I learned C++ long ago in the 90s, but it has been a while since then. I’ve used it rarely on and off, but it is far from my primary language. But I need to make sure I know the language well. Perhaps new things or things I forgot about could be a pain to refactor the codebase to “the right way” of coding C++.
So, that’s what I’m fixing with books. Here are the books I got to get me up to speed.
It is a lot of books to go through, thousands of pages… but I can skim for stuff I lack the knowledge for or have a particular interest in.
Assuming you put the time into learning the course material and pwn a ton of lab machines, you should be good to go technically. However, if you haven’t booked the OSCP PWK course yet, consider this blog post to help you get there before starting the course/labs.
Most people don’t fail for technical ability reasons. They fail because they don’t take breaks and maintain clear mental objectivity.
What Is The Secret To Passing?
The key to beating the OSCP exam is to force yourself to take breaks… where you walk away from the computer, leave the room, and do anything else for 5-15 minutes.
Force yourself to take a 5-10 minute AFK break every hour. It won’t be easy because you think you’re on a roll but do it anyway. I found the roll I was on was the wrong path before, multiple times.
Loss of objectivity is what kills people.
It is easy to learn the technical information and get used to it by pwning machines in the labs and CTF websites. That will absolutely help you pass; you need it. You won’t be ready for the stress and length of the exam, and you can get in a bad headspace really quickly. You may not realize it until, upon reflection, post-exam failure.
Take breaks and take a walk, make food, talk to a friend, do a chore, or literally anything else but focus on the exam.
And then come back to it. Your brain will lie to you. TAKE BREAKS!
You will probably ignore this advice as I did. But here it is for you. I wish you good luck! Reach out if you want help reviewing what went wrong on your exam, perhaps an external point of view would be helpful for you.
I used a Pomodoro timer called Be Focused Pro on macOS to remind me to take breaks. I recommend getting a Pomodoro timer. It helped me a lot, and it may be the same for you.
I failed the exam twice (45 points each time) before getting it… really internalizing and doing what other passers have said. I didn’t have a technical ability problem (ultimately), but a mental objectivity problem from not truly taking breaks. Once I did that, I got all the points in 12 hours, took a nap, and woke up to finish my report before exam time expired.
Note: this was originally in an old blog I used to have where my focus was on NetBSD stuff. My focus is on OpenBSD now, but that is still subject to change.
I recently spent a few hours learning about serialization and want to share my thoughts on serialization and deserialization binary protocol development and discovery, as I understand them right now.
For a custom serialization, it comes down to one of two things:
First, taking a stream of bytes and somehow discerning what the data boundaries are for things is problematic to do dynamically.
How to discern what is in a stream of bytes and create the classes again using those byte chunks… It is easy to talk about, difficult to implement well. Nevertheless, it is a cool topic, especially for binary serialization (smallest resulting dataset than XML or JSON serialization formats, for example).
I could easily do binary serialization for data sets with the same ordering of variables (4 bytes, then 16 bytes, then 4 bytes, then the rest is a string). That would be easy to do but tightly coupled to only that instance and can’t be reused.
I look at the DNS protocol, for example, as binary protocol… it has static boundaries for the header and dynamic boundaries for the questions (the number of elements and static boundaries between elements). I like that and considering that way of thinking as well. The header would describe what is in a dynamic body.
I need a solution that supports 100% dynamic data.
Google’s Protobuf is pretty dope for binary serialization. It makes implementation easy once I get over the learning curve of how to serialize things properly. Cereal also looks fairly awesome. However, I’m not considering Boost serialization because I don’t want to add Boost with Qt 5.
Anyway, I want a small-sized binary serialization protocol, so doing the diligence to see how serialization works and how different things have been implemented with them is required. Being lazy is just using a turnkey without considering what is actually happening behind the scenes.
Qt 5’s QDataStream is pretty dope, but it is effectively proprietary to Qt. I’d have to write custom C and C# code to decode/deserialize/serialize, so I might as well do it myself and handle byte order and junk. I’d rather use someone else’s solution since they likely figured out all the gotchas and worked through bugs.
Note: I didn’t spend a long time on this, but I was surprised at how interesting the serialization topic is. The magic isn’t mystical once you look under the hood. But, it is sort of what you’d imagine it would be if you implemented it from scratch… sort of… perhaps not exactly accurate—big brain serialization energy.