In my prior post, I talked about what my goals were post-OSCP. XDS was one of them. It's been a few months since then and I've completed the XDS course and its accompanying exam. I wanted to take this opportunity to reflect back on the course material and its exam while also providing my overall opinion on the certification as whole.
Exploit Development is its own entire subfield of penetration testing. A whole lot of similar skills are required from your bread and butter network pen-testing stuff. You'll still need a solid understanding of OS level functionalities and you should be comfortable writing some basic scripts. Prior to starting this course you should be comfortable looking at Assembly and navigating your way around GDB and Immunity Debugger. The course walks you through a basic Windows and Linux stack overflow and both Debugging solutions. However, despite this I found the introduction to these tools somewhat lacking and had to supplement it with some additional resources.
eLearnSecurity suggest that this course be taken after PTS. I disagree as I found the contents of PTP helped compliment the XDS course and provided a good primer on the basics of Stack Overflows and Assembly which PTS did not cover.
Some of eLearnSecurity's recommended training pathways.
Compared to other exploit development courses, XDS is quite modern and covers both Linux and Windows exploit development, x32/x64 and x32 respectively. Shellcoding is covered for both OS', and methods to bypass anti-exploit mechanisms are taught, namely ASLR, NX/DEP, SEH, and Stack Canaries. There's a large emphasis on bypassing anti-exploit mechanisms through ROP which is something the OSCE as an example does not cover.
The materials as usual are very thorough, though there's a lack of video-content with emphasis instead placed on documented walkthroughs and examples from public binaries. The labs themselves would contain machines you'd SSH/RDP into to practice the lessons taught.
One of the main issues I had with the course, and at times with eLearnSecurity in general is how they lay out their content. You'd often find labs tacked at the end of an unrelated module and in general there is a bit of incoherency with how the labs are structured. I frequently found myself switching from Linux labs to Windows and back to Linux. This is despite there being numbered sections that would suggest a chronological order.
One example is Module 1 Section 3, Linux Shellcoding. In this module you're given a basic Assembly overview. At this point in the course it felt very meaningless as you'd just gone through basic stack overflows, countermeasure bypassing and ROP. An Assembly primer would've been far more useful towards the beginning of the course's content.
Despite there being a ROP section, all related labs are bundled into the Advanced Exploitation Module. On top of this, you also have the x64 Basic Stack Overflow lab placed in this advanced section rather than the Linux Stack Smashing module.
Going to keep this brief, but overall the exam was good. Not nearly as daunting as some of the labs you'll end up doing. You're given 3 days to develop your exploits and 2 days to produce a report. The actual exam is similar to OffSec ones where you have a set number of machines/tasks worth different points, and a minimum point mark to pass the exam. To prepare make sure you're comfortable with the 'Educational' labs listed on the course's landing page. Another thing to remember is that this is the Exploit Development Student course. The difficulty of the exam will reflect that.
My first eLearn cert with the shiny new look
Verdict and Next Steps?
Overall, XDS is a solid course. It has its shortcomings, but also stands out as a good modern entry to some of the foundational exploit development techniques out there. As with most of eLearn's courses, all this information is available for free with some Google-Fu. The value of their courses is having most all of it encapsulated into one environment that includes both materials and practicals. I would definitely suggest picking up the course if you're interested in Exploit Development and are looking to build up a strong baseline in both Windows and Linux exploit-dev.
As for what's next, I purchased PTXv2 as it received a big update and launch discount, I'll get to it eventually but I'd like to complete one of the following first:
- SLAE32 -> OSCE: I've managed the registration challenge and this feels like a natural progression from XDS. I'd like to do the former to solidify my Assembly knowledge, and the latter because OffSec courses are extremely fun and I'm slightly masochistic.
- Improve my Web App Security: Its an Essential skillset but one I'm not as well versed in. I've started fiddling with the Portswigger Academy labs since, but I'm also weighing a potential course such as SEC542.
- AWS Solution Architect Associate: I've been working through the bulk of the content using Acloud.Guru, and have recently joined a bi-weekly study group to better cement my learnings and understanding of the different services and offerings.
- OSWP: Whilst outdated, I have the hardware for this and it would be a quick and easy primer into WiFi security. Plus I get another OffSec cert which is always a plus.
As usual, I'll have a write-up ready once I've finished the next thing. Thanks for reading.