Posts Tagged ‘Offensive Security’

1 Comment

Offensive Security Certifications


2011
10.12

Tags: ,
Posted in Offensive Security information | 1 Comment »


Offensive Security Certifications : OSCP, OSCE, OSWP

The course offensive security was developed in order to provide interested parties the opportunity to know in depth the methods and techniques used by hackerstoday, like keyloggers, trojans, exploits and more., Also opening discussions tounderstand what the most feasible measures to maintain the security of a network or asystem.

The course has the best infrastructure for online classes, so that participants can followthe entire contents over the internet.

The course requires only a prerequisite, you’re an Internet user. In it we introduce and study various tools through online lessons, videos and a complete booklet that will guide you throughout the course.You will do two tests during the course, the first serve for self-evaluation, trying to understand what should be studied to further improve their knowledge. The second is to complete the course, which will deliver your certificate.

Offensive Security holds its students to a higher standard than any other information security certifications today. It forces the students to show they truly learned the concepts, the skills and the knowledge and didn’t just memorize some answer to a few multiple choice questions. Below are details on each of certifications offered by Offensive Security.

OSCP

The OSCP, or Offensive Security Certified Professional, is one of the world’s first completely hands on information security certifications. The OSCP challenges the students to prove they have a clear understanding the concepts of the Pentesting With BackTrack material, as well as a depth of knowledge in penetration testing.

A lab that the student never has seen before is set up with only a limited amount of machines. Each machine is awarded points if a successful hack is performed. Offensive Security Certifications The student must demonstrate their depth of understanding by submitting both the steps they took to penetrate the box as well as the proof.txt file. If both of these are submitted the students receives points for that particular box. If they achieve the points they need they can stop and pass or continue on to try and penetrate the whole network.

The OSCP is a twenty four hour exam, where a straight 24-hour period is given to that student to attempt this certification. It is a very difficult and challenging exam that will truly test the limits of the student.Offensive Security Certifications If a passing score is achieved the student is awarded a coveted OSCP certification.

OSCE

The OSCE, or Offensive Security Certified Expert, takes information security certification to a level which is unique in today’s market. After the student completes the very challenging Cracking the Perimeter class the core of their understanding and knowledge is challenged to the limits in the special OSCE certification labs.

The OSCE labs are set up with a limited amount of machines and very specific “hacks” must be performed in order to pass this amazingly challenging 48-hour exam. The student must submit their completed exploits and the steps they took to obtain the proof.txt files on the servers they are challenged with.

We have alotted 48-hours due to the technical difficulty in this exam as well as the time and research it may take to accomplish the tasks the OSCE will require. If the student achieves the points neccessary they are awarded with the OSCE printed certification.

 

OSWP

The OSWP, or Offensive Security Wireless Professional, is one of the world’s leading wireless attacks certifications. Offensive Security Certifications After the student studies the internal workings of wireless signals and how to succesfully crack the most popular and common encryption protocols in the market they are challenged with the OSWP information security certification.

A specially designed lab has been built to give each student access to a BackTrack machine that is with in range of our challenging access points. The student is given only 4 hours to crack a limited number of WEP and WPA networks.

The Student must submit the correct encryption codes as well as the attack vectors they used to obtain them in order to be awarded the OSWP certification.

4 comments

offensive security certification


2011
10.09

Tags: ,
Posted in Offensive Security information | 4 Comments »


This was one of the hardest, and most rewarding things I’ve ever done both academically and professionally. Offensive Security is not for the faint of heart and requires a lot of self discipline, perseverance. I highly recommend it if you’re interested in penetration testing or would like to understand how the bad guys think. With Offensive Security, you can begin to understand how to protect your network.

 

If you are wondering if the OSC Offensive Security is for you, let me give you a little of my background. I’ve been in network/systems administration for about 5 years. I have in depth knowledge of protocols/routing/switching/enterprise applications and TCP/IP in general. My Windows skills are advanced but my Linux skills going into the course were weak. I run Linux at home and have had some exposure to different flavors but by no means, was I an expert in Linux. I am a terrible programmer, but can understand some C and enough scripting languages to get by. You need to bring all these skills and more to the Offensive Security course because you will not be taught these things – and you will be expected to use them while you are hacking the lab and practicing the new concepts.

I have always been interested in Offensive Security but, I wasn’t very well versed in any of the popular open source security tools. This isn’t a necessity because you will become a whiz at them as you work the course. Offensive Security can be taught live or online. I chose the online portion and was given a set of videos and a 300 page lab guide. The videos are incredibly useful and extremely well put together. The lab guide is equally as useful. I will continue to reference both of these resources in the future. These two guides are simply that, they teach you the concepts but you really have to teach yourself how to apply them. You need to be able creatively think about applications, networks and protocols to understand how to apply the concepts you have learned.

 

This is where the perseverance and hard work comes in. No one is going to show you what to do in the labs, the administrators are not helpful and the IRC channel is full of people who just brag or talk about other things not related to the Offensive Security. Do not assume you will receive outside help when you get stuck. I believe this was done by design, it teaches you to be self sufficient and resourceful. The idea is that if you cannot help yourself you won’t ever be good at this. There are options for help; you just have to find them. There were many times where I would hit a wall, thought I couldn’t penetrate any more servers and thought I hit my technical abilities but stepping away or reading additional resources would often help.

 

The lab consists of numerous hosts that are also connected to other networks. There are very easy servers and very difficult servers. As you start to penetrate these networks you run into fun things like fake bank databases, usernames/passwords and often the Offensive Security guys taunting you through funny website graphics or smiley faces. These “nuggets” made it fun to work the labs.

 

They sell the course in blocks of time. I highly, highly recommend getting at LEAST 60 days in the lab. The progress I made throughout the process was a roller coaster. I would go a week without any progress and then get on a hot streak and nail 5 servers in a night. Looking back, my knowledge at 30 days was not even half of what I ended up learning after the 75 days (I bought an additional 15 days).

 

You are required to pass the “exam challenge” to obtain your certification. The exam is a new lab that you have never seen before and you have 24 hours to exploit the servers in that lab. My test started at 7am and I finished about 14 hours later. You have to submit all your documentation to them within 24 hours of the end of your exam. I read horror stories about this exam, people taking all 24 hours to complete the exam, others taking the exam 3 and 4 times. I believe with my additional lab time, I was better tuned to take the exam. I put an incredible amount of time into this, probably an additional 30-40 hours a week in addition to my full time job. Offensive Security wasn’t like work though, it was extremely fun.

3 comments

Welcome to Offensive Security dot org


2011
08.01

Tags:
Posted in Offensive Security information | 3 Comments »

This blog features information on Offensive Security