Hello everyone, it has been a while since i have posted but life and laziness got the better of me. I have been into the army and right after i joined Accenture in Prague. I have great news since i managed to attend AWE course from offensive security as the next step through my certification journey. For those that do not know, AWE course stands for Advanced Windows Exploitation and leads to the next certification from OFFSEC, called OSEE.
It is quite hard to even get a sit for this course because usually it happens in Las Vegas and they don’t get many people for this. ( I think like 30 max, not sure) So basically you need to register asap when the registrations open but luckily OFFSEC provided the course in London the previous week and i managed to get a seat! The course was amazing and at the same time super hard. The instructors were awesome. Honestly i didn’t want the course to end.
I know people have been saying the course is super hard and such but let me tell you, they are DEAD WRONG. IT IS SO SO SO SO SO FUCKING HARD THAT YOU CAN’T KEEP UP. If you are a master at roping and paging and structure expert of the kernel and its functions then you will be ok but unfortunately i was not. People ask me, how i was prepared and what to study to prepare for this, well my honest answer is that you can’t be prepared enough for this, just learn roping as good as you can. Good thing is that the instructors and the course do not expect from you to know it all.
So let’s start with the review.
1st Day: We started in a light manner by going through shellcode creation module which contained the mystical art of independent windows version shellcode creation without null bytes.(That was not so hard and we were still fine) Although the day was not even half way over(since we were doing the course like 8 hours per day for 5 days)and we started doing flash exploitation which was not very comfortable to do because it is not easy to debug it. Luckily OFFSEC had the answer for that. So we moved on a bit and the day was over. ( Still okay, we thought that we might survive this and in the end it wouldn’t be so hard….oh boy, were we wrong…)
2nd Day: We continued doing flash exploitation the whole day creating ROPs and bypassing so many protections, that at point things stopped make sense(In my opinion this was the worst day), i can’t really say much, they just jammed information at us.
3rd Day: The flash exploitation still was NOT over since EAF and Sandbox bypass came to play with us as well but in the end we bypassed. We still have like 5 hours on this day, so we moved onto the next module, Microsoft Edge(I was thinking this would be an easier module, which it was but still…), apparently as the instructor said Microsoft Edge is the most secure browser(maybe the worst performance wise) and he was right. We were bypassing protections and then we would add more and more and more but the day was over and we had to continue the next one.
4th Day: Continuing with the Microsoft Edge exploitation, as if it wasn’t enough to bypass all these protections the instructor was adding more to absolutely laugh with microsoft edge being the most secure browser. In the end, i think we bypassed a total of 10 protections?( maybe more? maybe less? i really can’t remember, they were too many). This was the CRAZIEST exploit i have ever seen in my life. I can’t say what it did but trust me, it was crazy. Then we didn’t have much time and we dived a bit into kernel exploitation.(Good for me that i had spent some time on kernel exploitation the past year and i was easily able to keep up with the module)
5th and last day: Last day, i was feeling a bit sad for the course to end but there is no time for crying. Kernel exploitation was here(it was the module that i wanted to check the most) and i was able to keep up relatively good, we did some amazing stuff there by tackling fortinet shield driver and getting a nice escalated shell.
Overall the instructors and the course are amazing and i highly recommend it to everyone but i WARN you, the difficulty between OSCE and the AWE Course is huuuuge!
They said the exam will be much easier than the course which makes sense because noone would pass. The instructors even gave us their emails so we can contact them for further questions. So offsec was pretty cool. Fun fact, they told us that only 1/3 of people that attend the course take the actual exam so you can imagine how hard it is. If you count it, the people that contain OSEE should be less than 150 people but maybe i am wrong.
Bye everyone have a great day!