I AM
Jun Long Ong, currently working as a penetration tester. Before entering the cybersecurity industry, I worked as a software engineer. I’ve always been interested in exploiting things, such as hacking in games or finding small loopholes in real life. The title of “Ethical Hacker” sounded cool and aligned to my nature, so I decided to make the switch to the cybersecurity industry.
The OSCE3 certification is highly sought-after by ethical hackers worldwide. As one of my favourite quotes goes, “하나가 되는 순간 모두가 주목해”, which means “The moment we become one, everyone pays attention”. I feel that OSCE3 can be linked to this quote in the sense that it is a prestigious certification that requires passing all three of Offensive Security’s 300-level courses: OSEP, OSWE, and OSED. This achievement is something that many in the industry pay attention to. In other words, by becoming an OSCE3 certified ethical hacker, you are joining a community that commands respect and attention. Thus, I decided to embark on the journey to become OSCE3 certified, starting with OSEP.
COURSE OVERVIEW
OSEP is an advanced-level ethical hacking certification offered by Offensive Security. The course, Evasion Techniques and Breaching Defenses (PEN-300), builds on the knowledge and techniques taught in Penetration Testing with Kali Linux.
The topics covered in this course includes techniques such as client-side code execution attacks, antivirus evasion, application whitelisting bypasses, and network detection bypasses. The second half of the course focuses on key concepts such as lateral movement, pivoting, and advanced attacks against Active Directory.
When I started delving into the course materials, I felt lost and confused. Even as someone with a background in C# programming, the low-level programming concepts discussed in the first few chapters, such as Win32 APIs and DLLs, were unfamiliar to me. Despite feeling overwhelmed, I pushed through and eventually realized that these concepts were part of a larger codebase that I would be working with throughout the course.
Throughout the course, I focused primarily on the lab challenges rather than the course and “Extra Miles” exercises. While this approach may not be suitable for everyone, it has worked well for me in the past when studying Offsec courses. The course provided video walkthroughs, but I found that they mostly reiterated the information in the PDF. However, there were some crucial pieces of code that were only shown in the videos and not included in the PDF, so it’s important to pay close attention to the videos when studying sections that require coding.
During the lab challenges, I frequently needed to use codes from the PDF, so I often went back to follow the steps provided in the document. This approach helped me gain a better understanding of which codes to use in different scenarios, which ultimately improved my overall comprehension of the course material. However, there was one particular lab where I encountered difficulty even though I was following the PDF’s instructions. After reviewing the course forums and Discord channel, I discovered that there was a misconfiguration on the machine which Offsec didn’t set up properly, and I had to manually correct it myself to continue. In a strange way, the kitsch nature of Offsec’s lab machines is what makes them so satisfying to work with. It’s not really Offsec if there aren’t any head-scratching, hair-pulling issues to overcome. It’s these challenges that truly test our skills and push us to become better pentesters.
EXAM OVERVIEW
The exam simulates a live corporate network in a private VPN, and you will have 47 hours and 45 minutes to complete the challenge and a further 24 hours to submit your documentation. The prerequisite to pass the exam is to obtain 100 points or the secret.txt flag.
During the exam, I made sure to document many of the steps I attempted. This allowed me to transfer these notes directly to my final report, saving me time and effort. It’s also crucial to take regular breaks to give your mind a rest. Whenever I completed a machine or felt stuck on a problem for too long, I took a short break to recharge. Once I gained root or high privilege on a machine, I always performed post-exploitation and thoroughly searched through all folders, as important information could be hidden away. If you’re struggling to pass the exam and feeling discouraged, don’t give up early. Perseverance is key, and it’s essential to utilize the full exam duration to your advantage. Even at the last minute, you may have a breakthrough that changes everything.
TIPS
When I took the course, there were six challenges that needed to be completed. To maximize your chances of success in the certification exam, it is highly advised to complete all of the lab challenges before taking the exam. It is advisable to book the exam early to secure better timeslots. Before the exam, it is crucial to prepare all the necessary files and payloads in advance. To save time during the exam, it is a good idea to prepare code templates in advance so that you can quickly insert your payloads. These tips can help you better prepare for the exam and increase your chances of passing.
These are some of the links which I used and felt that are helpful for the labs and exam.
https://github.com/chvancooten/OSEP-Code-Snippets