A Journey to OSCE

Several days ago, I took the OSCE exam and passed. It was the first time I tried it, and I completed all the tasks in 11 hours.

In this article, I’ll describe my experience and the methodology that I used, which finally led me to achieve the OSCE certification.

To start, I think it’s fair to mention a little about my experience. I began to get into the hacking and security world during my college time, a good 20+ years ago.

The first article I read on exploitation was Aleph One’s mythical Smashing The Stack For Fun And Profit. It was around 1999 and by that time I knew nothing about computers. The introduction of that article mentioned unknown things like Linux, C, Stack, etc., and it was the first trigger for me to get deep into the security world. As you may guess, it took me several years to fully understand that article, but I learned a LOT during the process. In fact, I wrote several tools at that time to debug and reverse ELF files.

I also started making contributions to the Debian project in 2003, maintaining a core package for Linux at that time: LILO (the ancestor of Grub). With that, I became an official Debian maintainer and still hold that position (aroldan <at> debian.org). I was very active from 2003 to 2013, making contributions to the Debian project, maintaining packages like Prelink and Valgrind, whose manpage I initially wrote (you can see my email in the credits at the end). I also made the first Debian package for Hydra and packaged ERESI.

I’ve earned the CEH certification several times; the last one expired in 2012. The same year, I took the PWK course (although at that time Kali was known as Backtrack) and earned the OSCP certification.

The OSCE was the next step.

In May 2020, during the COVID-19 pandemic, I started the Cracking The Perimeter (CTP) course. You can see the public course syllabus here. I made no previous special preparation for the course, other than my work experience.

My lab time was scheduled to end on the 8th of June, and the OSCE exam was scheduled for the 13th of July.

The web part of the course was practiced using DVWA and BWAPP.

In summary, my total preparation time, including the CTP course and self-study, was around 50 days, with an average daily study time of 9 hours.

The OSCE exam is a VPN network with several objectives to complete. The VPN access is provided for 47h:45m, and they give you another 24 hours after the exam to send a detailed professional report with the findings and objectives.

My exam was scheduled to start on the 13th of July at 2 PM COT. I was pretty anxious about what was going to be presented in the exam. I read a lot of reviews, and almost everyone mentioned that the exam was "brutal," "made by the devil," and the "hardest thing ever tried." When I checked the objectives, I realized that the course was indeed a starting point and that further study of what was taught in the CTP modules is extremely important to complete the exam.

I couldn’t almost sleep that night because of the joy of having achieved all the exam points. The next morning I started writing the exam report. As I had plenty of time, I could get additional screenshots. At around 5 PM on that day, I had it completed. It was a 79-page report. I re-checked it several times, following the exam guide, and finally submitted it to Offsec.

I got the response a couple of days later, saying that I had successfully completed the exam and earned OSCE!

That was my OSCE journey. I can only advise you to take the time to expand what is taught in the course because, in the real world, every application will have its tricks to be exploited, and you won’t have a teacher next to you. Also, in my case, writing articles greatly helped me to consolidate what I had learned. But as always, your mileage may vary.