Jael Koh on LinkedIn: 🥷🏻 EXP-401 Live Training Completed! 🥷🏻 Just completed OffSec’s… (2024)

🌇Proud to share that I've completed the Windows Internals for Security Engineers training by Yarden Shafir!🌇I really enjoyed this course. Despite arriving in Berlin with little background knowledge on Windows Internals, I was able to learn this dense and difficult subject swiftly thanks to Yarden's clear, approachable teaching style.I learned how to easily visualize data structures in WinDBG, with LINQ and JavaScript, which will dramatically speed up my future debugging. I also learned about how Windows' subsystems like ALPC, Win32k.sys, ntoskrnl, and modern mitigations like CFG, kASLR and VBS work.I really appreciated Yarden's stories about WHY Microsoft made certain design decisions when designing their subsystems and mitigations, and how they shape Windows to this day. (e.g. why win32k.sys has been so persistently vulnerable). It really added a memorable, personal touch and helped me understand the topic better.Huge thanks to Yarden who generously answered all of my questions throughout the training. Also, massive props to Blue Frost Security for organizing another amazing OffensiveCon!If you're interested in taking this course:Yarden is teaching this course at RECON 2024: https://lnkd.in/gBvUUgBras well as a Windbg course at Typhoon Con 2024: https://typhooncon.com/Finally, cheers to all the friends I made at OffensiveCon.I'll try to go there again next year, so if you see me, say Hi!

84

✨ OST2 Exploitation 4011 Course Completed! ✨I’m happy to share that I’ve just completed Cedric Halbronn's exceptional Exploitation 4011 course on OpenSecurityTraining2! This course is a deep dive into Windows Kernel Exploitation. Using an in-the-wild exploit as a case study, this course teaches a methodology for attacking any subsystem in the Windows Kernel.Rather than focus on the specifics of a single exploit, this course instead delves into the thought process behind engineering them. The course covers the entire exploit development lifecycle – from the initial stages of Binary patch diffing and experimenting with Kernel Objects, all the way to confirming the vulnerability in the debugger and finally writing the exploit. Along the way, Cedric shares his personal experience researching the vulnerability. I found these really insightful – they illuminated the realities and difficulties of security research.I came away from this course armed with a methodology I can use to exploit other components of the Windows Kernel. I also got a better idea of what Exploit Development is really like and the joys and pains of Vulnerability Research. If you’re interested in Windows Kernel Exploitation, I wholeheartedly recommend this course. You can go through the whole course for free on OpenSecurityTraining2. If you prefer live training, Cedric is teaching this course live at OffensiveCon 2024: https://lnkd.in/gSQU38sCHexacon 2024: https://lnkd.in/gYUPHpRBHuge thanks to Cedric Halbronn, OpenSecurityTraining2, Xeno Kovah for this amazing (and free!) course.

