In an effort to put our CTF'ing skills to good use, we are currently on a bit of a journey through the treasure trove of skills and techniques that are required to gain the internationally recognised Offensive Security Certified Professional (OSCP) certification.
The OCSP training and exam typically covers the below topics:
- Kali Linux Intro (inc command line, common tools and bash scripting)
- Passive and active recon methods
- Finding and understanding vulnerabilities
- Web application attacks (inc OWASP Top 10)
- Buffer overflow attacks
- Client-side attacks
- Working with exploits
- Defence evasion
- Privilege escalation
- Password attacks (inc cracking and brute forcing)
- Port redirection and tunnelling
- Exploitation frameworks
In our March meeting we explored Injection Attacks. Explaining and demonstrating exactly what SQL Injection is, how it works and showing how easy it is to prevent, which raised some discussion about why so few web site developers actually take the time to protect sites from this critical weakness.
For our April meeting we will be deep-diving into the dark art of Cross Site Scripting, which is a branch of injection but definitely one worth exploring in detail.
So, if you are thinking of using your CTF skills and knowledge to gain some industry qualifications, such as OSCP, then feel free to join in with the next Cyber Wales CTF Cluster session.
Link to the event - https://global.gotomeeting.com/join/696820405