OSED Review - Offensive Security Exploit Developer

Подписаться 1,7 млн

Просмотров 57 тыс.

50% 1

If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link) My "ROP Ripper" Python script: gist.github.com/JohnHammond/2...
My "Stack String" Python script: gist.github.com/JohnHammond/f...
00:00 Introduction
00:27 What is OSED?
02:30 OSED is newest in the OSCE(3) trio
04:49 What I'll do in this video
05:48 My course timeline
07:38 I was really nervous for the exam
08:19 Clip from the OffSec AMA Webinar
11:09 OSCE(3) Email
12:18 Thoughts on the Course
13:50 Amp up WinDbg
14:45 Take notes (Showcasing my notes)
15:13 Stage and prepare your tools
17:15 Automate the simple stuff
18:30 Join the Offensive Security Discord
19:02 Exam time / Thoughts on the Exam
20:52 The exam report
22:58 Starting questions that you asked me
24:22 "What automation, if any, did you use?"
25:26 "Were the challenges enough to prepare you for the exam?"
26:07 "Any tips/tricks for finding ROP gadgets with Mona?"
28:40 "How is this in comparison to other courses?"
31:30 "Is cert ABC worth it, or should I jump to cert XYZ??"
32:40 "How approachable is this for someone with moderate experience?"
35:20 "What can we do prepare for OSED?"
36:51 "How in-depth is the shellcoding section?"
38:58 "Were there exploits that were already public/known?"
39:30 "What are some recommendations for practicing?"
41:38 "What would you consider to be the most difficult in OSCE(3)?"
43:55 "Can a student fresh out of college do this?"
44:30 "What did you feel was the most challenging?"
47:12 "What was the main thing that kept you running for this?"
50:27 "How good is the content from a learning perspective compared to OSEP?"
52:36 "What would be a pathway from OSCP to OSEP?"
52:50 "Why did you choose to do this course?"
55:49 Outro
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond

Опубликовано:

23 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 108

@andyli 3 года назад

congrats John, OSCE3 would be the dream 😀 I got into the offensive security stuff in part because of your videos, thanks for all the value you put out.

@sharathkumark9692 3 года назад

Congratulations John 🎉🎉 and thank you for sharing your thoughts and experience ❤️❤️

@Westar. 3 года назад

Thanks so much for the tips! I'm hoping to get OSCE3 by the end of the year!

@romel6958 3 года назад

Hey Congrats John, for the OSCE3, Thank you very much, I start the course OSED on July 31, this video is gold

@user-uq5qw1fk3d 3 года назад

Thanks for the awesome review of this John. It sounds like a great course. Congratulations on passing!

@abhishek_k7 3 года назад

Congratulations and thanks for sharing your experience with us

@4ag2 3 года назад

Yessir 🙌 thanks John

@sinwolf5539 3 года назад

Congratulations John , You are an inspiration !!!

@reality144th 9 месяцев назад

Congrats John! 👏🏽 🎉

@BlindHacker 3 года назад

Congrats duder great work!

@granthume6238 3 года назад

Congratulations John!!!

@oldGoatMilk 3 года назад

Gratz John!!

@_CryptoCat 3 года назад

congrats!! im itching to do some more offsec courses 😆

@edoardottt 3 года назад

Congratulations 🎉🎉🎉🎉👏🏼

@KeepItTechie 3 года назад

Congrats John!

@_JohnHammond 3 года назад

Thanks so much!!

@shirshak3699 3 года назад

Congrats sir for OSCE3 and thanks for giving so much motivation.

@bbowling619 3 года назад

keep doing what you are doing dude! You are super special. :) Every time i look around these days... everyone is looking for blue team. I assume that is that starting point John ?

@lonelyorphan9788 3 года назад

Hi John! I'm a big fan. I have my OSCP, and was wondering if the OSED course covered reverse engineering protocols and using fuzzers. Congrats on getting the OSCE3! 🙂

@ayushsingh-ii5ps 3 года назад

Congratulations 🎊 again

@HuyNguyen-hw5eh 3 года назад

Hey John, great review on OSED and congrats on OSC3. Do you have any plans on reviewing OSWE? I'd definitely recommend a review on that course if you are looking for the next video idea. Thanks sharing your experience.

@mikaeleriksson6504 3 года назад

HI, and congratulations. I have a late question. My problem is finding the vuln with reverse engineering. You mention that that the chapter is kind of "rushing trough", and i agree. Im in the spot that i understand and done the course, exploit wise im quite comfortable but it takes to long to find the vulns with IDA and how they teach it doesnt make me comfortable or fast enough (spent 2 days to find the vuln on one of the challanges). Any advice on how to train so i would spot the vuln on the exam?

@mastersili 3 года назад

Congrats!

@viv_2489 3 года назад

Congrats... securitytube is awesome for assembly tutorial

@bbowling619 3 года назад

@john i had a question but my brain barfed . I cant get enough off this stuff !!

