Offensive Security Exploit Developer
OffSec Exploit Developers (OSEDs) have the skills and expertise necessary to write their own shellcode and create custom exploits from scratch. They can use these exploits to reverse-engineer bugs and bypass common Windows security mitigations.
* Bypass basic security mitigations such as DEP and ASLR
* Exploit format string specifiers
* Find bugs in binary applications to create custom exploits
They are able to adapt older exploitation techniques to more modern versions of Windows and execute them at a higher level than an OSCP. The OSED certification is one part of the updated, three-part OSCE cert.
eLearnSecurity Certified Exploit Developer
eCXD is an eLearnSecurity Certified eXploit Developer certification from eLearnSecurity. The purpose of the course is to learn Windows and Linux binary exploitation such as buffer overflow, DEP bypass, Ret-to-libc.
Offensive Security Certified Expert
OSCEs have expert-level penetration testing skills. They have proven that they can craft their own exploits, execute attacks to compromise systems, and gain administrative access. The intense 48-hour exam also demonstrates that OSCEs have an above-average degree of persistence, determination, and ability to perform under pressure.
* Debug Windows binaries
* Work through encoding issues and space restrictions while crafting exploits
* Understand PE structure to learn techniques that backdoor executables and bypass AV
* Use creative and lateral thinking to achieve an expanded view of standard vectors
* Think outside the box to determine innovative ways of penetrating internal networks
An OSCE also has familiarity with more advanced protections like ASLR.
Offensive Security Experienced Penetration Tester
OffSec Experienced Penetration Testers (OSEPs) have the skills and expertise necessary to conduct penetration tests against hardened systems. They’ve proven their ability to identify more impactful intrusion opportunties and execute advanced, organized attacks in a controlled and focused manner.
* Bypass security defenses
* Perform advanced attacks while avoiding detection
* Compromise systems configured with security in mind
They are able to assess systems and execute penetration tests at a higher level than an OSCP. The OSEP certification is one part of the updated, three-part OSCE cert.
Active Directory Certificate Service Attacks
The Certified Enterprise Security Professional - AD CS (CESP - ADCS) is a fully hands-on certification.
To be certified, a student needs to solve an exam lab that contains fully patched Active Directory Certificate Services environment with fully patched Server 2022 machines within 24 hours. The certification challenges a student to compromise Active Directory Certificate Services by abusing misconfigurations, default settings, features and functionalities without relying on patchable exploits.
A certification holder has demonstrated the skills to understand and assess security of an AD CS environment. A non-exhaustive list of skills:
- AD CS Enumeration
- Stealing Certificates using Windows Crypto APIs, DPAPI, User store, Machine store and disk.
- Domain Privilege Escalation by abusing settings and misconfigurations like Enrollee Supplies Subject, Enrollment Agent EKUs, Overly permissive ACLs on Certificate Templates and CA, Abusing CA Roles, Relaying to HTTP Endpoints and more.
- Machine and User Persistence by requesting and renewing certificates
- Domain Persistence using Forged certificates, Stolen Trusted Root certificates and more.
- Abusing SSH CA Signers on Linux machines for Lateral Movement
- Abusing VPN with Certificate-based authentication to pivot to different networks.
- Pivoting to Azure by abusing Azure AD CBA.
Certified Enterprise Security Controls Attack Specialist
Certified Enterprise Security Controls Attack Specialist Badge is earned by completing the CyberWarFare Labs CESC-AS Course and successfully passing 24 hours hands-on practical examination in Simulated enterprise environment with well equipped defensive controls.
