I had to recover my data somehow! This is a VM right? So that means I have a snapshot somewhere, right? Wrong! I never backed up the data on my exam VM… lovely. Fortunately for me I was able to boot the VM into recovery mode and figured out that the error occurred in Xorgs. Thankfully that was easily fixed and I was able to log back into my system after an hour. Phew, crisis averted.
Maybe this a good time to remind you to back up your data or take snapshots of your VM’s!
With the data crisis averted, I got back to work trying hard to optimize my shellcode. I made some good progress, some CTP magic here, some googling here and I was really close! But yet again I was at a roadblock, I was missing something critical. What could it be? I started to lose hope after a few hours and even considered giving up - but I told myself that I will “Try Harder” and continued to push forward.
I was so close to passing that I could taste it! I only needed to tweak my shellcode a little and I would get my exploit to work, but I couldn’t put my finger on what optimization I needed. At this point I decided to take a step back and walked to the kitchen to make some food and tea. As I sat in the kitchen my dad came and asked me how the exam was going, to which I responded with my current status. After listening to me he told me that I was probably over thinking it, and to relax, explaining that I will figure it out.
Overthinking? Impossible! I was thinking laterally… that’s what OffSec wanted, right? Okay, I was in the same situation during my OSCP exam, so I returned back to my computer and decided to start from the basics. After some step by step debugging I noticed something simple that I previously overlooked. At first I didn’t think much of it until I started to think about how I can use this in my shellcode. After some thinking and fiddling around, I made a small adjustment to my shellcode, held my breath, and kicked it off against the server.
Boom… shell! I jumped out of my chair and screamed! I got it, it worked! This shell bestowed me with an additional 30 points, brining me up to 75 points - enough to pass! I was so hyped but also disappointed with myself that I missed such a simple piece of information. Still I did it, I passed!
With 75 points under my belt I decided to call it quits. I was tired and had a very busy weekend ahead of me, so I decided to finish up my report. I went back to gather all my screenshots, validate the exam requirements, and by 9PM I sent the report to OffSec which was about 98 pages long.
I received a response 5 days later from Offensive Security saying that I passed. It was finally over, I did it, I was an OSCE!
I’m honestly at a loss for words. This exam was very challenging and taught me a lot of new skills and techniques that I actually utilize day to day on my red team engagements. Sure, this course is more exploit development focused but it still teaches critical thinking and technical skills that can be utilized at your day to day job. I sincerely want to thank OffSec for this amazing experience and opportunity!
I know that many of you who will be reading this post will ask for tips/recommendations on either preparing to take the OSCE or on how/what to do during the exam. Well not to worry - in this section I will break down and include a lot of the materials I used to prepare for the OSCE as well as some tips/tricks to use for the exam.
In the CTP course, OffSec states that you need to understand the following fundamentals to take the course:
Cracking the Perimeter is an advanced course and requires prior knowledge of Windows exploitation techniques. You should be comfortable in OllyDbg and understand concepts such as shellcode encoding, use of the Metasploit Framework, and Linux at large.
Honestly speaking, this is very broad and there are quite a few more skills that you need to have to pass this course. I suggest taking a look at the full syallbus to get a better idea of what you need to know.
These skills are actually tested when you register for the CTP course. You will be provided a link to a web application and will need to pass a two stage registration challenge to even complete the registration. If for any reason you are having trouble completing the challenge, then you need to take a step back and go learn some more basics because if you can’t pass the registration challenge then you are not ready to attempt the course, nonetheless the OSCE exam.
If you are somewhat unfamiliar with x86 assembly, shellcoding, web application vulnerabilities, and basic exploitation, then here are some links to help you learn that required material:
I highly suggest that you complete all of the material above before attempting to register for the CTP/OSCE, trust me - you will thank me later if you do!
Now that you have a fundamental understanding of the basics, you need to practice… a lot! If you follow the material above, then you should be able to pass the registration challenge and start the CTP course. After the course, I suggest you take the time to read and study additional material before attempting the OSCE exam.
The following materials below will help you practice and expand your skills.
This might seem like a ton of material at first, but do know that these topics will overlap and you will have a better understanding of each after the course. Don’t expect to know or learn this in one week! It will take you at least 2-3 months after your OSCP to be in a good position to go after your OSCE.
As with everything, there are always certain things that you should know and be doing during the OSCE Exam, these following tips should help you stay on focus and to stray away from rabbit holes.