Sunday, March 25, 2012

Passed OSCE "Cracking the Perimeter"

First, I want to start by saying that I enjoyed the OffSec "Cracking the Perimeter" course and exam a lot. It was difficult, frustrating, time consuming, sleep depriving, exciting and very, very informative. It is a little different from the OffSec "Pentesting with Backtrack" (PwB). Ok, well, it is very different.  There are specific hacks that are to be learned and performed in the OSCE course. You learn about a variety of buffer overflow and web application exploits. You will also learn about 0day hunting thru the use of fuzzing and how it leads to computer, and later, network compromise. I found that the OSCE is shorter than the OSCP course. I think anyone trying to take the CTP course should do 60 days. That should be enough time to get all the concepts down and to practice in the OffSec lab environment.  The OSCP course was a lot longer as far as time for me. But with both courses, it was worth the time and effort. If you take a look at the course outline, you will see that you have 9 very tough modules.  All I can say is take your time. This course is all about the concepts. Make sure that you understand them, and you will do fine on the exam. Of course, practice, practice, practice.

Ok, you have looked at the syllabus and you are very excited. Ok, but first you have to take the prerequisite.  I know, lol.  This course is tough so what better way to find out if you are ready, then to take a pre-exam.  You start at You need to find the "code" and final key.  Now, I took this prereq right after I passed the OSCP just to see if I could do it. I was able to do it in a day and a half. That was in April of last year. I took a break to relax and to save money for the OSCE.  I took the prereq again in November-December. This time, there was a new wrinkle. I do not want to give it away but be prepared to do some research and think. Once you get past that, and sign up, you will get the OffSec PDF(s) and the OffSec videos. I did the pdfs first and then the videos. Then, I went into the lab to practice.  That has always worked for me during the OffSec courses.  Why change now I guess. 

I'm just going to say that the 8th module, is by far, the hardest. I spent maybe two weeks just on that one module. It was worth it however, to understand manually encoding shellcode with bitwise operations. By the end of the course, you will be amazed by how much you have learned. From fuzzing, to exploit development to exploit writing.  You can manually encode executables to bypass an antivirus and can get a shell from misconfigured web applications. The course came to an end with me learning more about scapy for packet creation and manipulation. 

I took the exam after three weeks of the course ending. In that time, I studied from a number of resources besides the coursework. I would suggest to anyone about to take the exam, to practice from the site. Practice using egghunters and OllyDBG/Immunity. Then, read:

Those three weeks really help me understand each module.  It helps that I had VMware Workstation on my laptop so I could practice no matter where I was. Barnes and Noble, library, dinner, etc. The family understood. :) I also loaded the laptop with 16 GB of memory just so I could use multiple VM's going.  It helped me.  Anyway, the exam email came and it was time.  I was able to get most of the exam done in the first day. I had one problem that held me up. It took me literally 21 hours to finally figure it out for the most part.  Of course, that meant I had 3 hours left to really exploit it. You have to love it. After the clock ran out, I decided to give myself a two hour break before the write up.  The write up took longer than I thought but it was on time. :) I did not have to wait the full 3 days which was cool. You are always nervous until you get that email telling you how you did. After about a day, I got the email saying I passed!

I got congrats from the fam and all of my co-workers. I had a lot of support since they knew I worked really hard on the course. You get what you put in from the offsec courses so when you get that pass email, it makes it so much sweeter.  Of course, I have the SANS560 course a week later but that is another post. For now, the OSCE is done and loved every minute of it.


  1. Replies
    1. Hello Rooney, most of the info I have is on the blog or on the links I provided. Did you sign up to the OffSec courses yet? Their material is is where I learned most of knowledge I have along with Corelan.

  2. This comment has been removed by the author.

  3. Hi agoonie, what where your previous studies before taking CTP? you said you own the OSCP, did you studied computer engineering or something before?

  4. Hey Pau. Before CTP, I took OSCP course by the OffSec guys. Before I took the OSCP, I took Security+, CISSP and CEHv6. However, I don't think those certifications helped much with the OSCP. For the OSCP, I studied by reading/watching Corelan, irongeek,, blogs, twitter,, etc. Then, I used virtual machines and backtrack/Kali to apply what I learned. If you are "on the fence" about taking the OSCP, I always say just do it. They are great teachers and with hard work, you will learn the material and pass the exam.

  5. You know your projects stand out of the herd. There is something special about them. It seems to me all of them are really brilliant! Coursework help