77

4 Comments

🍾 CORELAN HEAP LIVE TRAINING COMPLETED! 🍾 After four tough but deeply rewarding days in Sydney, I'm proud to share that I've completed the Corelan Consulting bv Heap Exploitation Live Training!I came into the class feeling underprepared. I had no clue what LFH, FEA or BEA stood for, let alone what they did. In part, this was due to a lack of online resources for understanding the Windows Heap. The ones that did exist were either intimidating whitepapers, or very old guides. That's not to say they weren't good. In fact, Peter Van Eeckhoutte has written some great free resources. However, I knew I couldn't get a good understanding of the Windows Heap solely relying on them, so I signed up for Peter's class with VERY high hopes - that somehow, in a mere 4 days, he could teach me the Windows Heap up to a point where I could continue on my own.Peter not only met my expectations, he THOROUGHLY exceeded them.Peter is the rarest kind of teacher I've met: Someone with world-class expertise, a great knack for teaching, yet still down-to-earth. In REALTIME, I felt myself going from "What IS the LFH?" to "This makes so much sense!"; the whole time, realizing that reaching this level on my own, would have taken YEARS. Not only is Peter sharp - he answered any questions I had without missing a beat, he's also transparent in sharing the mistakes he made during his own research so WE could avoid them. In a world where complex findings are often presented as effortless, learning that Peter's expertise did not stem from natural-born talent, but rather solitary persistence over 15+ years was a breath of fresh air.I learned what subsystems make up the Windows Heap Manager, how they work, and what attacks I could perform on Win7 up to the latest build of Win11. More importantly, I learned a GENERIC methodology to use when doing my own research in future Windows versions. Peter admits that by teaching this, he risks losing repeat business. When I asked why he chose to do so, he said he prioritizes his students' understanding over how much money he can make. Of course, finishing the live training is just the tip of the iceberg. Post-course, I'm "blessed" with TWO years' worth of homework to hone the skills I've learned. I also have access to a private Slack channel, where I can ask Peter and fellow Corelan Alumni any questions.Despite Peter's legendary reputation, I feel his courses are underrated. I think this is because he spends most of his time improving his courses instead of marketing them. I hope this short post I've written can illuminate WHY his courses are so good, and help readers decide if the training is right for them.If you're interested in taking Peter's classes, you can check his training schedule page at: https://lnkd.in/gjauh2ib .I'm planning to attend his Stack class sometime in the future, so if you see me, feel free to say hi!#corelan #expert #stack #heap #masterclass #brainmelt #exploitdev #windows11

186

6 Comments

🎉 To celebrate my 2000th hour dedicated to studying OffSec certificates, I'm thrilled to share my latest blog post "My First Year in Security: Zero to OSCE3". In this deep dive, I detail how many hours it took to get each certificate, the study resources I used to go from absolute zero to OSCE3, and how I overcame my fear of the Python requests library.🔗 https://lnkd.in/dUqQmTnhThis journey has been an intense, rewarding but often solitary one. I hope this blog post can demystify the process behind achieving such certifications and encourage others who may feel daunted by the scale of such an endeavor. If you're curious about what it takes to earn the OSCE3, or if the insights and statistics from my journey can light the way for your own, I invite you to read and share.

1,329

51 Comments

I'm excited to start off 2024 by completing Zero Day Engineering's Zero Day Vulnerability Research course.Alisa Esage does an amazing job of taking something as complex and intimidating as Vulnerability Research and breaking it down into a comprehensive yet approachable curriculum.One of my biggest takeaways from the course was Alisa's methodology for finding zero days in modern software. She teaches a systematic approach, using models of vulnerabilities, exploits, and application threats.For example, by modeling the subsystems and threats of an application, I learned how to prioritize which subsystems to target and discover new conceptual attack vectors.This course was both enjoyable and incredibly informative. I felt significantly better prepared for vulnerability research by the end, and I believe this systematic approach will help me avoid common pitfalls.Overall, the course offers a powerful, systematized methodology that I haven't encountered before. It's also a great foundation for beginners interested in entering the field of Vulnerability Research.I thoroughly enjoyed this course and am eagerly looking forward to its major upgrade later this year.https://lnkd.in/gms8Pe9Y

