developer is writing a good code, running scanners, setting firewall, etc.
but there is still a missing link, how can hackers break into servers, what tools and techniques they use?

Enter OffSec:

In my journey for finding the right trainings, I reached OffSec since I was using Kali Linux as a platform to use scanners.
I was skeptical at first but after reading different reviews I decided to enroll in PWK course since I am a big fan of Linux and I need a training with a hands-on experience to know how hacking happens.

Materials:

Fast forward after registration, I received the e-mail package and start reading…
Well I have to say, this is indeed a 101 course but the topics covered is broad and wide.
OffSec will takes you in a journey to all hacking topics, you will know the How and the Why for each concept in a self-learning way.
as Morpheus said: “I’m trying to free your mind, Neo. But I can only show you the door. You’re the one that has to walk through it.”
I did spend two months reading the materials without rushing to know all the topics and connect the dots before hitting the lab, In the same time I did solve the exercises and skipped the ones required more engaging to do it later on.

Lab:

After finishing materials reading and taking summer vacation for one month, I was ready to hit the lab.
I have to say the Lab is just fantastic! I was overwhelmed and running around like a lost sheep in the first few days, but after that I start enumerating the whole lab network and start hacking the low-hanging fruit boxes first.
I spent approximately 3.5 months hacking the lab machines and was able to hack fantastic boxes like PAIN, Sufferance and gh0st. But personally I like dotty.

Exam:

after hitting 32 boxes, I felt ready to take the exam to test my skills.
my first attempt went bad and failed, the exam is BRUTAL but was an eye-opener and knew my weakness.
I did take multiple exam attempts and with each attempt I was gaining more and more skills, it’s a tough process but the aftermath of it is HUGE and learned/tuned a lot of things.
If you want to take the exam then you have to be 100% ready for it. 80% or 90% will not be enough, you have to Try Harder and Harder.
On Saturday 25-3-2017 I passed the OSCP exam with a BIG smile, it went smoothly and I was able to finish the exam along with writing the report in the 24 hours time slot.

Recommendations:

  • you have to change your mindset, in this course you have to think like a hacker or a breaker because developers expect the code to work in a certain way but the hacker will try to twist the code to get in.
  • study and research, you have to read a lot of information and test it to understand what is happening and why.
  • its simple, sometimes it’s plain simple to hack in and you do not have to go deep in the rabbit hole.
  • set a game-plan, know you target very will and spend time reading the enumeration data to set a proper game plan before start hacking Otherwise you will waste your resources.
  • practice, download images from Vulnhub.com and practice. Also I do find the walk-throughs a great way to learn from other people experience.

Final Toughs:

I do encourage anyone seriously interested in Information Security or Hacking to enroll in PWK course, the learning curve is high and you will learn a lot of things in a short amount of time.
you have to dedicate effort/time for this course, otherwise you can’t learn or pass the exam.
the community and OffSec people are great and you will learn many new things, Definitely I will enroll in other courses and try to engage more in the community.

References:

the below links did help me much when I was studying the course

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

http://www.fuzzysecurity.com/tutorials/16.html

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow-vanilla-eip-overwrite-2/

http://www.blackhillsinfosec.com/?p=4645

https://highon.coffee/blog/lfi-cheat-sheet/

http://netsec.ws/?p=331

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/