Wednesday, September 26, 2012

Course Review - Cracking the Perimeter (CTP)

Before enroll for the course of Cracking the Perimeter, you need to solve a problem. This problem is to confirm you have some related skills before taking this course. This course is not designed for newbies.

If you do not have knowledge of penetration testing, I recommend you to take Penetration Testing with BackTrack.

The Course

Debugger for Windows are used mostly in the course for the purpose of Anti-virus bypass, backdooring and exploit writing. You should have some knowledge on x86 assembly language, Linux, Windows and web site scripting languages, such as PHP as well. You are also required to do a lot of researches on the topic of exploit writing. In addition, some more extra exercises to improve your skills are recommended. The course also cover web application attack.

One of the modules in the course I like most and hate most is HP Openview Network Node Manager NNM 7.5.0. In the beginning, I overlook this module and think that it is a very specific case. The solution will not apply to others exploit writing. Later, I find this module very interesting and I spend a lot of time to understand what is going on. Fortunately, I fully understand what it is finally.

Mati (the founder of Offensive Security) has a talk at DefCon 16 about this exploit writing where he states that he cannot solve this problem in the early beginning. Here you are :



You should enroll for the exam within 90 days after the lab access time expire. Otherwise, you need to pay for the exam.

The Challenge

The Challenge have 47 hours and 45 minutes for you to solve a series of problems. You need to submit the report within 24 hours after the challenge ends.

Finally, the exam was over and the report was submitted. Within 3 business days, I received an email telling me that I passed the challenge. I am now an Offensive Security Certified Expert (OSCE).

The Conclusion

In conclusion, this course will teach you about exploit writing and some skills of AV bypass and backdooring. You need to have some skills on Penetration Testing before taking this course. This course is an eye-opener, you can learn a lot of things during the course. Make sure you fully understand the course materials. Recommended!