Cracking the Perimeter - Part 2
by, 1st September 2010 at 14:22 (7397 Views)
Before the course and the registration procedure, there was a challenge that had to be overcome.
The so called FC4.Me Challenge.
This challenge is a short Web Application Security challenge designed to show that if you can't complete this, then you shouldn't attend the course yet but instead focus on sharpening your skills. The problem is however that the exam hardly focuses on skills like this though both software exploitation and web application security are 2 topics the student must be very skilled in.
I did have the opportunity just to register right away but I thought I'd do the challenge anyway cause I bet it would be fun and so it was!
After planning that the challenge might take the rest of the evening I began..
But after shortly analyzing the website (and the challenge), coming up with a solution and then progressing to the next step which I solved with grace, then the challenge was over! I was amazed that it was as "easy" as this, even though Web Application Security is one of my primary knowledge areas.
It was fun none the less and I think 3 words is enough for almost anyone to solve it, I won't disclose those words of course because it will ruin the fun for others.
Back on Track
I was playing with Module 3 which was pretty tough, but I managed to do and understand almost every aspect of it which is very important if you want to pass the examination. It should also be noted, that you have to go beyond what is explained in the course materials if you're going to do the examination.
When I was done with that part of the course I moved onto Module 4, very interesting part about Anti-Virus bypassing.
I used many hours and a lot of time (obviously) to research this a lot more in depth.
Simply because I had never actually tried this manually ever before, by myself. I did know of those so called cryptors which script kiddies often use, and similar tools but this was the manual approach. The hardcore way so to speak. Much more interesting since you weren't relying on any tools, besides a debugger.
After completing Module 4 it was time for some real overflow action! A topic I had always wanted to learn was how Egghunters function and this was described in good detail, I was satisfied with both the content of the videos and the PDF document along with the information on the forums which is a must read in case you're stuck completely and need a helping hand.
Even though there's no complete guide to anything on the forums, the hints are useful enough to get you back on track.
Now it began to be harder, and harder, and harder.
From this point onwards at the end of each module, I thought okay it's not going to be any harder than this but I was wrong.
The mental pain from a mix of frustration, happiness and all those other feelings blurred together though it was still super awesome. I knew that I was finally getting challenged to the max, because else I wouldn't feel like giving up and occasionally that I understand everything and then suddenly, I didn't. It's an awesome feeling and it widens your point of view greatly! I wouldn't trade it for anything in the world, besides more knowledge
Anyway it was tough, very tough but it was also fun. In fact I had never had so much fun before.
Some of my friends IRL though, were beginning to say I was obsessed with the course and that it was bad for me even though I tried to explain to them that I was just really excited about learning something new and finally getting certified which had been one of my highest wishes for a very long time.
I am not certified (as OSCE - Offensive Security Certified Expert) yet, but I intend to.
At least my girlfriend understood me an did dedicate time with her as well, which relieved the pain a little.
The End Game
On the second last module everything went to the sky, it was very hard and I mean very hard. But fun too! 0day fuzzing is awesome!
Almost all of the other course material, had prepared me for this part of the course which definitely challenged me to the max. It was awesome fuzzing a service, finding an overflow within and then developing an exploit for it. The reason why this one was particularly hard, was because of a very limited instruction set (opcodes) meaning you would either have to write some sick assembly yourself or manually encode your shellcode in venetian shellcode style!
If you don't know what that is, you should go look it up because it's the most time consuming "procedure" I have ever done, none the less it made my shellcode work but as mentioned, it took many hours to understand. In fact it was days because it was so weird (how to calculate the values) but after studying the topic and trying it out for myself I eventually solved it.
With that done, I was ready for the last part which included network topology attacks.
More specific it was the Cisco GRE Tunnels part.
Sick module! I thought I knew pretty much everything about sniffing, but this was really a good module to end the entire course.
It wasn't too hard and it wasn't too easy,
But it certainly required knowledge about protocols, and the capability of understanding complex virtual network setups.
I loved this course, it has given me so much and I hope anyone else interested in the course will do it too because it is, really worth it.
To be continued..