Vulnerable Machines (SP series)

After doing the Offensive Security courses PWK and CTP I felt an urge to create vulnerable machines myself, but I wanted to make them a little more modern. So in the last couple of months I have created some machines for you all to have a go at. They are in the beginner to intermediate difficulty range, some servers and some clients. It has been a real pain to make some of them and I have spent many hours, but I have learned a lot in the process. I hope you will enjoy them as much as I hated/loved making them!

All the machines have names from a particular TV show and the machines somewhat share the personalities with the characters in that show.

The machines can be found here http://isz.no/vm or here https://www.vulnhub.com/series/sp,189/

Lastly, I want to give the awesome people at VulnHub a shout-out for hosting the machines!

Offensive Security CTP/OSCE Review

After I woke up on October the 16th, I had a new unread email from Offensive Security in my inbox. It was a perfect start of the day knowing that I had passed the horrifying 48 hour OSCE exam. Cracking the Perimeter was a great course. It was a hard journey and I learned a lot, especially about assembly, shellcoding and buffer overflows. I’m not saying that the course is only about buffer overflows, but out of the nine modules, you are staring at assembly code in a debugger in six of them. The three other modules were about advanced web and man-in-the-middle network attacks. These modules were great and I really wanted more of them.

I wish this course was more like PWK/OSCP, but harder, like penetration testing on a higher level. Instead it feels like a course for exploitation research. Fuzzing a service for buffer overflows and using extensive amounts of time creating a sophisticated proof of concepts for getting RCE is not something one usually do in a penetration test.

If you blindly compare PWK and CTP (which is not actually fair), then the latter comes out short. This is primarily due to the minimal lab environment, where CTP doesn’t have a lab like PWK, filled with machines for you to exploit. The CTP lab consists only of 3-4 machines used for developing exploits for the modules. The course is also more expensive, costing $400 USD more than PWK, but it is still worth every penny in my opinion.

The course content is not that big and you should seek information and hands-on practice outside the official material itself. Corelan and FuzzySecurity are extremely good resources for this. Also consider enrolling for the Assembly and Shellcoding course at SecurityTube/PentesterAcademy.

Lastly, I want to say that the course might be old, and many techniques covered won’t work with modern operating systems and new anti malware solutions. However, you should always learn the fundamental principles before exploring advanced techniques.

Now back to the waiting room for AWE/OSCEE and AWAE/OSWE to come as online courses.

Tips and Tricks when Golfing in PHP

A compilation of tips and trick when golfing in PHP.

The Status of phpGolf

A post about the status about the phpGolf project and showing off some legendary submissions.

Offensive Security PWK/OSCP Review

My review of Offensive Security's PWK/OSCP.

SANS SEC542/GWAPT Review

My review of SANS SEC542/GWAPT.

Riddles in the Dark - Blue Eyes

My alternative answer to XKCD's Blue Eyes riddle.

Coherent Knowledge-based Operations (CKO)

Some notes from a class on Coherent Knowledge-based Operations.