Need help with AWAE-PREP?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

wetw0rk
558 Stars 192 Forks 6 Commits 0 Opened issues

Description

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and various courses.

Services available

!
?

Need anything else?

Contributors list

No Data

AWAE PREP Layout

This repository will serve as the "master" repo containing all trainings and tutorials done in preperation for OSWE in conjunction with the AWAE course. This repo will likely contain custom code by me and varous courses. Below you can see in what order I completed these challenges / courses.

Prep Breakdown

The following table shows notes, courses, challenges, and tutorials taken in preparation for the AWAE.

| Order | Name | Type | Link | |--- | --- | --- | --- | | 1 | JavaScript For Pentesters | Course | https://www.pentesteracademy.com/course?id=11 | | 2 | Edabit (Javascript, Java, PHP) | Challenges | https://edabit.com/ | | 3 | Simple Object Oriented Language Examples | Notes | N/A (I just wrote simple templates) | 4 | From SQL Injection to Shell | Tutorial | https://pentesterlab.com/exercises/fromsqlito_shell/ | | 5 | XSS and MySQL | Challenge | https://www.vulnhub.com/entry/pentester-lab-xss-and-mysql-file,66/ | | 6 | Understanding PHP Object Injection | Tutorial | https://securitycafe.ro/2015/01/05/understanding-php-object-injection/ | | 7 | /dev/random: Pipe | Challenge | https://www.vulnhub.com/entry/devrandom-pipe,124/ | | 8 | Understanding Java Deserialization | Tutorial | https://nytrosecurity.com/2018/05/30/understanding-java-deserialization/ | 9 | Practicing Java Deserialization Exploits | Challenge/Tutorial | https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/ | | 10 | SQL Injection Attacks and Defense | Book | https://www.amazon.com/Injection-Attacks-Defense-Justin-Clarke/dp/1597499633 |

Post Prep Breakdown

Having completed the course, below is everything done in regards to prep before the exam. If you have not taken the AWAE and are considering taking it definitely do everything shown above, and read the source! I have provided README's in each directory and source code so you can see what I did. I cannot share extra miles .... so those will not be within the repository. Best of luck!

  • Complete all extra miles! I know some are harder than others but push through (one took me 8 days alone).
  • Be comfortable using every debugger shown within the course.
  • Understand Object Oriented Languages taught throughout the course. No need to be a master in each language, but be able to code something fast using existing libs.
  • Be comfortable crafting a full POC (as done throughout the entire course)
  • Look for vulnerabilities ;)

This may not seem like much, but it's what I did for prep. My best advice is DO NOT OVERTHINK things and don't rush through it. It took me 2 attempts when it should have taken one, I was jumping around not documenting enough what I was trying (It's easy to create your own rabbit holes...). Slow down you have 48 hours!

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.