After I woke up on October the 16th, I had a new unread email from Offensive Security in my inbox. It was a perfect start of the day knowing that I had passed the horrifying 48 hour OSCE exam. Overall, Cracking the Perimeter was a great course. It was a hard journey and I learned a lot, especially about assembly, shellcoding and buffer overflows. I'm not saying that the course is only about buffer overflows, but out of the nine modules, you are staring at assembly code in a debugger in six of them. The three other modules were about advanced web and man-in-the-middle network attacks, which was really good and I wanted more of.

Before I enrolled in the course I expected it to be more like PWK/OSCP, but harder, like penetration testing, but on a more advanced level. Instead it feels like a course for exploitation research. However, it is nothing wrong about that, and I truly believe that almost everything you do in computing will aid your experience as a penetration tester.

If you blindly compare PWK and CTP (which is not actually fair), then the latter comes out short. This is primarily due to the minimal lab environment, where CTP doesn't have a lab like PWK, filled with machines for you to exploit. The CTP lab consists only of 3-4 machines used for developing exploits for the modules. The course is also more expensive, costing $400 USD more than PWK, but it is still worth every penny in my opinion.

The course content is not that big and you should seek information and hands-on practice outside the official material itself. Corelan and FuzzySecurity are extremely good resources for this. Also consider sharpening up your assembly and shellcoding skills before enrolling into the course.

Lastly, I want to say that the course might be old, and many techniques covered won't work with modern operating systems and new anti malware solutions. However, you should always learn the fundamental principles before exploring advanced techniques.

Now back to the waiting room for AWE/OSCEE and AWAE/OSWE to come as online courses.


Daniel Solstad

Information security, life and stuff