/* CAT(1) */

By Jeff White (karttoon)

Let me just start out by saying that I generally dislike certificates, which is a bit ironic if you know me since I collect `em like Pokemon. My dislike stems from all of the companies that require them for jobs and people who go around certificate thumping as if it truly conveys your abilities. Let's be real here - most certificates are acquired by taking multiple-choice exams that boil down to your ability to memorize text and less about whether you can actually apply that knowledge. To reinforce this sad reality, over the past few years, I've had the unfortunate displeasure of interviewing hundreds of candidates that have just further justified my disdain at the certificate landscape.

So why bother? Well, certificates and their accompanying courses are excellent ways to get exposure to a new knowledge domain in a structured format. I love technology, I love learning, and I like to dabble in everything so I bounce around all of the time picking new subjects to learn about. Rewind about 7 years ago and Offensive Security came on the scene with their initial roll out of courses (PWB, CTP, etc). When I read about the course and the labs setup with over 50 hosts to simulate an actual layered network I began to get excited. It was a unique approach compared to everything else at the time and I happily drank the Kool-Aid of "try harder". Since they came out, I've been lucky enough to take the majority of their courses: PWB, PWK, WiFu, and now CTP.

The course materials are always adequate but usually only touch on a handful of core topics, along with some how-to practical usage of tools. The labs are really what set them apart from other courses in the industry. Hell, I've even bought independent lab time just to play in the PWB/PWK sandboxes because I kept learning so much new stuff each go - plus they're just fun! You end up learning exponentially more than you do from the provided material as you battle your way through machine after machine. At least that's how PWB and PWK were...


I was on the fence about taking CTP. Everyone from co-workers to friends literally warned me against doing so. But, having really enjoyed all of the previous courses, I signed-up anyway. While I generally disagree with them, CTP was a bit of a let down for me in terms of the course material and labs. The material provided in the course is on par with their other courses as they explain each topic and walk you through doing it...but then that's about it. You do the exercise, move onto the next, rinse and repeat until the course is over.

There are no other machines to practice against and the part I always looked forward to in their courses felt absent - personal discovery. To compensate for this, on each exercise, I would force myself to create some kind of challenge so that it wasn't just following the course material and I could get some critical thinking in. I'd highly recommend doing the same if you take the course: create scripts for tasks, write your own assembly, find a way to beat the challenge without going the provided route. Given all of this, I still feel that I learned a bit and, for that, I think the course was worth it. It was nothing groundbreaking and the concepts weren't foreign to me, but I'd also never actually applied most of that knowledge.

My only real complaint was that my provided lab machine appeared to have its virtual snapshot created *after* another student took the course. I had to un-do a lot of their exploits and make things "original" again, which was very annoying at times. I bought 60 days of lab time but finished the course in about two to three weeks of casual work, so I never bothered to ask them to fix it.

While I was considering whether or not to take the course, I read through a lot of reviews and the number one complaint was about the material being dated, which is true, as it doesn't appear to have been updated since it came out. I didn't personally find this to be a deal breaker. The course sets out to give you a core understanding of some exploitation principals and it successfully does this. I didn't feel it was about whether or not I was using the latest technique, but whether or not I grasped when and why a technique should be employed.

Overall, I thought the course was a good primer for Windows exploitation and would be a great compliment to SANS 660 (Advanced Penetration Testing, Exploit Writing, and Ethical Hacking) if you get the opportunity to take it.


The exam is similar to the rest of the Offensive Security exams. You're given 48 hours to complete a number of challenges and each challenge tests your fundamental understanding of the concepts from the course. Unlike the OSCP, everything you need to know to pass is in the course, which might be a product of the fact that they don't have any open lab activities.

Of course, in typical Offensive Security fashion, nothing is quite as it seems and you'll have to think outside the box to figure out how to apply the knowledge from the course. I spent a lot of my time writing x86 assembly, which I really enjoyed, but also a lot of time doing manual tasks that I could (should) have automated during the CTP course. I let my confidence in the understanding of the techniques get the better of me. Automate, automate, and automate! It'll save you hours of time but also make sure you truly understand how the techniques work.

My approach to the exam was to knock out the highest point value challenges first; however, I hit walls about 8 hours into them and switched to the lower challenges. I did 8AM-4AM, with breaks for food and family, and then started again around 8AM the next day. I called it quits around 10PM and spent the rest of the night writing my report. I'd hazard that I worked on it about 32 hours over the two days, which surprisingly wasn't too bad as I was hopped up on adrenaline and massive amounts of coffee. The next few days I was a mental and physical wreck though. #worthit

Older posts...