Tag Archives: offsec

Offensive Security AWAE/OSWE

I recently was enrolled in the Offensive Security Advanced Web Attacks and Exploits course. This is the newer version of the course, and it leads to the Offensive Security Web Expert Certification. Well, you’ll get the cert after you pass a 48 hour hands-on exam and write a report of your findings. Fun.

First off, I have bug bounty hunting/web app testing experience, so some of the material in the course is not new to me. With that said, the material is presented well, and I enjoyed being able to see somebody else’s methodology of going from initial exploit to full-blown remote code execution. And I definitely still learned a lot along the way.

I’m a mostly self-taught hacker, as are a lot of people in the field. Unfortunately, I find that when I learn on my own, I miss some things along the way. Usually it’s just little time-saving tricks or different ways of doing things, but sometimes I miss things that may cost me money in the bug hunting world. So, I like to supplement the self-learning with some courses occasionally.

If you’re reading this, you probably know how the labs are set up. You get access to 12 boxes running vulnerable software. You exploit them from initial exploit to RCE. The course manual and videos walk you through it, and then they give you “extra miles” to complete, if you’re inclined. The course manual and videos are well put together and explain all the exploits thoroughly.

Should you purchase this course? That depends. I think if you’re already established in the field and making some money bug hunting, you can probably pass it over. If you’re looking to make a transition into web-app pentesting from dev work, it would be a good choice for you. If you’re looking to challenge yourself, go for it. If you’re looking to bolster the resume, go for it.

What do you need to know to complete the course? Well, my skills in C# and Java are a little lacking, so those parts were the most challenging for me, but they were also the parts where I learned the most. I’ve seen some people recommend having an OSCP cert before starting the AWAE, but I don’t think that’s necessary. They are different beasts, and while there is some overlap, it isn’t much. I’d say having a thorough understand of Python (requests package and sessions), and Linux is much more helpful than having an OSCP. The course touches PHP, Node, regular Javascript, Python, C#, and Java (am I forgetting anything?), so if you are lacking experience in any of those, I’d recommend familiarizing yourself with them before you start the course.

Offsec Proving Grounds Review

If you don’t already know, the Offsec Proving Grounds are a new laboratory created by Offsec to compliment their training courses. It’s basically a Hack the Box version of Vulnhub, and it explains why Offsec purchased Vulnhub recently.

I’ve been trying it out for a couple of months now, and I think it was a good move for Offsec, but it is lagging vs. the competition.

> Price

First off, for $20 a month, it is significantly more expensive than HTB’s standard VIP option, which is about $10. HTB also has more boxes, challenges, labs, etc. So Offsec is definitely behind, in this regard. With that said, Offsec has started paying people to submit boxes, so I see the number and quality of boxes available increasing soon. I know if I was to make a box, and I’ve toyed around with the idea, I’d probably submit it to Offsec before HTB, at this point.

> Site Design

Offsec’s website design is functional, but it isn’t as flashy as HTB. That may be a positive or negative, depending on your taste. At first I had some troubles getting machines to start properly, but that appears to be ironed out.

> Functionality

It seems you have to have your VPN connection going to start a machine, which is almost as annoying as the machines changing IP addresses each time they are restarted. Also, don’t log out and clear your cookies, that will make stuff go a bit haywire, though that may be cleared up by now. I think you should be able to add this to your .ovpn file to automatically log in

auth-user-pass /home/user/.ssh/login.conf

And then create login.conf in the same directory as the ovpn file. In login.conf, put your username on one line and password on the next line – that’s all. Two lines, first is username and the second is your password.

> Conclusion

I’d say the proving grounds are best for those people working towards an OSCP. They easy boxes on the site are actually easy in comparison to the newer HTB “easy” boxes. Offsec needs to work on updating the website to be a bit more modern, and add more features to increase the value. After all, why would somebody pay nearly double the price of HTB for less value? Also, please make it so I don’t have to enter my obscure VPN credentials every time I log in.