Hi! Just had no time to post something here, but now I have a good news - I finished my OSCE exam recently and finally got my OSCE certificate!
It was a huge project, I spent about half of year learning and gathering all related information.
Now I decided to write this blog post where I list all my thoughts about OSCE Course and Exam.
This is not comprehensive list of tips&tricks, but I believe that it still can make you more self-confident before OSCE exam.
Pass the OSCE registration challenge first. It perfectly shows you what is OSCE. During this challenge I made my own tool that was useful during several course topics and I think that it is a good idea to use this challenge as yet another educational opportunity.
Finish the SLAE course. It is really hard to take OSCE exam without initial knowledge of basic assembly and shellcoding, and SLAE background helped me a lot during this course. Of course, you may say that OSCE is about Windows, and SLAE is completely about Linux, but concepts like egghunting are the same and you need to understand them well to successfuly pass OSCE Exam.
Take a look for Corelan Team or SecuritySift Exploit development tutorials. They are both about Windows and can give you strong background in this area. Comparing with these resources, OSCE is much narrow and pays much attention for details, so, you can use them to get general knowledge.
Carefully read the CTP Course Syllabus. This is very important to understand all topics and their value for you. In two words - prepare your battle ground. Have some fun with PE backdooring and fuzzing to make you feel comfortable with these topics. There are enough articles in the Internet for all parts of OSCE course, just google it.
- Know your tools. Try to create list of software that you will use during the course and exam. During the CTP course you will have a set of preinstalled software on your lab machines, but you can bring your own tools too. I had only two pre requirements for my own set of tools - the tool must be still supported by developer and I like to use it. For example, I used:
- CFF Explorer as PE Editor
- Python as main scripting language
- Boofuzz as fuzzer
- Immunity Debugger as - surprize! - debugger
Make all Exercises from the course pdf. Most painful advice in this list :D I thought that I am good enough in web application hacking, so, I decided to skip this part. It was a huuuge mistake that cost me a couple hours during the Exam. Each CTP couse part has its own target and meaning. Try to understand it. And always ask yourself - “How can I use that? How can I use that in different cases?”.
Dig deeper. If you think that you know enough about some CTP topic, the Exam will show you that you are wrong. What is the difference between various Windows egghunters? Why do you have to align stack during PE backdooring? Where else you can place your payload to execute it with LFI? Each wrong answer will cost you time and may lead to failed Exam. There are only one way to get all these things - thing out of the box and dig deeper.
- Check Offsec forum. There are really a lot of useful info from different people who try to become better in related area. Also, after Exam, I found here one really crazy solution for most the challenging task. I can’t disclose it completely, but its author used some kind of stager for exploiting service to run other vulnerable software and exploit it in order to bypass some limitations. I don’t know, did he pass his Exam, but this solution is a great explanation of human creativity and problem solving.
Keep calm and Try Harder. There are two days to make all tasks, this is more than enough. OSCE Exam is not so stressful like OSCP, so you can focus on technical details.
Know your strength. You can solve Exam tasks in different order, but I recommend you to make easiest tasks first. Of course this “easiest” meaning strongly depends on your knowledge and experience. Know your enemy, and know yourself.
Don’t act like a machine. All of OSCE Exam tasks require a bit of creativity to solve them. Well, I think that you are supposed to be creativity god to pass this Exam. One of the most hard tasks made me crack my brains during the Exam. But when I found possible solution, I realized how elegant and beautiful it was.
Keep learning. Like OSCP, OSCE Exam is a part of your education process where you are supposed to learn new things. I have no knowledge of Windows shellcoding before Exam, but I have managed to write some assembly code with WinAPI calls to solve some challenge.
Enjoy. This is important to enjoy each task you do. It will keep your morale high and help you to successfuly pass the Exam.
That’s all. If you have some questions about OSCP/OSCE, feel free to contact me.