OSWE and OSEP obtained. My story.

It’s been sometime since I updated this blog.

Last year in January I got a good job as a software engineer in a big company. This took away time that I was spending playing on HackTheBox while at same time reducing the need to continue practicing penetration testing and get ready for my much wanted career change.

Nevertheless, I kept pursuing Offensive Security certificates. Because they are fun, that’s it.

OSWE

The OSWE course is a great overview of the most common vulnerabilities in web applications. The material does a good job giving the reader a good view about what to look for during a code review.

The exam comprises two machines, with vulnerable web applications running. For both applications the source code is available.

I had to try this exam twice. The first time I had one application in JavaScript (Node) and one in C#. I managed to exploit the JavaScript application on the first day of the exam and started the same day with the C# application.

The C# application was gigantic, in fact, it was an actual application to which the Offensive Security team introduced some vulnerabilities. My C# was very poor, and the amount of code confused me to the point that I spent almost all the second day trying to exploit a CSRF vulnerability that I was able to trigger manually on the debugging machine, but couldn’t trigger on the target machine. I think now that was a huge rabbit hole.

I took a break before trying again. I planned to learn some C#, to be ready for the exam. But I quickly realized the real problem with OSWE: it’s hard to find anything to practice on. Taking any random source code online and start reviewing it didn’t sound really appealing to me, nor I could have been sure to do something actually useful. I needed real code review experience.

Luckily for me, the best practice I could have was my job. I had to do plenty of bug fixes, feature requests on an already big project, I had to learn to follow code in a huge code base without getting confused. For extra luck, in the meanwhile Offensive Security released a course update with three extra lab machine without any walk-through, and this was an excellent playground to practice.

The second exam was one PHP web application and a Java one. None of the two was big. It was way easier than the first time.

Practice your code review. If at work you have web applications, this is the right moment to try to fix some bugs.

OSEP

Nothing much to say regarding OSEP.

The course is amazing. It’s probably one of the most interesting products I have seen so far from Offensive Security. There’s a lot of programming, and there’s something magic in seeing your own backdoors performing amazing against the most modern antiviruses. Everything is explained in details and the course material is almost everything you need to pass the exam.

Make sure to have everything ready. Prepare your backdoors in advance, prepare your exploits in advance, your bypass techniques, make sure to have readily available all enumeration scripts you need, prepare in advance scripts to automate the operation you do more often. Most of this will come as an effect of the extra miles and the labs, which include a few small network to compromise without any walktrough available.

Do all your homework and this will be an extremely easy exam.