*Yawns* Why my head hurts

Over the last few weeks I have been doing the Cracking the Perimeter course (aka OSCE) from Offensive Security. The course has been an awesome learning experience and has sparked a passion for exploit development and reverse engineering. Now that my course lab time is over I am left to my own devices before I sit for the practical. I thought I would add some cheat-sheets, nothing that will give the course work away (besides whats on the syllabus)- I want people to suffer as much as I did, but also wanted to provide some helpful hints for other n00bs.

Besides the basics of assembly and according to the Course Syllabus, here are a few cheat-sheets/notes that helped me along the way.

Module 1 Cross-Site Scripting

The course work and labs during the OSCP should prepare you enough for this module.

Module 2 Directory Traversal

Again, the course work and labs during the OSCP should prepare you enough for this module.

Module 3 Backdoor PE

Know your direction flags in assembly (e.g. cld and std) know what they do. Also, know The common FLAGS registers (e.g. EFLAGS and RFLAGS)

Module4 Bypassing AV

Know your assembly jump commands

Module5 Bypassing ASLR

Read and do the tutorial from Corelan along with the Offsec labs.

Module6 Egghunters

Read this and this and this white paper

Module7 TFTP zeroday

Read this

Module8 HP Openview zeroday

Read this

Module9 Gre Sniffing

Hope that you get tftp working on BT5 correctly, then you should have no problem.

I have learned so much during this course and I will continue to add to my knowledge. Probably one of the best courses I have taken in awhile, even more so than the OSCP course. Those who have taken the OSCP course and are thinking about taking the OSCE course I would definitely walk through the Corelan exploit tutorial series along with the Offsec course work, you should have no problem.

Hope you found this helpful!

UPDATE forgot to add this, a collection of assembly primer from the trainers at OpenSecurityTraining.info.

NOVA Hackers tonight

Doing a presentation for NOVA Hackers on fuzzing with Spike, I will add slides after the meeting. Also, I will add the spike scripts I created to git-hub once they are done.

Update will add slides tonight.  After the meeting I started talking with another NoVAH member which sparked an idea that we are starting to work on. Hopefully other people will find it useful