The holder of Enterprise Security Controls Attack Specialist [CESC-AS] Certificate possess the capability of the following demanding skills :
1) Knowledge of Red Team Methodologies in Enterprise Environments
2) Planning & executing an organized sophisticated attack
3) Leveraging in-memory implants & enterprise security solutions
4) Bypassing Security Controls deployed with Host& Network
5) Custom exploit writing based on variety of scenarios
6) Perform stealth operations under monitored or hardened environment
7) Bypassing AV, EDR & network-level restrictions
Certified Red Team Professional
The Certified Red Team Professional (CRTP) is a completely hands-on certification. To be certified, a student must solve practical and realistic challenges in our fully patched Windows infrastructure labs containing multiple Active Directory domains and forests with Server 2022 and above machines within 24 hours and submit a report. The certification challenges a student to compromise Active Directory by abusing features and functionalities without relying on patchable exploits.
A certification holder has demonstrated the skills to understand and assess security of an Active Directory environment. A non-exhaustive list of skills:
- Active Directory Enumeration
- Local Privilege Escalation
- Domain Privilege Escalation using Kerberoast, Kerberos delegation, Abusing protected groups, abusing enterprise applications and more.
- Domain Persistence and Dominance using Golden and Silver ticket, Skeleton key, DSRM abuse, AdminSDHolder, DCSync, ACLs abuse, host security descriptors and more.
- Forest privilege escalation using cross trust attacks.
- Inter-forest trust attacks
Zero-Point Security Certified Red Team Operator
Holders of the Red Team Operator badge have demonstrated their knowledge of adversary simulation, command & control, engagement planning and time management. They can perform each stage of an attack lifecycle from initial compromise, to full domain takeover, data hunting, and exfiltration; whilst being aware of OPSEC concerns and bypassing defences.
Offensive Security Certified Professional
An OSCP has demonstrated the ability to use persistence, creativity, and perceptiveness to identify vulnerabilities and execute organized attacks under tight time constraints. They can:
* Use information gathering techniques to identify and enumerate targets running various operating systems and services
* Write scripts and tools to aid in the penetration testing process
* Analyze, correct, modify, cross-compile, and port public exploit code
* Conduct remote, local privilege escalation, and client-side attacks
* Identify and exploit XSS, SQL injection, and file inclusion vulnerabilities in web applications
* Leverage tunneling techniques to pivot between networks
OSCP holders have also shown they can think outside the box while managing both time and resources.
eLearnSecurity Certified Professional Penetration Tester
eCPPT is a 100% practical and highly respected Ethical Hacking and Penetration Testing Professional certification counting certified professional in all the seven continents.
The eCPPT assesses and certifies your skills in the following areas:
* Penetration testing processes and methodologies, against Windows and Linux targets
* Vulnerability Assessment of Networks
* Vulnerability Assessment of Web Applications
* Advanced Exploitation with Metasploit
* Performing Attacks in Pivoting
* Web application Manual exploitation
* Information Gathering and Reconnaissance
* Scanning and Profiling the target
* Privilege escalation and Persistence
* Exploit Development
* Advanced Reporting skills and Remediation
Metasploit Framework Expert
The SecurityTube Metasploit Framework Expert (SMFE) is an online certification on the Metasploit Framework. This course is ideal for penetration testers, security enthusiasts and network administrators. The course leading to the certification exam is entirely practical and hands-on in nature. The final certification exam is fully practical as well and tests the student's ability to think out of the box and is based on the application of knowledge in practical real life scenarios.
A brief list of topics to be covered in this course includes:
* Metasploit Basics and Framework Organization
* Server and Client Side Exploitation
* Meterpreter - Extensions and Scripting
* Database Integration and Automated Exploitation
* Post Exploitation Kung-Fu - Exploring the system, Privilege escalation, Log deletion and AV / Firewall bypass
* Token stealing and impersonation, Backdoors and Rootkits, Pivoting and Port forwarding, Railgun and Custom Scripting, Backdoor an Executable
* Ruby Primer for Hackers
* Writing Metasploit Modules - Auxiliary and Exploit
* Exploit research with Metasploit- Buffer Overlows, SEH, DEP Bypass, Return Oriented Programming
The main focus is on the various possibilities for an attacker to carry out even complex attacks and discover the hidden world behind a simple XSS.
OSSTMM Professional Security Analyst
The OPSA is a technical, skills-based certification designed to accredit professional security analysts.