@agent2130 3 года назад

Congrats! Question on the lab environment. Is there anything aside from the modules documented in the videos/pdf?

@orgozlan323 3 года назад

Thank you !!!

@sid_mod 3 года назад

Thanks Excited 😀

@ahpadt 3 года назад

Hey John could you do a video on the OSWE course?

@cactusjuice9709 3 года назад

I miss the question about how usefull the OSED knowledge is in real world

@ayushguha7350 3 года назад

No course will offer you real life situations. It can't. You can only offer yourself that. This teaches you the concepts (all of them) related to x86 rev engineering and binary exploitation based on stack only. I don't think they teach heap based. So once you learn these you can keep grinding with real world stuff and, yeah, you'll get real world exp that way.

@cactusjuice9709 3 года назад

@@ayushguha7350 Thank you Ayush, but that was not my question. The question is, how usefull is it in a blackbox app pentest assuming the application the OS is not that old - also assuming there a no low hanging bugs in it. Another meaning of the question could be, how usefull is OSED when hunting for zero days in windows. Did my research now: OSED is still fundamental knowledge. Afaik the closest you can get to real world knowledge via a course (not self taught) is SANS 760.

@ayushguha7350 3 года назад

@@cactusjuice9709 yeah SANS does offer good courses but that is also the reason for its insane price xD. If you wanna find 0 days in windows ( again no course will prepare you for all scenarios) offsec has a AWE course. Advanced windows exploitation. The price is same as a SANS course. There are only limited seats but yeah it does offer great knowledge you can directly take to the field to do black box testing on an app to find 0 days. Also a 0 day can also be an old vulnerability in a new app that wasn't known before due to the different code implementation in the app. So fundamental knowledge is also sometimes useful directly in the field. But yes, offsec themselves agree that osed is an intermediate difficulty course. Anyway keep learning and have fun!

@flapcat4681 Год назад

@@ayushguha7350 can't you just do that without spending $1k on it

@joker35871 2 месяца назад

@@flapcat4681of course you can but it is all about efficiency. An it security consultant brings in more than 1k in an 8 hour day. If this course can save you 8 hours while learning then it is worth it

@noobpentester7412 2 года назад

Hi John, I thank you for great sharing. I have a question. I am wondering about OSEP and OSED. My background is a web pentester / source code review. I had OSCP and OSWE and I am looking for a new certificate to obtain. I want to learn OSED but I afraid it will be too much for me. Hope you can give an advice. Thank you.

@sybersurz3203 3 года назад

One day or day one!💯

@ancientgodempire570 3 года назад

Best way to learn

@rizzoalessandro3450 2 года назад

Is the book.pdf included in the course or you payed it? And there is a way to obtain it not from the course but for example buy it on Amazon?

@pwndumb2903 3 года назад

Hi, I have the retired OSCE and planning to ge the new one OSCEv3.Its a dream but I never imagine hold the old OSCE and I did, so let me dream. Can you advice me if I start with pen 300 or exp-301 ?

@itsfran76 2 года назад

Hey guys wassup! Is the OSED supposed to be taken b4 OSEP ? Whats your take?

@bhagyalakshmi1053 Год назад

You have in the solar Loki man 👍

@ragnarlothbrok367 3 года назад

I just wish all those certs could be cheaper, currently it is like a wall for someone not in sec yet.

@billigerfusel 3 года назад

True. Even if it was 500. It's still a lot, but I would pay that for a good course. But 1500? Jesus.

@sathishganapathy802 3 года назад

Congratulations

@paveekazhagana3106 2 года назад

I like to do OSED but I am not seeing any job openings for OSED. Many openings require OSCP.. please advise which is good for career

@VIVEVIEV 3 года назад

Goat

@LolaBalletAndFigureSkate 3 года назад

Why 13 individuals disliked this video is beyond me. You are AMAZING, John. What an awesome achievement!!

@michaelr.3799 3 года назад

Congratulations.

@shivamnaik7857 3 года назад

Can u show us your note taking strategy with markdown??

@charliecrane253 2 года назад

When can we expect to see this video but for AWAE

@flrn84791 2 года назад

Would have liked a comment on what you think about the course only being about about x86! Having eCXD already, tbh OSED feels like it's going deeper in some areas, but x86 only was a big no-no for me.

@georgiosroumeliotis4383 2 года назад

Hi John , can you make a video about eCXD (eLearnSecurity Certified eXploit Developer) that would be great !

@vsecurity2595 3 года назад

Is it worth to go for OSED ..........i mean to say that is this help in to increase salary.......

@thev01d12 3 года назад

Does osed goes into window's userland heap exploitation?

@jackson_69_69 3 года назад

No. Only stack based.

@learnwithpikes 3 года назад

congrats john, but i have question how do you manage money for such expansive certificates?

