Offensive Security Certifications - Torrents and Viable Substitutes.

[ryoh]

Offensive Security has some of the most, if not the most, respected certifications in the industry. It differs from other certs, like CEH, in that instead of providing a knowledge that's a mile wide and an inch deep, it gives you hands-on drills and practice. Unfortunately, the program is also quite costly. If you can learn the whole thing proficiently in 30 days, you're looking at $800.00 for the OSCP alone. 

Ultimately, if you want the cert. You're going to have to pay. In the meantime, I want to write about how you can be acquiring the same skills now for cheap and in some cases free.  And maybe at some point down the line, you won't need all 30 days to get the parchment.  I'll also add that, while this is a damn decent set of certs and courses, it's not comprehensive heavily relies on you to do your own research.  supplementary certs such as CCNA or L-PIC will be needed for example to elaborate on any particular concept (tis why I'm studying CCNA currently). Disclaimer: I haven't obtained any of these certs myself yet, so I'm offering general information only.

Certifications:

OSCP
link: https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

Description:

Quote

Penetration Testing with Kali Linux (PWK)
The most comprehensive infosec training course in the security industry

Online, self-paced course with remote penetration testing labs
Introduces the latest hacking tools and techniques
Designed for network administrators and security professionals
Become an Offensive Security Certified Professional (OSCP) after passing the 24-hour performance-based exam
OSCP is recognized as the preferred penetration testing certification

Learning Goals:

• Identify Existing Vulnerabilities
• Execute organized attacks
• Write simple Bash and/or Python scripts
• Modify existing exploit code to their advantage
• perform network pivoting
• perform data exfiltration
• compromise poorly written PHP applications.
• Keep going until you win.

Official Training guide: Penetration Testing with Kali Linux (PWK)

Talking Point:

The first bullet in the learning goals is very important to note.  By the end of the course you're not going to be writing custom exploits.  The entire point of it is to get good at using what's already available in an efficient and creative way.  You won't be developing custom exploits because that isn't the point.  The point is to practice using the cyber killchain, with success, until it's burned into your brain.  You won't learn until you get that positive feedback - the shot of dopamine from actually compromising a box.  Focusing on the details at this level would only slow down your learning. So at this level just use other people's exploits and tools.

Substitutes/freebies:

Training guide + video series (2014): https://thepiratebay.org/torrent/20152226/Offensive-Security__PWK__Penetration_Testing_with_Kali

free Practice labs (vmware): https://www.vulnhub.com/

more labs specifically concentrating on learning Linux system hierarchy and common commands: http://overthewire.org

What I can't find is a viable substitute for simulating an actual network.  And you're not always going to be testing from the same subnet as the target.

OSCE
    link: https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/

Description:

Quote

Cracking the Perimeter (CTP)
Most challenging ethical hacking and penetration testing courses of its type

Online, self-paced course with dedicated remote penetration testing labs
Examines several advanced attack vectors based on real world scenarios
Designed for the experienced penetration tester
Earn the Offensive Security Certified Expert (OSCE) certification after passing the 48-hour performance-based exam
Prove you have a practical understanding of advanced penetration testing skills by becoming an OSCE

 

Learning Goals:

• Obtain shell from basic web application attacks such as xss and directory traversal.
• Modifying executable files with custom shellcode on windows.
• Avoid AV
• dealing with ASLR
• Finding possible 0days using fuzzing techniques then developing an exploit.

Official Training guide: Cracking the Perimeter (CTP)

Talking Point:

The actual course description on this isn't too indicative of what you learn in the course.  So I did my best to extract the learning goals from a 2012 CTP manual.  This course gets quite a bit more advanced and actually relies way more on the individuals' ability to do their own research.  That said I'm actually unconvinced of this courses usefulness outside of its case studies. The shellcoders handbook is a thousand page tome that elaborates way more on all of these topics.  We're actually getting into the hard security research/computer science realm with this.  for labs in this course I'd recommend finding exploits on exploit-db or packetstorm and try setting up a debug environment yourself, fuzz (this is the analog of recon at this level), and write your own version of the exploit. Compare your code to the POC code.

