WHAT IS OSCP ?
The Offensive Security Certified Professional is one of the most technical and most challenging certifications for information security professionals.
In order to become certified you must complete the Penetration Testing with Kali Linux (PwK) course and pass a “24 hour” hands-on exam and you have 24 hours to write a report.
Official Link : PEN-200 | PENETRATION TESTING COURSE & CERTIFICATION
OSCP SYLLABUS
● Getting Comfortable with Kali Linux
● Command Line Fun
● Practical Tools
● Bash Scripting
● Passive Information Gathering
● Active Information Gathering
● Vulnerability Scanning
● Web Application Attacks
● Buffer Overflows
● Client-Side Attacks
● Locating Public Exploits
● Fixing Exploits
● File Transfers
● Antivirus Evasion
● Privilege Escalation
● Password Attacks
● Port Redirection and Tunneling
● Active Directory Attacks
● The Metasploit Framework
● PowerShell Empire
● Penetration Test Breakdown
PREREQUISITES
Before you decide to register for the course you need to have some experience in the following areas :
● Linux Fundamentals : File System, Command Line etc.
● Networking Fundamentals : TCP/IP, Protocols etc.
\
● Programming Languages : Bash and Python
● Note Taking : Cherry Tree, KeepNote
EXAM DETAILS
● You will have a total of 23 hours and 45 mins for the exam.
● You will be proctored during your exam. Webcam and screen sharing software are required.
● The exam will consist of 5 target systems that are vulnerable and can be compromised.
● You will need a minimum of 70 points or higher to pass.
● If you believe you have enough points you will have another 24 hours to write your report.
● An extra 5 points will be given if you are able to complete the lab report and the course exercises.
Restrictions :
You cannot use any of the following on the exam :
● Spoofing (IP, ARP, DNS, NBNS, etc)
● Commercial tools or services (Metasploit Pro, Burp Pro, etc.)
● Automatic exploitation tools (e.g, browser_autopwn, SQLmap, SQLninja, jsql etc.)
● Mass vulnerability scanners (e.g. Nessus, NeXpose, OpenVAS, Core Impact, SAINT, etc.)
Exam Tips :
● Enumeration is the most important thing you can do.
● Prepare your cheat sheets, notes, tools, and exploits.
● Note Everything.
● Keep Patience, Believe in yourself and Everything will be done easily !!!
LAB SETUP
● VMware Workstation or VirtualBox
● Kali Linux
▸ If you want to play with the custom image that is made for the course, you can find it here.
● Windows 7 (32bit/64bit)
GETTING STARTED WITH KALI LINUX
● Kali Linux Revealed
● Linux Jounery
● Explain Shell
● TryHackMe - Linux Fundamentals
● TryHackMe - Linux Challenges
COMMAND LINE FUN
● The Linux Command Line
● The Linux Command Line, 2nd Edition (Book) : Amazon India
● RTFM - Red Team Field Manual (Book) : Amazon India
● BTFM - Blue Team Field Manual (Book) : Amazon India
PRACTICAL TOOLS
● Netcat
● PowerShell
● Wireshark
● Tcpdump
Kali Linux Tools : https://tools.kali.org/tools-listing
BASH SCRIPTING
● Bash Resource
● Linux Command Line and Shell Scripting Bible (Book) : Amazon India
PASSIVE INFORMATION GATHERING
In Passive Information Gathering process we are collecting information about the targets using publicly available information.
● Taking Notes
● Website Recon : Gather basic information by simply browsing the site.
● Whois Enumeration : Use whois
Command on Linux / Online Tool
● Open-Source Code : Search Source-code Online
● Social Media Tools : Gather information on target's social media accounts
● Google Hacking : Cheatsheet / Database
● Netcraft
● The Recon-ng Framework
● Shodan
● Spyse
● Censys
● Security Headers Scanner
● SSL Server Test
● Pastebin
● Email Harvesting
● Stack Overflow
● OSINT Framework
ACTIVE INFORMATION GATHERING
In Active Information Gathering we can gather more information about these targets by actively interacting with them. for example; Port Scanning, OS Fingerprinting, DNS, SMB, NFS, SMTP, and SNMP enumeration.
● The Official Nmap Project Guide
● Nmap
● Massscan
● DNS Recon
VULNERABILITY SCANNING
● Nessus / Getting Started with Nessus on Kali Linux
● Sn1per
● Nexpose
● Nipper
● Acunetix
● OpenVAS
WEB APPLICATION ATTACKS
● Web Application Enumeration : View page source-code, check well known files (robots.Txt, security.txt, .git, readme.md, sitemap.xml etc.), find some files and directories, brute force login pages, check subdomains, find open ports and what web technologies target website is using etc.
