the reason why I’m writing this post is due to the lack of reviews I found online about AWE course offered by offensive security. If you look up for OSCP or OSCE they are plenty but not so much for OSEE/AWE. If there is something I learned from hacking cons is that you can contribute to the infosec world by creating any kind of helpful material for other people (refer to the hacker manifesto); hence I decided to contribute to the infosec world in my own way too.
a little background:
To be honest it took me quite some energy and time to even get into this course due to its high demand and lack of availability. Fast forward I was sitting with almost other 30 students in Blackhat 2018 fronted by the offsec staff to teach us some exploitation black magic; and oh boy was it black magic…
the 4 days of pure pain, loss, and confusion:
There was no time to waste at all; we extended our class hours by 1 hour each day shrinking lunch time and breaks in a hope to absorb as much material in those 4 days as possible, and boy did we fail.
The inspiration:
What kept me so interested and motivated during those 4 days was:
- my absolute love for exploit development.
- The fact that everything I googled led me to Google Project Zero
- The fact that the blackmagic tricks I always saw in the big hacking talks were finally unveiled to me and it was no black magic anymore.
- Ok and maybe I did dream of exploits for 4 nights during this class. Don’t judge me?
day 1 + day 2
Flash 0day bypassing DEP, ASLR, and Sandboxes. Then obviously getting SYSTEM through another 0day.
day 3
0day in Edge browser bypassing all kind of Microsoft sandboxing and security measures for its luxurious new browser “edge” (hardcore af)
I was so lost here due to the amount of information that was thrown at me, and I was not alone. Everyone was lost, and this is normal.
day 4
Kernel (aka ring 0) exploits. Get ready to be friend with blue screen of death because you’re at the core here.
day ∞
after the 4 days; and 4 nights of dreaming of exploits I completely forgot about 80% of the material; which is again “normal”
Now that I have time to self study I will go through the material and study it a bit by bit learning on each step and bang my head on each fail (offsec style…)
Recommendations:
– This class gets sold out in blink of an eye, do not wait and be a hacker to get it (use a script / bot to alert you when registration is open)
– If you’re flying from distance and you will be jet lagged – do some planning how to manage that (this was the hardest part to cope with)
– try to get connected with everyone in your class; you will probably need them! (this is a call for you; join our discord server for AWE here)
– get familiar with WinDBG; I learned a lot from this serie on youtube.
good luck, lol.
Leave a reply