About

With 15+ years of combined experience between Software Development (8 years) and Cybersecurity (7+ years), currently I’m a fully remote Software Security Researcher conducting application vulnerability research in order to enhance existing security products.

Previously I was a Systems Security Advisor working on Cyber Risk Management and before that I was a Security Tech Lead and a Penetration Tester assessing the security of Web and Mobile applications as well as APIs.

I also worked 8 years as a Software Developer coding Web Applications in C#, PHP and Java (but nowadays I mostly use Python for scripting).

I’m OSCP and OSWE certified, highly motivated, self-driven and always up for a challenge.


OSWE Experience

oswe-feat-imgThe OSWE is the Offensive Security Web Expert certification you earn when completing the recently re-branded WEB-300 course (Advanced Web Attacks and Exploitation) and of course you also need to take and pass the fully-proctored 48 hour exam.

The course uses mostly a whitebox/code review approach, where students are required to read and understand the code of different applications written in different programming languages such as: C#, Java, PHP and Javascript as we as SQL for databases.

You can find my experience on the OSWE certification in this blog post: The OSWE in Review.

OSCP Experience

The first part of the challenge was getting certified, we looked around at what options were available that will give us a good base of penetration testing skills. After thorough research and a great number of positive reviews, the Offensive Security’s OSCP came out on top as the best option. In hindsight, no doubt, this was the right call.

Preparation
One of the things I decided from the beginning was that, if I was going to do this, I was going to do it the right way, for me, that meant to thoroughly study the certification material, do each and every one of the exercises, keep a clear and complete record of everything I did and, of course, make the most out of the provided lab environment.

Certification Material
One pretty long PDF, accompanied with a bunch of explanatory videos and a lab machine though. I went through the PDF line by line, covering every video and doing each of the exercises, I have to admit I was very exited about learning all this new stuff (new to me). The materials were well explained and and easy to follow, it started from the basics on how to use Linux, what are the essential tools and how to use them, how to do reconnaissance and information gathering, vulnerability scanning, buffer overflows, working with exploits, privilege escalation, different kinds of attacks, port forwarding and finally into the Metasploit framework. To me, the most interesting sections and exercises were those developed in the buffer overflow, port forwarding and Metasploit sections. At the end of the material there also was a use case example, in which you would see an example of how to put everything together and see it work on a hypothetical scenario.

The Lab
The most fun part, but you have to try hard. Along with the certification material you will get a set of credentials to access the lab over a VPN connection, here you will find a bunch of targets spread over multiple network levels. Targets vary in complexity of exploitability, from “huh, that was easy” to “damn, I can’t spend more time on this one“. I had a lot of fun in the lab and was able to crack most of the machines, but there were certainly a few that I couldn’t figure out how to break in. The Offensive Security folks also provide an IRC channel where you can chat with admins and get some guidance, they are helpful, but you really need to know how to approach them, as a rule, I first tried everything I could think and exhausted all my options and it was only until I ran out of ideas that I would approach them, you need to clearly communicate what have you have tried and what was your trail of thought, otherwise, you will get their generic, Try Harder!

In both cases, while covering the certification material and working with the lab, I always made sure to keep a clean record of the exercises and thorough report of each of the cracked machines and what steps I followed to cracked them. This will not only let you easily go back and review what you did in a specific case, but you can also attach these documents as proof of the work you did in getting prepared for the exam, and, in case you might need it, it could help you in passing your certification exam.

The Exam
One word, brutal! The toughest exams I have taken so far, one good advise here, take one or two days off before going for the exam, that way you’ll be well rested, believe me, you’ll need it. With your exam package, you will also receive a set of credentials to access the exam network over a VPN, in this network you’ll find five machines that you need to break in and escalate privileges in the next 24 hours (cracking a machine without getting root or admin level rights will only give you part of the points the box is worth). With the PDF exam at hand, the first thing I did was give it a quick read to see what I was against, in my case, the easiest box was 10 points and the toughest was a buffer overflow exercise worth of 25 points.

Even though a good part of the certification material deals with using the Metasploit framework, you will be allowed limited usage of it during the exam, you can use the framework only on those boxes marked as “Metasploit allowed”, otherwise, you risk losing the points for that box. In my opinion, it’s a good idea to start with one the easy boxes, so you can crack it and get a confidence boost, I did however, not started with the 10 point machine, instead, I started with one of the 20 points. After cracking a couple of the boxes, I decided it was time to give it a try to the buffer overflow box, while analyzing the exercise, it was clear that the goal was not to write the buffer overflow exploit from scratch, instead, one had to research exploits online and find one for the target system, after finding one and tweaking the python code enough to exploit the buffer overflow vulnerability on the test machine I was able to gain code execution, from there, it was a matter of switching my payload for a meterpreter reverse shell and, ¡voalá!, got the session back on the Metasploit console, that was, indeed, the confidence boost I needed to carry on with the remaining hours and complete the exam, no doubt I needed the 24 hours!

Turning the Report In
Right after I finished the exam, I had one thing and one thing only on my mind, “I need to sleep“. After sleeping for a couple of hours, I started preparing my exam report, thankfully, my notes were detailed enough to create a decent report. After putting my exam report, lab report and certification material notes all together, I was ready to submit for examination, I did that and, of course, went back to sleep!

Getting Exam Results
A couple of very long days later, I got an email from the Offensive Security folks saying that I passed the exam, though, no grade was given.

Tips

  1. Go for this cert if what you need is to improve your pentest technical skills.
  2. Get at least a 3 month deal on your lab access.
  3. Cover the certification materials thoroughly, grind it!
  4. Keep a complete record of the exercises, in the lab and in the exam.
  5. Get the most out of the lab, crack as many machines as possible. Do practice!
  6. Plan your exam date in advance.
  7. Have some food (or snacks) and drinks ready for your exam.
  8. Take one or two days off and a good night sleep before the exam.
  9. Start small but carefully manage your 24 hours.
  10. Take time to create a thorough and complete exam and lab report.

Coding Experience

After graduating, I started working as a .net developer in the same company I did my graduation project. After a couple of years working there, I already needed a change and moved into a new town, a new company and a new technology. Coding in Java was a great experience and have to admit, I invest a lot of myself in this new position, sadly, this was around 2008 and the financial crisis hit the company really hard, for which I had to forcibly move again and started working with C# and PHP, this one was a local company though, the experience and people there were awesome, however, after about three years I needed a change again!

Moving into the company I currently work for, I started as a Sr. developer and Technical Leader, three years later I got to the point where I had to decide whether I wanted to move into project management or keep working as a coder. I love coding, but sadly there were not many career path options at the moment. This was the time where a couple of opportunities came together and was able to transition into move into the Information Security department and started working as a pentester, this was certainly a challenge for me, but one I was eager to tackle. Coding and hacking goes together.