Links

OSED Review by a lazy slacker

2022-11-15
OSED Digital Badge. I wonder why is there a fox there?

Disclaimer

This review is written by someone working on security professionally for life (read: for money) for almost 5 years. I also somewhat have experiences on developing Linux kernel exploit.

Thought on the Materials

I think this course is perfect for beginners, not for experienced exploit developers. This course provides a good opportunity for students trying to get their hands on exploit development. The course will help you get a solid foundation, but does not really discuss intermediate topics, everything feels basic.
One more rant, this is NOT a course for people trying to find or look for vulnerabilities. The reverse engineering topic feels very rushed and skips straight to the vulnerabilities.

What did I prepare for the Exam

To be honest, I just skimmed through the materials for few days and directly booked the exam within 2 weeks after starting the course. Though, I ended up fully reading the courses during the 48-hours exam while debugging my solution
😥
. To be fair, this is quite a ridiculous move, since the exam felt very similar to what had been taught in the course.
There is one specific topic in the course that you guys must do. This one topic really helps a lot during the exam.
I didn't prepare any code to automate anything. Though to be honest, it might be good to prepare something to help finding good ROP gadgets.

What happened during the Exam?

​Read the exam guide. The exam is comprised of three independent tasks. I spent around 5 hours on finishing the first assignment. Took 2 hours break, then started working on the second assignment. I spent around 8 hours with steady progress on the second task, then got stuck by an error for a few hours before I started re-reading the course material... Shit! this error was literally explained in the material
😱
. I decided to sleep because of this frustration...
I woke up the next day and started to continue working on the second assignment. Spent around 6 hours until I finished it. There were still some time to work on the third assignment, but being a lazy slacker as I am, I decided to not do it (hey, I already had enough point to pass at this point!). Instead, I started working on my report. I wonder what the proctor thinks when they see my monitor...
The report took way too longer time more than I expected. I ended my exam, got some sleep, then continued on the report. In total, I spent like 16 hours for it
🤔
, in total it's almost 80 pages.

Final remarks

I really appreciate the OffSec team for their timeliness. There was no issues at all during the exam. What's more surprising is that they are very fast. I got my exam result within 1 business day, although they mentioned it would take 10 business days.
​