thesp0nge
thesp0nge OSCP guy. I break code and rebuild it with security in mind, taekwon-do, husband, dad. Chaotic good drow ranger. I blog @codiceinsicuro and @the_armoredcode.

A Cracking the Perimeter journey: 0 - the beginning

A Cracking the Perimeter journey: 0 - the beginning

In 2018 I refreshed my offensive security skills, attending the “Penetration test with Kali” course with the OSCP certification.

A couple of days right before Christmas, I started another journey, the Cracking the perimeter course that it will lead me to get OSCE certification later in 2019.

This is the first of a post series, talking about this trip into buffer overflows, avoiding anti-virus and taking my offensive skills to the next level.

It was December, 23rd and I just received the course material. The book is a 146 page PDF file with a RAR archive full of videos.

The course syllabus, as stated in Offensive Security website, is very detailed:

  • Introduction
  • The Web Application Angle
  • Cross Site Scripting Attacks – Scenario #1
  • Real World Scenario
  • Directory traversal – Scenario #2
  • Real World Scenario
  • The Backdoor angle
  • Backdooring PE files under Windows Vista
  • Advanced Exploitation Techniques
  • MS07-017 – Dealing with Vista
  • Cracking the Egghunter
  • The 0Day angle
  • Windows TFTP Server – Case study #1
  • HP Openview NNM – Case study #2
  • The Networking Angle – Attacking the Infrastructure
  • Bypassing Cisco Access Lists using Spoofed SNMP Requests
  • GRE Route-Map Kung Fu
  • Sniffing Remote Traffic via GRE tunnel
  • Compromised Router Config

This time I learned from my past experience and I started writing the laboratory report as I go further on my lessons. I’m on the cross-site scripting section right now and I can say it’s pretty basic. Exercise completed and documented in the report with tons of screenshots.

Please note that the laboratory report is not mandatory, as from the Pentest with Kali Linux course, but I’d intended to send it anyway just for sake of completeness.

I’m reading a lot of exams stories and the 48 hours challenge is scaring me a lot. I hope I’ll be more confident in the upcoming months.

comments powered by Disqus