Offensive Security OSCE (CTP) Review

2017-06-01 Read original →

I contemplated writing this review after reading numerous existing write-ups about both OSCE and OSCP certifications. I decided to contribute my perspective on the Offensive Security Cracking the Perimeter (CTP) course.

Course Prerequisites

To enroll, candidates must complete a preliminary challenge at http://fc4.me/ involving basic code review and debugging. The CTP is not beginner-level; this screening ensures prerequisite knowledge.

Lab Experience

Students receive course materials, videos, and guides to connect to lab environments. The curriculum progresses from web exploitation techniques to full exploit development.

Key observations:

  • Material appears manageable initially but reveals significant complexity upon deeper examination
  • Independent study and research is required to succeed
  • Each module is dense despite appearing shorter than OSCP materials
  • Understanding every line of code proves essential

My personal approach involved mastering exercises precisely, then modifying them independently—swapping shellcode, altering instructions, experimenting with different techniques.

Examination Journey

First Attempt

After months of lab work, initial confidence turned to overwhelm. I spent two days without progress and failed.

Between Attempts

A few weeks reviewing lab material rebuilt confidence. Practice with vulnserver.exe reinforced existing knowledge rather than introducing new concepts.

Second Attempt

With improved self-confidence and no distractions, targets fell within 12 hours. I completed remaining objectives post-nap, submitted documentation, and passed.

  • Believe in yourself: Everything you need to pass the exam is in the course materials
  • Manage overwhelm: The 48-hour window provides adequate time
  • Dissect exercises thoroughly: Understand every command and its purpose
  • Personalize labs: Find your own JMP instructions, try alternative shellcode types
  • Utilize forums: Previous students faced similar challenges
  • Document everything: Note working and non-working attempts
  • Expect difficulty: Getting stuck indicates appropriate challenge level
  • Commit time: I invested 4-5 hours weekdays and 8 hours weekends initially
  • Enjoy the process: Expert-created materials reflect real penetration testing experience

My Background

I emphasize my non-elite status to provide perspective:

  • Pre-CTP: 5 years in security, mostly administrative (access reviews, audits, policy guidance)
  • Education: 3-year IT diploma, Bachelor’s and Master’s degrees in History—notably non-technical
  • OSCP journey: Completed late 2015 after extensive preparation; passed first attempt

The message: sufficient background need not be extensive. If a noob like me can do it, so can you.