big oof

30 July 2021 - less than 1 min read time
Tags: Offensive Security AWAE OSWE Advanced Expert

Welp, AWAE 3, devnull 0.

TL;DR

OffSec had me in the first half…and in the second half:(

Also, this aint nothing like the OSCP, FYI.

Where the vulns at?

I still think OffSec gave me the “fixed” apps, but thats not the case; I guess.

I swear I found a couple ways to the initial vuln but I kept running into dead ends, so maybe they were the rabbit holes Ive read about? All I know is my head hurt after the whole thing.

Goin Forward

Im going to focus on several things:

• PortSwigger Web Academy (again)
• Juiceshop (running on my home lab now)
• DVWA (also running on my home lab)
• Read write-ups related to what might have gotten me in the apps?
  • XSS write-ups
  • SQLi write-ups
  • Authentication Bypass write-ups
  • Making Old Fashions 101 write-ups?
• Try harder?

Good resources

• https://rayhan0x01.github.io/web/2021/04/12/awae-web-300-oswe-guide-2021.html
• https://infosecwriteups.com/cert-oswe-exam-review-and-tips-ft-no-developer-background-candidate-1dad7f545155
• https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/