Cracking the Perimeter - Part 1
by, 25th August 2010 at 12:50 (12562 Views)
For the past few months I've been doing the CTP course by Offensive Security (offsec.com) and to begin with I had no idea how hard it might be, nor do I have any certifications. I only have experience from a SysAdmin education, many years of self-study, a few internal vulnerability assessments at various companies and some free security consulting for mostly major clients regarding Web Application Security.
Anyway I couldn't wait to get started with the course, so I read all the information I could on the websites hosted by Offensive Security, the Syllabus and of course a few reviews too! With that in mind I signed up for the course and after a short registration and screening procedure I was scheduled to begin within 1 to 2 weeks. It felt like x-mas while waiting for the course to begin and when the day came, I received my e-mail.
The journey begins..
After reading the e-mail from Offensive Security at least 5 times so I wouldn't miss out any details, I began to download the course material which includes a PDF of around 150 pages and 5 hours of videos. Enough to spend a few months with if you're not in a hurry.
Meanwhile I decided to try out the lab which is accessible over a secure VPN connection, which uses a certificate + password based authentication that can't be more secure with the current technology. Since I was using my main OS (Linux) to connect with I decided to shut down all unnecessary services and double-check the firewall since I could be targeted by mistake at any time within the VPN lab.
I did think about using BackTrack which is recommended but I didn't have enough ram to run it as a Virtual Machine and I didn't want to install it as my main OS (again) nor did I want to run it as a Live CD because all of them, except installing it is equal to a very slow computer in my case. I run on tight specs.
Of course I already had a lot of tools installed where some of them are: Transparent Proxies (e.g. Burp Suite), Apache, PHP, MySQL, Python, Perl, FireFox with my favorite addons (Live HTTP Headers, Tamper Data and Firebug), Metasploit (stable and svn), NMap, NetCat and many other as well.
To be honest I didn't really see the purpose of using BackTrack since I could just install the tools if I needed them, and so I did.
Astonished by the content
Now the course material was ready to be checked out. First I skipped through the PDF without really reading anything and it looked quite interesting yet very challenging (and hardcore) too. This will definitely be a challenge, but also very exciting to learn! I decided to check out the videos and gave the first a try, hmm Web Application Security - My field of expertise!
I paused the video and chose to read the PDF first. Then I watched the video explaining everything in a decent tempo and a bit more in depth.
I felt ready try out all the exercises mentioned and after a few hours of playing, I had completed the first module with grace though wondering, is the entire course going to be like this? I gave the second module a go the next day since it's important to give your brain time to accumulate what you've learned during the day and if you rush things, you may forget important facts you need to use later on.
The next module was a lot more interesting, in fact I learned a new attack vector in LFI scenarios which I decided to research more about where I also found a few more attack vectors I could possibly use (ethically) in the future. I was satisfied though still wondering, how hard can this be?
Knowing it was my personal area of expertise which I knew the most about, I gave module 3 a go the next day and at this point, it all began to become harder and harder. I mean really hard cause I had never written a piece of Assembly code myself, ever before. But at this point, I was doing it. Wow!
To be continued..