You may already know me, I am Jobyer Ahmed, live in Bangladesh. Another identity is the founder of RedNode (Previously Redtm). I proudly want to say recently I became OSCE3(OffSec Certified Expert) Certified, and perhaps, I am the only person holding this certificate in Bangladesh. I also have earned other certificates, such as OSCP, Pentest+, Security+, and some others. I wanted to share my journey in the hopes that it might inspire others who have similar aspirations. It would be wonderful to have more dedicated and skilled cybersecurity experts in my nation.
What is OSCE3?
OSCE3 Which is also called OffSec Certified Expert 3. This certificate, OffSec, is awarded to those who successfully completed the other 3 requirements: OSEP, OSWE, and OSED. You can say All in one or final certification.
My OffSec journey was 3+ years.
OSED(OffSec Exploit Developer)
OffSec Exploit Developer is an intermediate exploit development training. As it mostly focuses on Reverse engineering and Memory corruption vulnerabilities, 90% of the time during this training I spent with Windows Debugger(windbg), 32-bit Assembly Language, and Python 3 script.
As this is an exploit development course, I had to work with Traditional Buffer overflow, SEH Overflows, EGG Hunting, DEP and ASLR Bypassing, Shellcode Writing, some reverse engineering, and custom shellcode writing.
Why did I do this training?
Probably, this one was the most brutal training and exam for me. And frankly, I am not a fan of reverse engineering and memory corruption exploits. I was scared of this exam. But you know, OSED is part of being OSCE3? So I must do it because only certification is left to be the first OSCE3 holder in Bangladesh.
Anyway, It took more than a year for me. Luckily I had some experience in 32-bit assembly language and stack overflow exploitation ;).
Preparation
If you are also thinking of enrolling in this training or preparing for the exam, this may help:
- Get basic knowledge of how Windows memory work(Basically the LIFO).
- Have the ability to read and write a basic program in assembly language.
- Get Good knowledge in Windbg.
- Watch/Read Official Materials over and over.
- Practice in the lab.
- Training on the home lab.
As This training took me almost a year. I had to renew my lab 3 times. I took only one(and last) chance to attempt the exam(Pass or Fail). After 48 hours of the brutal exam, I took another 12+ hours to write the report and submit it. In less than 24 hours, I got a passing result and was awarded the OSCE3.
Motivation: I want to be the OSCE3
OSWE(Offsec Web Expert)
OffSec Web Expert(OSWE) is the training for someone to learn code analysis to find vulnerabilities. So the training WEB-300: Advanced Web Attacks and Exploitation focuses on White Box testing. After passing the 48 hours of the exam, you become OSWE certified.
WEB-300 teach how to find high or low-risk vulnerabilities by analyzing a web application’s source code and how to chain multiple exploits to achieve code execution and take complete control of the application. The code execution could be by exploiting simple XSS(But highly risky), Template injection, SQLi, Type Juggling, or other vulnerabilities. Everything is through the official training materials. The Syllabus can be found on the official site.
Reason for doing this course
Honestly, I am a fan of black box testing and red teaming. I also love web application penetration testing. I also have lots of respect for OffSec for its content and contribution. I was always excited to enroll in their training. The reason for doing this course is to learn about web exploitation in depth. Sadly, This course was hard enough for me, but I passed it.
Preparation
For all OffSec courses, I did a full-time study. The preparation:
- Programming knowledge in Java, PHP, Javascript, .NET, and Python3.
- Official Materials.
- Spending time in Official Labs.
- Porswigger Web Academy.
As the course requires the student to write an exploit in any scripting language, Good knowledge of Python 3 or Ruby is required.
Motivation: I want to be expert web pentester.
OSEP(OffSec Experienced Pentester)
OSEP teaches us to attack modern and updated systems. It covers the evasion and breaching techniques in more detail. The Course itself is called PEN-300: Advanced Evasion Techniques and Breaching Defense. I consider it as red teaming training.
The training teaches how to bypass the Antivirus, Firewalls, Applocker bypassing and other security protection commonly seen in an enterprise network. Not only does it avoid security, but also it teaches how an adversary can exploit Active Directory Environment and own the domain controller. The complete Syllabus can be found on OffSec’s official site.
Why did I do this Training?
Frankly, I did not do this training to be an OSCE3. After completing OSCP, I wanted to take an advanced challenge to sharpen my skills. OSEP(Continuation of OSCP) was a very new course at that time(2021); after looking at the Syllabus, I had a feeling like, “Ah, This is what I need; let’s see what they teach next, hehe.” Without thinking twice, I quickly enrolled and started learning. This is the training I enjoyed most. It felt like, I was doing real-world hacking ;).
This was an enjoyable nonstop 48 hours exam.
Preparation
I studied full-time to learn some new techniques from this training. If you want to prepare for this exam, you can do the same as me:
- Programming knowledge: .NET, Javascript, and Windows API.
- Get Basic Active Directory Knowledge.
- Learn from the Official Textbook and videos.
- Solve Official Lab.
- HackTheBox Pro Labs.
- Learn from the Internet and Take proper notes.
The preparation may take up to 6-12 months for average people. If you are like ippsec, just attempt the exam, heh.
If you want to learn something real world, I would recommend this training.
Motivation:I want more of an adversary.
OSCP(OffSec Certified Professional)
OSCP or OffSec Certified professional is not part of OSCE3. It is foundational training to teach practical ethical hacking without any commercial or automated tools. You can’t compare So called CEH(Certified ethical hacker) or pentest+ with OSCP. In OSCP training, you can learn information gathering to exploitation(Including Privilege escalation) in a methodical way. And in 24 hours of the exam, you need to prove you can take the stress and apply the techniques you have learned.
As I was doing a contract-based penetration testing job, being an OSCP certified was my dream and also an advantage for my career. But due to payment method issues in Bangladesh, Obtaining OSCP was a bit late. Imagine, I was an active user of Backtrack Linux version 4(2009?). I waited until the issue is resolved, instead of wasting money with other theory-based certifications.
Not only OSCP but all the courses and exam in OffSec is also challenging. I did my best to prepare for the exam. Spent about a year preparing myself. Most of the time I spent with various labs. Here is what I did:
- Played CTF in HackTheBox
- Obtained Virtual Hacking Labs 2 Certifications by exploiting most of the machines.
- Played CTF in CyberSec Lab
- Next, Solved about 31+ machines in the OSCP lab.
- Solved 24 Machines in Proving Ground(Was most helpful).
- Google, Google, and Google.
- Took proper notes.
At that time someone said, don't attempt oscp exam until you solve 200+ machines in different platforms
. So I solved 200+ ctf machines, haha, and took details notes. If you are from Bangladesh, or any other country reading this post, and don’t want to fail the exam, you can do the same as me. No matter what is your experience level. This Cheat Sheet was written by me during my OSCP preparation.
Motivation: I am a professional pentester
.
Final words
I am deeply passionate about cybersecurity, a field that constantly pushes me to acquire new techniques and sharpen my skills. Acquiring OSCE3 certification wasn’t something I initially thought would lead to a new job opportunity. However, my main goal was to gain new knowledge and further enhance my skills.
Another fact is, strengthening cyber security in Bangladesh is a crucial priority for me, and I am committed to contributing to building a safer digital landscape. My ultimate aspiration is to be a part of the effort to create a more secure online environment for all.
If you’re into cybersecurity like I am, or just want to keep up with what I’m up to, feel free to follow my Facebook page! We can chat, share ideas, and work together towards our goal of making the cyber world safer.
My Facebook page: https://www.facebook.com/jobyer.me/