Substitutes/freebies:

OLD training guide(2012): https://thepiratebay.org/torrent/7483548/Offensive_Security_-_BackTrack_to_the_Max_Cracking_the_Perimeter

Shellcoders handbook: http://index-of.es/Varios/Wiley.The.Shellcoders.Handbook.2nd.Edition.Aug.2007.ISBN.047008023X.pdf

 

OSWE
    link: https://www.offensive-security.com/information-security-certifications/oswe-offensive-security-web-expert/

Description:

Quote

Advanced Web Attacks and Exploitation (AWAE)
Focused Hands-on web application penetration testing

Live training format with valuable student-instructor interaction
Broaden your knowledge of web application hacking to identify and circumvent protection mechanisms in use on the web today
Designed for experienced penetration testers who want to take their web application exploitation skills to the next level
Course case studies are large web applications deployed in enterprise networks
Earn the Offensive Security Web Expert (OSWE) certification after passing the 24-hour performance-based exam

Learning Goals:

• fingerprint web applications
• identify vulnerabilities found
• exploit vulnerabilities
• write a report about it

Official Training guide: Advanced Web Attacks and Exploitation (AWAE)

Talking Point:

This is the OSCP equivalent to web applications. Not much in the way of crafting your own exploits. Fortunately, new exploits found in web applications tend to be rehashes of other common vulnerabilities, so with webdev experience, it starts to become intuitive anyway.  Labs to find for web app attacks are everywhere. so this is the easiest to learn the basics of.

Substitutes/freebies:

Web application hacker's handbook (Huge comprehensive tome): https://leaksource.files.wordpress.com/2014/08/the-web-application-hackers-handbook.pdf

lab (courtesy of mls577): https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project

lab: hackthissite.com

 

OSWP
    link: https://www.offensive-security.com/information-security-certifications/oswp-offensive-security-wireless-professional/

Description:

Quote

Gain hands-on wireless penetration testing training

Online, self-paced course with self-hosted labs
Provides the skills needed to audit and secure Wi-Fi devices
Designed for penetration testers and network administrators
Earn the Offensive Security Wireless Professional (OSWP) certification after passing the 4-hour performance-based exam
OSWP is the only practical wireless attacks certification in the security field today

Learning Goals:

• Conduct wireless information gathering.
• Circumvent wireless network access restrictions.
• Crack various WEP, WPA, and WPA2 implementations.
• Implement transparent man-in-the-middle attacks.
• Demonstrate their ability to perform under pressure.

Official Training guide: Offensive Security Wireless Attacks (WiFu)

Talking Point:

This is a narrow topic that only covers wi-fi (no discussions of bluetooth for example). 

Substitutes/freebies:

Course manual (2012): https://thepiratebay.org/torrent/20152240/Offensive-Security_-_OSWP_-_WiFu

OSEE
    link: https://www.offensive-security.com/information-security-certifications/osee-offensive-security-exploitation-expert/

Description:

Quote

Advanced Windows Exploitation (AWE)
Develop exploits in modern Windows Enviroments

Live-training format with ample student-instructor interaction
Develop creative solutions for the most difficult exploitation environments
Designed for experienced exploit developers, AWE is not an entry-level course.
Earn the Offensive Security Exploitation Expert (OSEE) certification after passing the 72-hour performance-based exam
Master course content while thinking laterally and adapting to new challenges to become an OSEE

Learning Goals:

• reverse engineering
• assembly/disassembly
• Develop sophisticated exploits.
• Create custom shellcode.
• Evade DEP and ASLR protections.
• Exploit Windows kernel drivers.
• Perform precision heap sprays.

Official Training guide: Advanced Windows Exploitation (AWE)

Talking Point:

 

this course is only available live by attending blackhat here in Vegas. Need an expert to make a recommendation for this one.

Substitutes/freebies:

OLD course manual (2012. this is so freakin dated) https://thepiratebay.org/torrent/7835702/Offensive_Security_-_Advanced_Windows_Exploitation_(AWE)_v_1.1

A free course from Offensive security: Metasploit Unleashed.

https://www.offensive-security.com/metasploit-unleashed/

Edited July 24, 2018 by ryoh

[cwade12c]

Amazing post man! Thank you for taking the time to do this research and put all of this together in a clear, organized, and coherent manner. I will definitely take a closer look and begin to download some of these resources and begin studying, in preparation for many great things to come.

 

Also, thank you @mls577 for your contributions to the OP.