After failing my first attempt at the OSCE I took stock on what I would need to do to ensure I passed the second time.
After a period of introspection I came to the conclusion that among other things my assembly skills were weak and needed to substantially improve. While through my journey to my first exam attempt I felt confident on my ability to jump and otherwise obtain control of EIP ultimately but advanced usage of assembly lay outside of my ability. Some additional research took me to several blogs that all referenced the www.penteracademy.com and their 32bit Security Linux Assembly Expert certification.
Their seemed to be consensus that this was a good bridge from OSCP to OSCE providing the fundamentals of working with assembly beyond jumps that would be needed for success in passing the CTP exam.
After giving myself a week off I decided to enroll in the course. At $150 it was very affordable. An online format the course I found to be refreshing from the (sometimes obnoxious) Offsec perspective of not spoon feeding you necessary details. Having taught IT courses in the past I will say that ensuring students understand the fundamentals are a necessity before pushing them with a “try harder” entailment.
The course takes you through the basics of assembly through advanced concepts. Beginning with writing a Hello World application ….not an inconsequential task within assembly….through working with the stack, performing system calls, working with memory and basic crypto the course is a very good take on working with assembly from a security researchers perspective.
The course culminates in the an exam. Unlike most other security certifications this exam was a collection of 7 projects that you needed to document within a public blog and github page. The assignments were as varied as creating a bind shell, reverse shell, a custom egghunter, and examining 3rd party shell code.
I had my own karate kid wax on/wax off moment as I was reverse engineering someone else shell code. …All of a sudden the fundamentals turned into the ability to make magic. I found the assignments challenging and rewarding as it forced you to learn how those things you use in the OSCP and OSCE are created by building your own. Ultimately I have very few complaints about this course and would recommend it to anyone preparing for the OSCE.
Having just received my official “congratulations” email I will be heading back to genral OSCE prep. I am now confident that my next exam attempt will be my last!