Posted on: 05 01 2023.

Comtrade 360 now holds the OSCP certification

We are proud to announce that Matic Nareks, our Cyber Security Engineer, now holds the Offensive Security Certified Professional (OSCP) certification.

OSCP is an advanced level penetration testing certification offered by Offensive Security (OffSec). It further validates the knowledge and expertise an organisation has for penetration testing methodologies by using tools inherent in the Kali Linux distribution and beyond.

There are many benefits of working with organisations who own the OSCP certification:

In the world of Cyber Security, different teams have varied knowledge and tasks; the best known are the blue and red teams. The core purpose of these teams is proactive action, as real-life malicious hackers can cause a lot of damage if not stopped on time. To mitigate that, organisations and individuals need to act and be prepared for all types of scenarios and potential attacks.

Here’s how blue and red teams operate:

The blue team acts defensively. It monitors security events in business networks, responds to incidents, and remediates vulnerabilities and misconfigurations on different types of systems.

Opposite to the blue team, the red team acts offensively. It utilizes the same tactics, techniques, and procedures as malicious hackers to discover the vulnerabilities and weak points in business environments before an attack occurs. Red team behaves as an adversary, trying to identify and leverage weaknesses within the business by using certain cyber-attack techniques.  The red team usually consists of highly experienced independent ethical hackers or Cyber Security professionals who focus on replicating real-world attack methods and techniques by using penetration testing.

The goal of penetration testing is to find as much vulnerabilities and weaknesses as possible. The Cyber Security professional who conduct these tests don’t care about being detected, as they are time limited and usually work on the assessment together with the IT staff. After testing, they prepare comprehensive technical and executive reports to give recommendations on their findings.

The OSCP exam

The OSCP certification exam consists of two parts; the first and hardest part being the practical exam which takes 24 hours to complete, and the second part, which is preparing a professional exam report.

During the exam, there are 6 Windows and Linux targets. 3 targets are independent. Here, you can obtain low-level and high-level privileges (10 points for each). There is also an Active Directory set, with one domain controller and two clients, where you need to take control over the domain administrator through the exploitation chain (40 points – no partial points). To pass the exam, you need to acquire at least 70 points in all.

The exam also has tools restrictions, such as professional ones and tools that do automatic exploitation. However, students are not allowed to use these, because Offensive Security encourages their students to try harder by thinking outside the box and understanding the tools and exploits they are using.

OSCP training covers a wide range of advanced techniques, some of which include:

  • Information Gathering
  • Vulnerability Scanning
  • Network Attacks
  • Active Directory Attacks
  • Web Application Attacks
  • Windows and Linux Buffer Overflows
  • Client-Side Attacks
  • Antivirus Evasion
  • Privilege Escalation
  • Password Attacks
  • Pivoting

There is a reason for the saying “better safe than sorry”. Hiring a certified company with professionals who have the knowledge of finding the security vulnerabilities and weak points is extremely valuable to any business. Knowing and properly utilizing certain offensive strategies that are likely to be used against your systems is vital to building an effective defence, and therefore a service you should consider.

Cyber Security proficient organisations like Comtrade 360 provide different types of Penetration testing including:

  • External penetration testing
  • Internal penetration testing
  • Web Application penetration testing
  • Wireless penetration testing
  • Social Engineering

Subsequently, having knowledgeable experts qualified to provide these services at the highest level of quality is of utmost importance.

If you would like to discover weak points in your organization’s security before malicious hackers do, click here to connect with one of our Cyber security experts.