120

4 Comments

🎉 OSCE3 CERTIFICATION SECURED! 🎉If it's not impossible, it's not worth doing.Incredibly proud to announce that I have obtained the OffSec Certified Expert 3 (OSCE3). At 22 years old, I'm likely the youngest OSCE3 in Singapore. This was a year-long, enthralling journey where I overcame many obstacles to achieve a career dream of mine I had thought was impossible. The OSCE3 is an advanced certification awarded upon acquiring the OffSec Experienced Penetration Tester (OSEP), OffSec Web Expert (OSWE), and OffSec Exploit Developer (OSED).Initially, having never scripted in PHP, Java or Python, I was intimidated by the OSWE, a Source Code Auditing exam. Nonetheless, I dove right into the course materials, and found it to be easier than expected - and now I use Python every day to script, automate and write exploits.The OSEP was another challenge; I had never written a single line of C# code, let alone compiled anything. My knowledge of Active Directory attacks was minimal. Nonetheless, I immersed myself in the content of the material - and conquered the exam.Then came the OSED, the hardest of the OSCE3 trinity. With no experience reading or writing assembly code, I thought I had finally bitten off more than what I could chew. To add fuel to the fire, my neighbourhood underwent loud drilling for the entirety of November - requiring me to transition to a co-working space.Even though I had zero binary exploitation experience, I certainly had no shortage of experience doing what I thought was impossible. The OSED was my absolute favorite of the OSCE3 - I found eudaimonia in losing myself inside the debugger and disassembler. The feeling of excitement when successfully exploiting a binary is something I still can't get enough of.I would like to extend my heartfelt thanks to my family for their enduring support over this past year.I would also like to thank OffSec for their well-designed courses and exams and Leon Kwek for providing goodwill discounts.I would also like to thank all the authors of OffSec course reviews. Whenever I began a new certification - I would comb through every course review for that exam. While I cannot name you all individually here to respect your privacy, please know that if you've written an exam review, it's more than likely that I've read and re-read it. To all of you, a sincere thank you.A huge shoutout to my friends and mentors who I've made along this InfoSec journey:Zeyu (Zayne) ZhangLouis SinLoh Diing HaoJin Hao ChanFinally, I would like to thank YOU - my LinkedIn network for the positive responses to all of my posts so far. I would like to end off by encouraging anyone to pursue what seems impossible to them - because it usually isn't, and it usually is so worth it.

1,496

62 Comments

🎉 OSEP CERTIFICATION SECURED! 🎉I've just conquered the OSEP, by far one of the most challenging and exhilarating48-hour exams I've tackled to date.Some highlights from my journey into the course:- Started with a deep dive into C# Reflection, crafting a fully in-memory PowerShell shellcode loader.- Progressed to client-side attacks using tools like Microsoft Word, JScript, and HTA.- My favorite module was "Combining the Pieces". This section taught me how to synthesize what I'd learned about Phishing, AV Bypass, Application Whitelisting and Active Directory attacks, ultimately letting me fully compromise an AD network. Throughout the exam, there were intense moments where I grappled with doubt. Yet, with tenacity and grit, I emerged victorious.A heartfelt thank you to my family for their endless support throughout these tough few months.Shoutout to Louis Sin for encouraging me to take this course, and thanks to Kyaw Min Thein and Caesar Chan for their insights when I was weighing up the course.Finally, hats off to OffSec for curating such a robust and enlightening course paired with a rigorous exam!#OSEP #Cybersecurity #Gratitude #AchievementUnlocked #Offsec

500

14 Comments

Today marks the end of my 3-month internship at KPMG Singapore Cyber Defense. It's been an unforgettable journey! I kicked things off by showing up woefully overdressed at a BBQ, and wrapped it up by travelling with my department to Vietnam. I'm truly grateful for all the amazing experiences KPMG Singapore provided me.On the professional side, I had the chance to dive into different kinds of penetration testing, including iOS, Android, Web, API, and Source Code Review. I also had the opportunity to participate across the entire project lifecycle, working on real-world client software.Thanks to KPMG's strong support for professional development, I even earned the Burp Suite Certified Practitioner certificate during this internship.I would like to thank Edmund Goh, Louis Sin, Loh Diing Hao for their guidance, mentorship, andpatience with me over these past months! I would also like to thank my colleagues Amelia Sim Shih Wei Gerome Seah Bona Hong Gabriel Teo Cheah E. Angela Wong Koh Eng Kiat Chang Jie Foo for making every workday fun, collaborative, and a real learning experience.I spent many solitary hours studying for the OSCP and OSWE certifications, but joining KPMG changed everything. Working alongside my talented coworkers, I found warmth, camaraderie, and collaboration. It turned what could have been an isolating experience into something joyful and fulfilling.A huge thank you to the entire KPMG Singapore team. This internship wasn't just a chance to grow technically; it was an extraordinary chapter filled with personal connections that I will never forget.#internship #kpmg #cybersecurity #ProfessionalGrowth #ThankYou

51

4 Comments