@Gridith said:
@21y4d Fantastic guide. This is spot on. I finished my AWAE exam a few weeks ago and this is some great advice.For @d1ss0 The AWAE (OSWE) is a very difficult exam. It is a departure from the “normal” exams. I have OSCP, OSCE, GXPEN (and now OSWE). OSCP,OSCE and to some extent GXPEN are very “exploit” focused. You’re writing code or running exploit code generally based on a well known exploit or misconfiguration.
This exam there are no exploit-db searches that will help you find the issues with the code. You really need to understand how the applications/websites they give you work. Follow the flow and then identify potential issues to exploit. In all cases (the course and exam) you’re given the code (or can determine where to get it). The trick is to distill what may be 10’s of thousands of lines of code and hundreds of linked libraries into a high probability targets of opportunity. Then examine those.
A few (hopefully helpful) hints:
- Dont get tunnel vision. There is a lot of code to look at try to not get fixated on one part.
- Keep in mind this is NOT OSCP or HTB. You’re not always looking to get admin and rule the world. Sometimes you can achieve the goal with with you have.
Excellent comment!