From AWAE to OSWE: The Preperation Guide

5. August 2019

oswe

As promised on Twitter this post will document my steps through the OSWE exam preperation.

Searching for available study material

After some google action i found some useful stuff

  • AWAE-PREP – GitHub Repo
    A lot of trainings, courses and other random stuff for the AWAE preperation.
  • OSWE – GitHub Repo
    Additionall sources about the vulnerabilites and exploits within the AWAE course material.
  • OSWE Preperation – YouTube Playlist
    I found a lot of interesting videos about Deserialization (important topic!), so i created a small playlist on my YouTube Channel.

Step 1: The Plan

I decided to follow the training order mentioned in AWAE-PREP because it seemed logical considering the AWAE course material.

Step 2: Start

Javascript

I started with the Javascript for Pentesters course on Pentester Academy. I learned some useful stuff to create even more customized XSS Payloads with fancy functions xD. Some examples are Multi-Level JSON/XML/HTML Parsing, CSRF Token Manipulation, Posting/ Fetching XMLhttpRequests or Stealing data from fields with autocomplete.

SQLi

I also ordered a awesome book about SQLi. So far i have only read 50 pages but i highly recommend this one! You will learn the very basics of most SQLi vectors and sharpen your skills for more sophisticated attacks! I will add more information when reading further 😉

Random Stuff

Loading…

This post will frequently be updated, so watch my Twitter Feed or visit this page again 😉
As always, every feedback is very welcome (please via Twitter)!

Sie sehen gerade einen Platzhalterinhalt von Facebook. Um auf den eigentlichen Inhalt zuzugreifen, klicken Sie auf die Schaltfläche unten. Bitte beachten Sie, dass dabei Daten an Drittanbieter weitergegeben werden.

Mehr Informationen

Ähnliche Beiträge

After gaining my OSCP in June i decided to go deeper into exploitDev and shellcoding. And here we are, this [...]

9. Oktober 2017

Welcome back to my second post for the SLAE certification. Today we are going to build a reverse_shell shellcode and [...]

9. Oktober 2017

Ready for the next level? – Method to exploit software even with small space for shellcode: EggHunting The third task [...]

9. Oktober 2017

Hey ho, it’s time for some low-level shellcode encoding. After going through the encoder examples of the SLAE material i [...]

9. Oktober 2017