Tuesday, September 29, 2009

Cracking the Perimeter

Mati has taken a group of difficult security subjects that have not been well published and broken it down into well presented format that was easy to follow. With the use of the online labs you were able to go through each step and recreate the exploit without any issue and whenever one appeared Mati and Matteo where more than willing to help.

The registration requires the applicant to gain access to fc4.me and send over the registration details to the course team. This in itself is challenging but makes the applicant aware of what is expected of them before they attend the course.

The course begins with two 0day web exploits that cover XSS and PHP (Directory Traversal) and then leads on to adding payloads to executables and bypassing antivirus scanners then followed by the more serious application 0day exploit development using Perl and Python, which includes bypassing ASLR and protected Buffers, I would recommend brushing up on Assembley language and learning socket programming before attending however everything is well explained with the odd piece missing to get the student to think for them self.

The exam is the most challenging I have encountered and required more pots of coffee than coffee beans can be produced and at the end you will be bleary eyed for days after, but instead of giving away anymore I would recommend signing up for this course.

CTP is an advanced course, that will require ALOT of time, effort, sweat,tears and TRY HARDER... however after completing the course the exam you will feel more than confident at taking on any pentest, exploit development and won't feel left with just a bit of paper with no value.

Chris Sweeney
(MCSE, Linux+,MCITP (Enterprise), CCNA, CSTA, CSTP, OSCP,OSCE)