certs/education

Offensive Security CTP/OSCE Tips

ospbb

Not a Review…

Firstly, this is not a full review of Offensive Security’s Cracking The Perimeter course and the Offensive Security Certified Expert exam/challenge. If that’s what you’re looking for, go nuts with the following list of reviews:

OSCE Review
OSCE and me
My OSCE Review
Offensive Security’s CTP and OSCE – My Experience
CTP/OSCE: Lessons Learned
0x5 Course Review: Cracking The Perimeter (OSCE)
Cracking the Perimeter (CTP) and OSCE review
OSCE Review and Experience
Cracking the Perimeter (CTP) + Offensive Security Certified Expert (OSCE)
Offensive Security CTP Course and OSCE Certification Review
OSCE – Cracking the Perimeter Experience
My Cracking the Perimeter (CTP) Offensive Security Certified Expert (OSCE) Experience
Thoughts on Offensive Security’s Cracking the Perimeter course
The Offensive Security Certified Expert (OSCE)
My CTP/OSCE Story
Another Milestone: Offensive Security Certified Expert
Offensive Security Certified Expert
Passed OSCE “Cracking the Perimeter”
Reflections and a brief review of OSCE

…and there are plenty more out there.

I just wanted to share details on a tool that I used during the course and exam that helped me stay organised and assisted with my mobility requirements. Lots of people already use this product regularly, but for those who don’t or haven’t been exposed to it before – it’s worth considering using it (or something like it) in situations like these.

Bitbucket is basically a web repository that uses git revision control. Unlike the popular alternative Github, it’s totally free to have a private repository configured, which is perfect for storing your OSCE gear. Using Bitbucket for CTP/OSCE presented the following benefits (plus more):

Mobile code base that is accessible anyway, as long as you have an internet connection;
Private repository;
– Federated login with Google, so no new set of creds to remember;
Wiki function to catalog all course notes and code snippets; and
Revision control to help guard against mistakes

Wiki

The Wiki was incredibly useful for storing notes and screenshots as I worked through the course modules:

1
My Wiki was broken out into four sections:

Modules: One page for each course module
Code: Snippets of code/scripts developed during the course
Docs: Links to external resources on specific topics
Software: Links to software packages stored in my Bitbucket OSCE repository
Practice Apps: Notes and content for various practice applications/services related to topics covered

Repository

On my Kali box, I created the following structure under the master directory ‘OSCE’:

One directory per course module
One hidden “.connection” directory containing the lab VPN configuration
One “course” directory
One “software” directory
One “scripts” directory
One “tools” directory

The above structure should seem pretty straight forward. The software/scripts/tools directory were basically where all the core items that I created/collected during the course (peppered throughout the nine course module directories) were copied for quick reference during the exam.

After any changes or at the end of a grueling module session, it was as simple as:

sw1tch@shad0w:~/OSCE$ git add −−all
sw1tch@shad0w:~/OSCE$ git commit −m “Finally finished NNM!”
[master da2aaa8] DONE!
 8 files changed, 212 insertions(+), 2 deletions(-)
 create mode 100755 M0x08/scripts/1_exploit.py
 create mode 100755 M0x08/scripts/charfinder.py
 create mode 100755 M0x08/scripts/chivers.sh
sw1tch@shad0w:~/OSCE$ git push
Counting objects: 22, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 3.73 KiB | 0 bytes/s, done.
Total 22 (delta 7), reused 0 (delta 0)
To bitbucket.org:user_name/osce.git
   f4ddd92..6c11b76  master -> master
sw1tch@shad0w:~/OSCE$

This meant that when I went to work or on a trip with my laptop and had few hours spare to continue study, I could just throw out a git pull request on a fresh Kali VM are within a few moments, I’d be right where I left of last time. I’d do my study, push any new content or changes made back to the repo and then pull an update when I returned home so I could continue where I left off.

Having two main VMs and one backup on a laptop, this seemed like the easiest way to take advantage of any spare hour I might get during the week (regardless of where I was) without having to copy/carry a usb device with the latest version of my scripts, notes and other material with me all the time.

It also meant I didn’t have to dedicate a specific system to the CTP journey – as long as the machine had virtualisation software, I was pretty much all set.

There’s no reason this wouldn’t also be suitable for those studying for their OSCP (or indeed any similar situation). Your mileage may vary.

Head over to Bitbucket if you’re keen to check it out.

sw1tch

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *