In an effort to put our CTF'ing skills to good use, we are currently on a bit of a journey through the treasure trove of skills and techniques that are required to gain the internationally recognised Offensive Security Certified Professional (OSCP) certification.
The OCSP training and exam typically covers the below topics:
- Kali Linux Intro (inc command line, common tools and bash scripting)
- Passive and active recon methods
- Finding and understanding vulnerabilities
- Web application attacks (inc OWASP Top 10)
- Buffer overflow attacks
- Client-side attacks
- Working with exploits
- Defence evasion
- Privilege escalation
- Password attacks (inc cracking and brute forcing)
- Port redirection and tunnelling
- Exploitation frameworks
In our December meeting we picked up where we left off exploring the active aspects of Reconnaisance and then continue into the next topic, which was finding and understanding vulnerabilities using scanners like NMAP NSE, Nessus and Nikto.
So, if you are thinking of using your CTF skills and knowledge to gain some industry qualifications, such as OSCP, then feel free to join in with the next Cyber Wales CTF Cluster session.
Here is the slide deck used on the event OWASP Top Ten