OSCE Certification, Cracking the Perimeter (CTP) is the next step for penetration testers who have completed PWK. This online, self-paced ethical hacking course is among the most challenging available.
CTP focuses more on exploit development. Students learn how to identify advanced vulnerabilities and misconfigurations in various operating systems, then execute organized attacks.
Students who complete the course and pass the exam earn the Offensive Security Certified Expert (OSCE) certification. This cert proves mastery of advanced penetration testing skills. OSCEs have also demonstrated they can think laterally and perform under pressure.
OSCE is an advanced penetration testing certification focusing on exploit development. We recommend going for this cert after attaining your OSCP and pursuing further pentesting experience.
Once you’ve reviewed the course material, completed the exercises in CTP, and practiced your skills in the lab, you’re ready to take the certification exam.
The OSCE exam has a 48-hour time limit and consists of a hands-on penetration test in our isolated VPN exam network. The network contains varying configurations and operating systems. Points are awarded for each compromised host, based on their difficulty and level of access obtained.
You must submit a comprehensive test report as part of the exam. It should contain in-depth notes and screenshots detailing your findings.
A passing exam grade will declare you an Offensive Security Certified Expert (OSCE).
OSCEs have proven that they can craft their own exploits, execute attacks to compromise systems, and gain administrative access.
The intense 48-hour exam also demonstrates that OSCEs have an above-average degree of persistence, determination, and ability to perform under pressure.
Like other Offensive Security courses, CTP combines traditional course materials teaching advanced penetration testing skills with hands-on, practice within a virtual lab environment. The course covers the following topics in detail. View the full syllabus.
The Web Application Angle
Cross Site Scripting Attacks – Scenario #1
Real World Scenario
Directory traversal – Scenario #2
Real World Scenario
The Backdoor angle
Backdooring PE files under Windows Vista
Advanced Exploitation Techniques
MS07-017 – Dealing with Vista
Cracking the Egghunter
The 0Day angle
Windows TFTP Server – Case study #1
HP Openview NNM – Case study #2
The Networking Angle – Attacking the Infrastructure
Bypassing Cisco Access Lists using Spoofed SNMP Requests
GRE Route-Map Kung Fu
Sniffing Remote Traffic via GRE tunnel
Compromised Router Config
Cracking the Perimeter is an advanced course and requires prior knowledge of Windows exploitation techniques. You should be comfortable in OllyDbg and understand concepts such as shellcode encoding, use of the Metasploit Framework, and Linux at large.
WHAT COMPETENCIES WILL YOU GAIN?
Debugging Windows binaries
Working through encoding issues and space restrictions while crafting exploits
Understanding PE structure to learn techniques that backdoor executables and bypass AV
Familiarity with more advanced protections like ASLR
Using creative and lateral thinking to achieve expanded view of standard vectors
Thinking outside the box to determine innovative ways of penetrating internal networks