Powered by Gentoo Linux
Page Updated: August 04 2009 23:26

Cracking the Perimeter

Network Penetration from Offensive Security

The new "Cracking the Perimeter" course from Offensive Security provides a radically different experience from the "Pentesting with Backtrack" course that has proven popular in recent years. Where PWB covers fundamental enumeration and usage of exploits in the public domain, CTP concentrates firmly on development and manipulation of undiscovered software weaknesses.

The challenge begins even before registration. Before being granted a place on the course, would-be students must "crack" their way past a series of safeguards in the online application form. This ingenious idea gives a taster of what lies ahead and goes some way to ensuring that successful applicants aren't biting off more than they can chew.

Course tutor Mati Aharoni leads by example through nine video modules of challenging attack vectors, each incorporating skills gained from previous modules and from "Pentesting with BackTrack". Procedures are explained in detail but often require additional research to achieve the desired result. This makes sure the candidate has fully understood the technique involved - it's not sufficient to copy the example verbatim. The end result is the ability to independently simulate a diverse and well-resourced attack on a remote computer network.

The lion's share of course material covers fuzzing and shellcode development in assembly, which sees candidates evading antivirus software and shoe-horning exploit payloads into impractically small spaces of memory.
The learning curve is steep and culminates in creation of an exploit of breathtaking complexity.

In conclusion, I found CTP increasingly challenging, irritating and sleep-depriving but always fun and above all, extremely informative. At the time of writing, I still have nearly a month's lab-time to hone my skills and honestly have no clue what the 48-hour certification challenge will entail but, if previous "Offsec" experiences are anything to go by, I know it won't disappoint.

Hosting from W3Z - Web Without Wires from Zycomm