In my never ending quest for IT security excellence I’ve decided to enroll in the Offensive Security Penetration Testing With Backtrack version 3 (PWB3) course, offered by Offensive-Security. The course, formerly known as OSCP 101, has turned out to be quite a different animal than other security coursescertification tracks I have taken in the past. I opted to take the online version, which fits my learning style (and family life!). I am one week into the course and already think it’s one of the finest security training events I’ve gotten to be a part of so far. Before enrolling I did some searching to find reviews and opinions of different course participants, and while I did find several, they were few and far between. I’ve decided to write about my experiences to date, and to provide updates periodically up until the point I take the final exam. Speaking of the exam, did I mention it’s a 100% hands on exercise, wherein exam participants must compromise unknown machines to pass it? I don’t think any type of exam cram method will help folks out on this one! You either know how to perform a pen test, or you fail, simple as that.
I did some reading and found several great write up from folks who have taken the course, but I wanted to throw my hat in the ring of reviewers as well. I would definitely read these other posts, to get different points of views on the PWB3 course. You can find one here
Once enrolled you get vpn access to the offsec lab environment, flash video files for the couse and pdf lab guide, as well as a dedicated XP vm in the lab network.
One of the neatest things I’ve come to discover while taking this course is that the initial modules, which at first glance I was tempted to skip, provided value to me! I’ve been using backtrack for several years, and while my Linux skills may not equate me to an Uber Linux Ninja I am fairly capable of using the Linux command line and bash scripting. I forced myself early on not to skip any modules and to watch all of the videos AND read the corresponding sections in the lab guide. I was pleasantly surprised when shortcuts to the ways I’d been doing things were shown, or different tricks to manipulating text were displayed. I have thoroughly enjoyed the different lab exercises to this point, and have begun getting into the nitty gritty of buffer overflows and shellcode.
One area that has particularly fascinated me has been the use of search engines (specifically Google) in penetration testinginformation gathering. I’ve known about Johny Long’s Google Hacking Database for several years now, but to see it used in practical examples was excellent. Using Google to find actual vulnerable web servers was cool (also dangerous), but the simple data gathering techniques shown were very eye opening. To see, and use, some of the different tricks like using Google search operators to scour the Inter-webs to find juicy bits of data has really been excellent. I’ve known and used some of these techniques in the past, but some of the operators or search methods were new to me. In one instance I discovered a PDF document that’s footer read “Data contained within this document is confidential and proprietary”. Yikes! I contacted the company that was hosting the data and it disappeared the next day.
It really is amazing the types of things you can find out about people and organizations without doing any “hacking” per se, but just intuitively searching Google. I highly suggest folks try searching for their own names or originations and see what comes up, you might be surprised!
This course takes you through a penetration test, from alpha to zeta, and adds value throughout. I can’t speak more highly of it… well, scratch that. If I pass the final exam THEN I’ll not be able to speak higher… I’ll update you on my progress in a week or so.