Jun 20 2008
Alright, so as the topic suggests, I just finished the Offensive Security 101 exam yesterday, and oh man. I can’t disclose much information about the test itself, but let me tell you this: it was both frustrating, exciting, and triumphant all at once. Well, only triumphant if you pass, I suppose. Okay, so this is the first exam I’ve taken since college, and I have to admit, I was pretty nervous for it. Alright, you could consider my post-college sociology degree job searching a test of some kind. *Insert inaudible mutterings about the job market here.*
OS101 is unique in its field: it teaches you about software security holes from the perspective of the attacker. It explains common vulnerabilities in network security, and the attack vectors involved in exploiting them. It also teaches, among other things, enumeration techniques, Google h4x, and tunneling services through ssl proxies. And it’s fun! The Offensive Security team has built a lab environment that you VPN into, with a wide array of machines running different unpatched services. And they give you access to a windows machine with OllyDbg, a windows debugger that allows you to develop exploits at a very low level using 32-bit assembly language. Don’t be put off if you’re not familiar with assembly – I don’t even really know it myself, but nonetheless it was a blast learning how things that wind up on milw0rm actually get developed.
The lectures that the course provides are very straightforward and explain things in an easy-to-understand manner, so even if you haven’t coded before, it’s definitely worth it to give it a try. OS101 assumes a basic understanding of the Linux command line and the bash environment.
This is somewhat tangential, but I have to make another recommendation here. If you are interested in network security, cryptography, and electronic privacy and want to keep up to date on these and other things, I highly recommend listening to the Security Now weekly podcast. Security Now features a maverick in the industry and the creator of the data recovery tool SpinRite, Steve Gibson.
Anyway, I really do feel like a walking billboard now, so I’ll leave it at that!