I Fought the OSCE and the OSCE...

It’s time again to review yet another Offensive Security cert. I’ve been a bit delayed on this post. I was hoping to have it out sooner, but as many of you know I failed my first attempt.

Cracking the Perimeter

Cracking the Perimeter (CTP) Is Offensive Securities course that focuses on advanced attack vectors and exploit development. Where the PWK is a mile wide and an inch deep, the CTP is an inch wide and a mile deep. I won’t dive into specifics on what is covered, feel free to check out the official website for that.


Before I dove into the CTP I did some pre-study on the various topics found in the syllabus. The two most used resources were FuzzySecurity and Corelan, both cover various topics related to exploit development, some of those topics are outside the scope of the CTP, but I went through the majority of them anyway. I highly recommend you do the same if you are considering taking the course, having an understanding before hand will help you grasp the various concepts within the material.

A few books I also recommend are:

The last one is useful for even the OSCP, but helps to have a more advanced understanding of web application attacks. While writing your own shellcode isn’t extensively covered in the CTP, I highly recommend knowing the basics.

OSCE Attempt 1

NO! Just…I don’t have much to say on this. I failed hard. I only knocked out one challenge within the first couple of hours, but the remaining hours were spent on one hard challenge. You might often read that “Everything you need for the exam is in the course material” and this is true. Everything you need to learn is there, but it’s up to you to put it together. That challenge killed me for 36 hours.

I simply couldn’t see what I needed to see, in my final hours I went to bed feeling a bit down and woke up with an hour to spare. Still nothing, VPN drops, exam is over….30 minutes later as I review notes and screenshots I have a “Oh…There it is.” moment.

OSCE Attempt 2

Start: 9:00 AM Finish: 1:30 PM

Yup, the second attempt went much smoother than the first. I spent a few months really studying and recreating various exploits from exploit-db. I dove into ASM to get more comfortable with reverse engineering, and I participated in several CTF’s where I focused on reverse engineering challenges. I think all of this really helped in my second attempt.


Unlike the PWK, the CTP doesn’t give you a lot of info at once. It gives you a few things and you are encouraged to take what you have been shown and get more comfortable with it. The old “More than one way to skin a cat” phrase comes to mind. Just because the material shows you one way to do an exploit, you should try to do it different ways. Experiment with it, see what works and what doesn’t. I encourage everyone to take that approach to anything you do. Just because you were shown one way to do something doesn’t mean it’s the only way to do it. You might find a better way, or a way that is easier for you.

That may not be the most in depth review of the CTP, but it’s advise I want everyone to take.