A Recent OSCE in Our TeamA short interview with Andres Roldan
By Felipe Ruiz | September 07, 2020
A few days ago,
Fluid Attacks' Offensive Team Leader Andres Roldan,
published a blog post about his 'Journey to OSCE.'
After reading it and showing more interest in his experience,
we had some questions, which Andres was kind enough to answer.
Here we share with you some of his insights:
Why do you think you gravitated to the issues of hacking and cybersecurity initially?
I’ve always been curious about how things work. In college, while studying Business Administration, some 20 years ago, I once read or heard the word 'Hacker' and started reading about what it meant to be a hacker and what skills were required. At that time, Windows 98 was in use, and terms like 'hacker,' 'cracker,' and 'phreaker' were popular. Besides, Kevin Mitnick was an idol, and the movies Matrix and Takedown were released. That atmosphere of deep knowledge was what led me to change careers and start on the path of cybersecurity.
Why did you read Aleph One’s article about exploitation if you didn’t know anything about computers?
If you searched in Altavista (the Google of 20 years ago) for terms related to 'hacking,' that was one of the results. That article was launched in Phrack magazine, which is still a reference point for security issues.
How and when did you discover Fluid Attacks? What were the requirements to fulfill at that time to become part of the company?
Fluid Attacks, I had a cybersecurity company, but it was not successful.
Fluid Attackswas created by some friends in 2001. When they found out that my company was closed, they interviewed me and asked me about my knowledge. By that time (ending 2002), the experience I had acquired (in Linux, security, and hacking) by studying on my own was enough to get me into
What kind of skills and knowledge do you think a person should possess to achieve this OSCE certification?
CTPcourse is designed to help you think in a creative way when you are doing an intrusion. Knowledge is gained through study and discipline, but the key is the ability to think outside the box to resolve problems.
You told us that you did the CTP course modules several times. Why did you do that?
Because there are many variables to take into account when creating an exploit. You have to understand every step, every instruction, and why. Every application is different, and you can’t apply 'by heart' attack patterns. You have to understand the reason for each step, and that is accomplished by repetition.
What is it that changes so much between the laboratory in the course and the exam?
The techniques to solve the exam are taught in the course. However, the exam exercises are not solved in the same way as the course exercises. It is necessary to understand the problem, understand the target’s environment, and reuse what has been learned creatively.
How does the 'Hack The Box' machines' difficulty level compare to these lab and test exercises?
Hack The Box machines do a great job making you think out-of-the-box. These machines use different techniques, commonly employed on
CTFchallenges, but are uncommon in the real world. On the other hand, the
CTPcourse has exercises to exploit real applications and real vulnerabilities using fuzzing and reverse engineering techniques and focused on finding 0-days.
Which were the most complex challenges in the exam?
Due to Offensive Security certification policies, students can’t talk much about the exam details. However, all of the exam points are not straightforward. You have to really understand what’s going on before attempting to create a solution for the challenge. Reading the objectives in detail for each exam point will give you a better understanding of how to approach the solution.
What would you recommend to those who want to obtain this certification?
As I mentioned in the blog post, you should perform extra self-training after the
CTPcourse. I, for instance, exploited several known vulnerabilities from scratch, using my methods and exploits. Furthermore, although it’s not required to have the
OSCPcertification to obtain the
OSCE, I strongly recommend it. Offensive Security certifications are meant to be hard, and having experience with other certifications before
OSCEwill be an advantage.
Regarding certificates, what is the next goal you have in mind?
The current version of
OSCEcertification will disappear this year. It will be replaced by 2 different certifications that, along with
OSWE, would be a new
OSCE. However, those 2 new certifications are not ready yet. For now, I already have a spot for the Advanced Windows Exploitation course that will take place in London in April 2021. That is the course required before attempting to obtain the
OSEEcertification, which is regarded as the most difficult exploitation certification in the world.