View RSS Feed


Cracking the Perimeter - Part 1

Rate this Entry
by , 25th August 2010 at 12:50 (12562 Views)
For the past few months I've been doing the CTP course by Offensive Security ( and to begin with I had no idea how hard it might be, nor do I have any certifications. I only have experience from a SysAdmin education, many years of self-study, a few internal vulnerability assessments at various companies and some free security consulting for mostly major clients regarding Web Application Security.

Anyway I couldn't wait to get started with the course, so I read all the information I could on the websites hosted by Offensive Security, the Syllabus and of course a few reviews too! With that in mind I signed up for the course and after a short registration and screening procedure I was scheduled to begin within 1 to 2 weeks. It felt like x-mas while waiting for the course to begin and when the day came, I received my e-mail.

The journey begins..

After reading the e-mail from Offensive Security at least 5 times so I wouldn't miss out any details, I began to download the course material which includes a PDF of around 150 pages and 5 hours of videos. Enough to spend a few months with if you're not in a hurry.

Meanwhile I decided to try out the lab which is accessible over a secure VPN connection, which uses a certificate + password based authentication that can't be more secure with the current technology. Since I was using my main OS (Linux) to connect with I decided to shut down all unnecessary services and double-check the firewall since I could be targeted by mistake at any time within the VPN lab.

I did think about using BackTrack which is recommended but I didn't have enough ram to run it as a Virtual Machine and I didn't want to install it as my main OS (again) nor did I want to run it as a Live CD because all of them, except installing it is equal to a very slow computer in my case. I run on tight specs.

Of course I already had a lot of tools installed where some of them are: Transparent Proxies (e.g. Burp Suite), Apache, PHP, MySQL, Python, Perl, FireFox with my favorite addons (Live HTTP Headers, Tamper Data and Firebug), Metasploit (stable and svn), NMap, NetCat and many other as well.

To be honest I didn't really see the purpose of using BackTrack since I could just install the tools if I needed them, and so I did.

Astonished by the content

Now the course material was ready to be checked out. First I skipped through the PDF without really reading anything and it looked quite interesting yet very challenging (and hardcore) too. This will definitely be a challenge, but also very exciting to learn! I decided to check out the videos and gave the first a try, hmm Web Application Security - My field of expertise!

I paused the video and chose to read the PDF first. Then I watched the video explaining everything in a decent tempo and a bit more in depth.

I felt ready try out all the exercises mentioned and after a few hours of playing, I had completed the first module with grace though wondering, is the entire course going to be like this? I gave the second module a go the next day since it's important to give your brain time to accumulate what you've learned during the day and if you rush things, you may forget important facts you need to use later on.

The next module was a lot more interesting, in fact I learned a new attack vector in LFI scenarios which I decided to research more about where I also found a few more attack vectors I could possibly use (ethically) in the future. I was satisfied though still wondering, how hard can this be?

Knowing it was my personal area of expertise which I knew the most about, I gave module 3 a go the next day and at this point, it all began to become harder and harder. I mean really hard cause I had never written a piece of Assembly code myself, ever before. But at this point, I was doing it. Wow!

To be continued..

Submit "Cracking the Perimeter - Part 1" to Digg Submit "Cracking the Perimeter - Part 1" to Submit "Cracking the Perimeter - Part 1" to StumbleUpon Submit "Cracking the Perimeter - Part 1" to Google

Updated 30th January 2013 at 00:46 by MaXe



  1. TheXero's Avatar
    I must say, I felt exactly the same way when I started my WiFu :D (apart from the assembly)

    I actually started off by reading the pdf til page 200, but which point I was bored at looking at exampls of syntax, then I hit the video and owned my first WEP within about 30 mins :D
  2. Except1onX's Avatar
    Interesting, i am looking forward taking the CTP, coz of the challenge.
  3. MaXe's Avatar
    Quote Originally Posted by Except1onX
    Interesting, i am looking forward taking the CTP, coz of the challenge.
    If you're going to, make sure to read a reply I made at the Ethical Hacker website

    Link: The Ethical Hacker Network - Anyone did OSCE (CTP) ?
  4. Except1onX's Avatar
    Nice review, i better start with web security, coz i am totally a noob i that area, i wasted a lot of time with assembler, RE and exploits. I am thinking to start with web sec when i'll develop my first exploit :P
  5. MaXe's Avatar
    Thanks and that sounds like a good idea, if you can do what I wrote in my review which covers most, then you should be able to do the course and the examination as well if you know what I mentioned, in-depth that is.
  6. Except1onX's Avatar
    Well mostly yeah, but my weakness is the web sec. This year in college i have a course about asp and network OS, so i looking forward to make my self capable of understanding web sec.