● Burp Suite
● OWASP Top Ten
● The Web Application Hacker's Handbook : Amazon India
BUFFER OVERFLOWS
● Buffer Overflows Made Easy by TCM
● 32-Bit Windows Buffer Overflows Made Easy
● Buffer Overflows for Dummies
● Buffer Overflow Exploitation Megaprimer for Linux
CLIENT-SIDE ATTACKS
● Types of Client-Side Attacks
● Metasploit Unleashed : Client Side Attacks
LOCATING PUBLIC EXPLOITS
● Exploit-DB / Searchexploit
● Rapid7 - Vulnerability & Exploit Database
● CXSecurity
● Vulnerability Lab
● 0day
● SecurityFocus
● Packet Storm Security
FIXING EXPLOITS
Generating our own payload
FILE TRANSFERS
● File Transfer Commands
● Transfer files from Kali to the target machine
ANTIVIRUS EVASION
● Undetectable Malware
● Tools & Techniques Used to Evade Antivirus Software
● MSFvenom Payloads
● Obfuscated Empire
● WinPayloads
● AVET
● HERCULES Payload Generator
● Shellter and Shellter Pro
● Veil-Framework
● Unicorn
● FatRat
PRIVILEGE ESCALATION
● Payloads All The Things
Linux :
▸ Basic Linux Privilege Escalation
▸ Scripted Local Linux Enumeration & Privilege Escalation Checks
▸ Linux Smart Enumeration
▸ Linux Exploit Suggester
▸ GTFOBins
▸ Linux elevation of privileges
▸ Linux Privilege Escalation for OSCP & Beyond! by Tib3rius
Windows :
▸ Windows Privilege Escalation Fundamentals
▸ Power Tools
▸ Just Another Windows (Enum) Script
▸ Windows Privilege Escalation Methods for Pentesters
▸ Windows elevation of privileges
▸ Windows Privilege Escalation
▸ Windows Privilege Escalation Guide
▸ Open Source Windows Privilege Escalation Guide
▸ Windows Privilege Escalation Techniques and Scripts
▸ Windows Privilege Escalation for OSCP & Beyond! by Tib3rius
PASSWORD ATTACKS
Offline Password Cracking :
● Hashcat
● John the Ripper
Online Password Cracking :
● Hydra
● Medusa
Wordlist Generators :
● Cewl
● Crunch
Wordlist :
● Kali Linux includes a lot of dictionary files in the /usr/share/wordlists
● Seclists Password Wordlist
Online Password Hash Cracker :
● https://crackstation.net/
● https://onlinehashcrack.com/
● https://gpuhash.me/
● https://dcode.fr/hash-function#f0
PORT REDIRECTION AND TUNNELING
● SSH Tunneling / Pivoting
● Proxychains
● SSHuttle
● Rinetd
● Windows Port Forwarding
ACTIVE DIRECTORY ATTACKS
● TryHackMe - Active Directory Basics
● Attacking and Defending Active Directory
● Offensive Active Directory 101
● Active Directory Attack.md
THE METASPLOIT FRAMEWORK
● https://metasploit.com/
● Metasploit Unleashed
● Metasploit: The Penetration Tester's Guide (Book) : Amazon India
POWERSHELL EMPIRE
● https://powershellempire.com/
● TryHackMe - Empire
● Learn PowerShell Empire 2 From A to Z
● Null-Byte - Getting Started with Post-Exploitation of Windows Hosts
● Powershell Empire 101
PENETRATION TEST BREAKDOWN
Resource will be updated soon.
HELPFUL COMMANDS
SANS Cheat Sheets :
The Ultimate List of SANS Cheat Sheets
NMAP :
WEB SCANNING :
PORT CHECKING :
NETCAT :
Download Netcat for Windows : http://bit.ly/netcat_exe
FILE TRANSFER :
SSH :
SSH TUNNELING / PIVOTING :
SMB :
SNMP :
REVERSE SHELL :
PHP :
POWERSHELL :
SQL INJECTION :
BRUTE FORCE :
MSFVENOM PAYLOADS :
SHELL SPAWNING :
PRACTICE LABS
VulnHub :
● List of PWK/OSCP Boxes
HackTheBox :
● IPPSEC (YouTube)
● TJ_Null’s OSCP Prep
TRAINING
Our Paid Training : https://hacktronian.in/training