Offensive Security Certified Expert ( OSCE ) certification review

Hi All, Its been really a long gap since i posted last content on my blog . As i had been busy with one of the certification courses that i dreamed a long time back to achieve . Now since the mission is accomplished ( finally!! ), i thought of writing a small review post that may help the future aspirants to know bits and pieces  during / before they start their journey. Lets begin!

I shall keep this post short and precise to the point in the form of FAQ’s .

Course link :


Should i need to know assembly and shellcoding ?

Certainly Yes! I started my preparation with SLAE x86 course from pentesteracademy . It was a major booster for me during the course as i was able to grasp the content very easily.

SLAE x86 course :

Pro tip : complete all assignments on your own! even if you do not want to submit for certification.

(do check out SLAE x86 assignment blog posts on this blog for reference )

Should i need to know coding/programming?

    1. You should have some coding/scripting skill  in any of your preferred language  . I am not sure i would have completed this course without my development skills. Its not mandatory , but if you can grasp/analyse the flow and can read the code and understand , it will take you a long way . It also helps you automate part of few tedious process to make your job easier.

Should i need to know basics of exploit development ?

You should know how to exploit a basic vanilla buffer overflow at bare minimum .

Even though the course teaches you all you need to know , doing homework and preparing enough will help you to grasp the content very easily . These two resource links is all you need to prepare well ( weighed in gold! ).

Fuzzy security windows exploit dev tutorials ( read till ROP / till part 7 ) :

Corelan exploit development tutorials :

Check out here 

I hear people talk a lot about what fuzzer to use etc, what are they and what i need to know?

Fuzzers are just automated modules that can help you in finding the buffer overflow vulnerability in different application . it sends lots of different input(and/or different length ) to the application and helps you analyse the output to find if the application is vulnerable to BoF or not.

CTP Course teaches you in detail how to setup and use them. These are the popular fuzzers that  you may need to know that can help you in the course . use what seems comfortable to you.

  1. Spike

  2.  Boofuzz

What articles can i refer for backdooring / AV bypass courseware syllabus part?

Art of Anti Detection 2 PE backdoor manufacturing

few other important links that might help preparing for the course or for improvising skill?

craving shellcode using restrictive characterset

After completing the course where can i practice ?

Practice all different exploitation techniques by recreating random BoF exploits from exploit-DB .

Practice by setting up vulnserver in your local environment and by exploiting all the commands .

here you can find few different  exploits i developed during my course ware/preparation . ( need to update few more to the repo ,will do it soon!).

Key here is to learn to exploit an application in multiple ways.

How was the CTP courseware ?

Even though everybody complains that the course materials are bit dated, i found it to be valuable and it increased my knowledge tenfolds . It forces the student to explore more than giving it out easily ( offsec Style! )

I wouldnt be going into the details , just knowing the syllabus alone gives the reader an idea what is taught in the course. Unlike OSCP labs , labs in OSCE is totally different.  Each student is allocated a dedicated set of machines that can be leveraged in completing tasks taught in the course. Do all the exercises at least thrice until you are confident enough with the concepts. Course also includes a bit of web application vectors (XSS/LFI) and network attacks as well.

How was the exam?

Brutal! a complete 48 hour marathon !  I completed two high pointer tasks quite early in my first day of the exam and was stuck on a low pointer which showed me nightmare and threw me into total disbelief about my approach. I had enough points to pass at around 29th hour into the exam.

It was followed by a exhaustive report ( nearly 100 pages !! ) and finally after 4 days offsec confirmed that i have cleared the certification exam!

Your final thoughts?

This course was fun and challenging . This has paved a new way for my curious  mind.  Even though using the techniques taught in the course, you cannot exploit modern systems or cannot evade all modern antivirus systems , it teaches you strong foundation which can be used to build/enhance/grasp further skills and advanced topics .

Thats it for now! Shubha dina 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *