Offensive Security: Dennis’ Review of the OSED Certification

Offensive Security Exploit Developer Certification

I recently took the “Windows User Mode Exploit Development” class and subsequently passed the Offensive Security Exploit Developer (OSED) certification. If you are thinking about taking the same class or are curious about what it entails, this blog post should clear some things up. 

Windows User Mode Exploit Development Class Overview

The offensive security website does a very good job of explaining what is in the class. In short, this course teaches how to exploit memory corruption vulnerabilities on Windows 32 bit applications. This includes methods for bypassing ASLR, DEP, and other restrictions you might face. Reverse engineering for vulnerabilities with Ida is also covered.

The class focuses on exploitation and uses a very hands-on teaching approach, though at times theory must be covered, like the basics of x86 assembly. In these cases, the class presents a nice basic understanding without going into great depth because you will later see how the theory works. You learn what DEP is, and then you verify that it works and how it prevents exploitation.

The class promotes a real hacking spirit–you feel like you are figuring things out with the help of the instructor. This is emphasised by the “extra mile” tasks. These will have you going back to old exploits and rewriting them–sometimes to make them better, sometimes just to make them different for the sake of learning. Before long, you will be rewriting exploits to answer your own questions independent of the class.

Try Harder

The motto of Offensive Security is “Try Harder,” and this class stands up to it. I was confident going into the class because of my experience with binary exploitation on Linux, but I was still surprised at just how much this class pushed me. I remember on one occasion thinking “They did not teach me this.” I thought a technique I had learned outside of the class material might have been needed–though I was not completely confident it would work–but I was wrong. The challenge was actually quite easily defeated with the course material.

Takeaways

The biggest takeaway for me was the streamlined approach that Offensive Security takes toward writing exploits. There were multiple cases when the course material deftly avoided time sinks and false paths. It taught me that my general approach to reversing and exploitation was unnecessarily slow. I feel I can apply some of these ideas to other related areas of security, like auditing JavaScript on a web application test.

Suggestions

If you plan on taking this class I suggest having a decent understanding of x86 and Python. If you want to do well in this class, you will also want to play a lot in the labs. Every time you think “why didn’t they just try this,” then do it yourself. When you wonder if something is possible, try it! 

If you want the certification, be sure you schedule your exam early. The first day you can get into the lab, go ahead and schedule your exam for the last day of your labs. Before you get carried away in the labs and forget, ensure your system is capable of performing in the test with the proctoring software. You’ll need a webcam that works with a browser, and you will need to broadcast ALL your desktops. You can google “test webcam” or “test desktop sharing” to find various websites that will test these things in your browser. You don’t want to waste your time with this on the exam day.

Conclusion

This class has some great information. It won’t put you at the cutting edge of binary exploitation, since that edge moves further away every day. It will, however, teach you enough to see that edge. From there you can decide if you want to keep pursuing.