My Journey into the eCPPTv2 Certification - Part 1
Well, to be honest im taking my eCPPTv2 because I cannot take my OSCP due to age and this cert covering alot of the same topics and being refered to by others as a “OSCP lite” I felt like this would be a good stepping stone to my OSCP when I am able too.
System Security a.k.a ASM BOF madness
I found the first module quite useful as i’ve never really gotten into debugging x86 programs or any programs for that matter. I found it quite interesting learning about how the stack works, registers and all the ever so fun aspects of assembly. I found it quite intriging to learn about how if your dont properly sanatize your inputs you can break out of the box(buffer) your given and then use that to exploit a machine. I feel like BOF exploits are really only usable in cases where its a SUID binary though, or maybe in the case where you arent even in the system at all maybe from a web panel or something.
I have only just begun this module and so far it has only talked about OSINT(Open source intellegence gathering), it may seem boring and like just google it but there is alot of tiny things that you may over look that can turn out to be very useful. It also touched on trying to make a map of everything by showing how each piece of information relates to each-other in a nice visual which I feel like can definetly be used in a attack due to its easyness to quickly see so many things about a target and see what is important very quickly
As I continue with this certification I plan to make a part 2 maybe even 3/4 so stay tuned :)