Offensive Security Certified Expert ( OSCE ) certification review

Hi All, Its been really a long gap since i posted last content on my blog . As i had been busy with one of the certification courses that i dreamed a long time back to achieve . Now since the mission is accomplished ( finally!! ), i thought of writing a small review post that may help the future aspirants to know bits and pieces  during / before they start their journey. Lets begin!

I shall keep this post short and precise to the point in the form of FAQ’s .

Course link :


Should i need to know assembly and shellcoding ?

Certainly Yes! I started my preparation with SLAE x86 course from pentesteracademy . It was a major booster for me during the course as i was able to grasp the content very easily.

SLAE x86 course :

Pro tip : complete all assignments on your own! even if you do not want to submit for certification.

(do check out SLAE x86 assignment blog posts on this blog for reference )

Should i need to know coding/programming?

    1. You should have some coding/scripting skill  in any of your preferred language  . I am not sure i would have completed this course without my development skills. Its not mandatory , but if you can grasp/analyse the flow and can read the code and understand , it will take you a long way . It also helps you automate part of few tedious process to make your job easier.

Should i need to know basics of exploit development ?

You should know how to exploit a basic vanilla buffer overflow at bare minimum .

Even though the course teaches you all you need to know , doing homework and preparing enough will help you to grasp the content very easily . These two resource links is all you need to prepare well ( weighed in gold! ).

Fuzzy security windows exploit dev tutorials ( read till ROP / till part 7 ) :

Corelan exploit development tutorials :

Check out here 

I hear people talk a lot about what fuzzer to use etc, what are they and what i need to know?

Fuzzers are just automated modules that can help you in finding the buffer overflow vulnerability in different application . it sends lots of different input(and/or different length ) to the application and helps you analyse the output to find if the application is vulnerable to BoF or not.

CTP Course teaches you in detail how to setup and use them. These are the popular fuzzers that  you may need to know that can help you in the course . use what seems comfortable to you.

  1. Spike

  2.  Boofuzz

What articles can i refer for backdooring / AV bypass courseware syllabus part?

Art of Anti Detection 2 PE backdoor manufacturing

few other important links that might help preparing for the course or for improvising skill?

craving shellcode using restrictive characterset

After completing the course where can i practice ?

Practice all different exploitation techniques by recreating random BoF exploits from exploit-DB .

Practice by setting up vulnserver in your local environment and by exploiting all the commands .

here you can find few different  exploits i developed during my course ware/preparation . ( need to update few more to the repo ,will do it soon!).

Key here is to learn to exploit an application in multiple ways.

How was the CTP courseware ?

Even though everybody complains that the course materials are bit dated, i found it to be valuable and it increased my knowledge tenfolds . It forces the student to explore more than giving it out easily ( offsec Style! )

I wouldnt be going into the details , just knowing the syllabus alone gives the reader an idea what is taught in the course. Unlike OSCP labs , labs in OSCE is totally different.  Each student is allocated a dedicated set of machines that can be leveraged in completing tasks taught in the course. Do all the exercises at least thrice until you are confident enough with the concepts. Course also includes a bit of web application vectors (XSS/LFI) and network attacks as well.

How was the exam?

Brutal! a complete 48 hour marathon !  I completed two high pointer tasks quite early in my first day of the exam and was stuck on a low pointer which showed me nightmare and threw me into total disbelief about my approach. I had enough points to pass at around 29th hour into the exam.

It was followed by a exhaustive report ( nearly 100 pages !! ) and finally after 4 days offsec confirmed that i have cleared the certification exam!

Your final thoughts?

This course was fun and challenging . This has paved a new way for my curious  mind.  Even though using the techniques taught in the course, you cannot exploit modern systems or cannot evade all modern antivirus systems , it teaches you strong foundation which can be used to build/enhance/grasp further skills and advanced topics .

Thats it for now! Shubha dina 🙂

OSCP Certification Review(Offensive Security Certified Professional)

Hi All! I just wanted to share my experience on my journey throughout OSCP.

what is OSCP?

OSCP is Offensive Security Certified Expert certification provided by Offensive security team. This certification can be achieved by taking mandatory PWK course provided by offsec and passing  24 hour fully hands on practical exam.



Why are you doing it ?!  when there are many reviews available already!??

I come from “different background” than most of the reviews i have seen. Just to add to long list of reviews available already 🙂

Lets get to the main part straight!

When Did you start and your previous job experience?

I Started my OSCP journey , in the month of june . I signed up for 60 days of lab time. I had nearly 1.5  years of  previous experience working on application automation and DevOps projects. I was always interested in the penetration testing field and voluntarily took up security testing of the projects i was working on along with my day to day job. I moved  to new team as full time web application pentester  exactly when my course started .

How did you do in your course and labs?

Coming to the course materials, we will get a pdf material and videos which helps us to gain different set of skills  and techniques, which can then be used on labs to pawn different machines which are separated by segments of four departments. we must pawn machines to get access to different networks and finally compromise all the machines in all four network.

My suggestion is to start working on  lab in parallel  with course pdf and videos. And make the most out of your lab.

there are extra points(5) given for documentation of exercises and lab machines, i never bothered to do it . but its really good thing to document as it helps us in our final reporting.

I was able to pawn around 35+ machines in my first month ,including all big four ( Pain, Sufference , Humble and Ghost) and get access to additional two networks…

When my lab time ended , i relied on solving machines on hackthebox particularly windows ones ( as it was my weakest point!) .

how did you do in your exam?

we need at least 70 out of 100 points to pass the exam. you will be given 24 hrs of time to crack the machines in the exam network. And additional 24 hrs to report your findings .

I gained the required points within first 12 hrs of my exam. Key thing is to enumerate the system properly without jumping directly after partial enumeration. Post exam, i used Official template given by offsec for my reporting.

I received the mail after a day , that i passed.

Some important supplements to the course materials?

Is Programming essential?

No . but basic knowledge on any scripting language  such as bash and python will surely help.

if you are just planning to take one, do not wait! just  enroll! its a wonderful experience altogether . Just make sure to do lot of self research on the topics when you are stuck in the labs.

Your final thoughts?

This is one of the best learning curve i ever had until now! because , this course forced me to learn many concepts otherwise i wouldnt touch or read. I was always a linux guy, it force me to learn windows environment and thanks to offsec, its really good to step out of our comfortzone! I thank offensive security team  for providing such awesome experience .