In an effort to put our CTF'ing skills to good use, we are currently on a bit of a journey through the treasure trove of skills and techniques that are required to gain the internationally recognised Offensive Security Certified Professional (OSCP) certification.
The OCSP training and exam typically covers the below topics:
- Kali Linux Intro (inc command line, common tools and bash scripting)
- Passive and active recon methods
- Finding and understanding vulnerabilities
- Web application attacks (inc OWASP Top 10)
- Buffer overflow attacks
- Client-side attacks
- Working with exploits
- Defence evasion
- Privilege escalation
- Password attacks (inc cracking and brute forcing)
- Port redirection and tunnelling
- Exploitation frameworks
In our February meeting we rattled through the OWASP Top 10 and had a lively discussion about Web Hacking. We all agreed that two of the Top 10 stand out above the others, not necessarily because of the criticality but because they are so common both in the real world and in CTF competitions.
For our March meeting we will be deep-diving into the all-encomapassing world of Injection Attacks. If there is time we will also cover the dark art of Cross Site Scripting, which is a branch of injection but definitely one worth exploring in detail. If we run out of time before covering XSS we will revisit it again in April. Exciting couple of meetings ahead!
So, if you are thinking of using your CTF skills and knowledge to gain some industry qualifications, such as OSCP, then feel free to join in with the next Cyber Wales CTF Cluster session.
Link to the event - https://global.gotomeeting.com/join/830194253