OSCE Course & Exam Review

This time I’d like to share my experience during Offensive Security’s CTP (Cracking the Perimeter) course and ultimately the following 48 hours practical exam which leads to the Offensive Security Certified Expert (OSCE) certification upon passing.

Offensive Security starts to challenge their prospective students from early on. Before you’re even allowed to sign up for the course, you’ll need to obtain a registration code from the http://fc4.me/ website. At this point they put you under test to see whether you have the basics and patience to master the CTP course materials.

Once you registered for the course, you’ll receive the training material and VPN access to the lab. The course material consists of 9 modules in broad information security topics such as: Cross Site Scripting (XSS), web application directory traversal, PE file backdooring, exploit analysis, ASLR mitigation, egghunters, fuzzing, shellcode encoding, networking etc.

The CTP course goes more into the technical details of exploit development whereas the PWK (Penetration Testing with Kali Linux) course focuses more on practically applying penetration testing techniques. In my opinion the PWK course is not necessarily a prerequisite to CTP, but it certainly helps if one is not a long time experienced penetration tester.

Once the course material has been applied and understood, the moment of truth comes to register for the exam.

As already mentioned the exam takes almost 48 hours! So be ready to set up an approximate timetable. I cannot stress enough the importance of having enough rest and sleep during this time. Most of the work happens in the head and not in front of the computer.

I had to master 4 exercises during the exam. Two exercises being awarded with 30 points each while the other two being awarded with 15 points each. 75 out of 90 points are required to pass the exam.

The exercises put me at test to show my proficiency in the taught principles (and beyond). It’s important to note, that only following the course without deeper exploring and digging into the broader picture of the process, will probably make passing the exam very difficult, if not impossible.

It turned out that the exercise I started with was the most time consuming one (from my perspective). Without completing it fully and after some frustrating hours of running in circles, I decided to switch over to the other three exercises. Where the two smaller ones turned out to be feasible in manageable time. Returning to the two more extensive exercises, I was able to get the objectives from the other one at around midnight the second night. Leaving me again with the first exercise I originally started with. Trying different approaches, going through novel (to me) approaches, didn’t lead me anywhere. Sleep deprived I watched the clock slowly nearing the deadline.

Getting some hours of rest after the exam, only to assemble and send in the final exam report.

The day after, I received the message from Offensive Security that they were sorry and I had to try harder. Well c’est la vie, being able to more or less assess my weak points, I worked towards improving these spots and re-scheduled the exam.

The second time it worked out and I passed the OSCE exam 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s