@neunzehnvierundachtzig 3 года назад

Bruh

@nahrms 3 года назад

congrats

@th30c0der3 6 месяцев назад

is the online course come only PDF or video i don't like courses without teachers

@cyberthozha3522 3 года назад

Hello ser please offensive books tel me last release

@Mind8hunter 3 года назад

Nice 1

@TrapFenix 3 года назад

i'm just new to hacking how i can study it and what is the best certifications i can get i don't have any knowledge about network or web application

@russnemet1158 3 года назад

Go to INE .com you can take there pen tester classes for free currently. The ejpt exam will cost $200 . It's where I startrd ejpt cert probably won't land you a job but it's a great starting block

@thunderhit4220 3 года назад

I am not able to join ur community on discord. some one kicking me out... Please check that on

@shah2003 3 года назад

Where to start learn Ethical hacking suggest Best way , please sir

@Cossaw 3 года назад

14:56 What notetaking application is that?

@DHIRAL2908 3 года назад

Obsidian!

@Cossaw 3 года назад

@@DHIRAL2908 many thanks human!

@SharminSultana-us9rw 3 года назад

Plz make OSWE review

@bhagyalakshmi1053 Год назад

Interval or false interview details you have in the for you passing exit mint congratulation brother

@christopherhernandez8618 2 года назад

Hey you should get offsec to let you review the OSEE exam.

@hughhefner4774 3 года назад

Iv read a lot of backlash for this course due to it being “outdated” and just focusing on 32 bit. Of course you need to learn how to walk before you run but there are other courses that deal with modern “64bit” exploitation . Would this course still be worth gaining the knowledge even tho its 32 bit exploitation course

@DanaEpp 3 года назад

Yes it is worth it. EXP-301 has been designed to walk you through ASLR bypass and defeating DEP with ROP chains. In fact, you will practice on Windows 10, which is unlike most courses based on XP/Win7. Learning to work with 32bit registers can easily be scaled to 64bit registers later. And think about it… many apps on Windows are still running 32bit. Don’t believe me? Look in C:\Program Files (x86) :-)

@ashokc1988 3 года назад

Cool

@lefteriseleftheriades7381 Год назад

Why does a windows exploit development course require linux?

@md9936 3 года назад

Do you recommend SANS as alternative ?.

@visveshkasodariya9616 3 года назад

Do you have money & brains then yes.

@russnemet1158 3 года назад

If you have 7 grand sure

@MygenteTV Год назад

@@visveshkasodariya9616 hi can you please tell me the difference between offensive security and san? Also what is the certs you get from them? In OFfsec you get the oscp, what is that you get from sans?

@Aerogamer158 3 года назад

Read twice, write notes three times, and you’ll remember the information, but it’s a pain in the ass. Congratulations on passing.

@LordKing13 3 года назад

can u do the oscp review? thx

@DHIRAL2908 3 года назад

He already has 2-3!

@LordKing13 3 года назад

@@DHIRAL2908 thx bro

@Mind8hunter 3 года назад

We can jam a jammer??

@rajarshibasak559 3 года назад

Hey guys one question, Suppose I named a php file as a.jpg.when I will execute in server will it run? If not then why in "file upload vulnerability" Room of tryhackme when we executing a php file which have jpg extention is working!!! Pleaseee help me.

@reed8246 3 года назад

45:30 Discord ping in video. PepeHands

@JohnDoe-bp1wb 3 года назад

naaaah man, Ed Sheeran is a Cyber Sec guy now? 2021 has been a weird year!

@Ham_B18 3 года назад

his voice is familiar... Ippsec are you?

@draeysta9379 3 года назад

One question, how many years did it take you to get it, and how many years would it take an average person to get this certification in your opinion?

@marouane978 3 года назад

❤❤❤❤❤❤💖💖💖💖💖💖👏👏👏

@kiki-ig8fq 3 года назад

WHERE'S THE OSWE REVIEW JOHN! sorry caps...

@liorhakmon3590 3 года назад

Take the OSEE !

@_JohnHammond 3 года назад

I've been on the student roster for Black Hat's OSEE training for two years now but it keeps getting cancelled due to COVID T_T :sob: :sob: :sob:

@liorhakmon3590 3 года назад

@@_JohnHammond 😩

@billigerfusel 3 года назад

>Sounds interesting, I could spend a few bucks >register >costs 1500 bucks >surprised Pikachu face Guess I'm not going to learn anything about that.

@taiquangong9912 2 года назад

Hearing this makes me feel stupid.

@joaneniorishagbe3284 2 года назад

Hello sir pls I need your help I am your faithful subscriber pls I need tour help

@vidursharma3766 3 года назад

1 more add please :(

@rhinofart89 3 года назад

I personally don’t care if I fail either but my bank account does. I’m broke as shit. I’ve been failing my whole life part of the reason I’m broke as shit lmao

@bhagyalakshmi1053 Год назад

Durex play ne is not Vuitton full understanding was this you are understanding what you are talking little bit for your understanding and not well you fully understand you wash your happiness or two for you this video to creation what's the monster