Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/0x4d31/awesome-oscp

A curated list of awesome OSCP resources
https://github.com/0x4d31/awesome-oscp

List: awesome-oscp

awesome-list offensive-security oscp oscp-prep oscp-tools penetration-testing pentest pentesting

Last synced: 3 months ago
JSON representation

A curated list of awesome OSCP resources

Lists

README 

        
# Awesome OSCP



[![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)



> A curated list of awesome OSCP resources



## Contents



- [Resources](#resources)

  - [OSCP Reviews and Guides](#oscp-reviews-and-guides)

  - [Cheatsheets and Scripts](#cheatsheets-and-scripts)

  - [Topics](#topics)

  	- [Buffer Overflow](#buffer-overflow)

  	- [Privilege Escalation](#privilege-escalation)

  	- [Active Directory](#Active-Directory)

  - [Other OSCP Resources](#other-oscp-resources)

  	- [Books](#books)

- [License](#license)



## Resources



### OSCP Reviews and Guides



- [Official OSCP Certification Exam Guide](https://help.offensive-security.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide)

- Luke’s Ultimate OSCP Guide ([Part 1](https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-1-is-oscp-for-you-b57cbcce7440), [Part 2](https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-2-workflow-and-documentation-tips-9dd335204a48), [Part 3](https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-3-practical-hacking-tips-and-tricks-c38486f5fc97))

- [How to prepare for PWK/OSCP, a noob-friendly guide](https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob)

- [n3ko1's OSCP Guide](http://www.lucas-bader.com/certification/2015/05/27/oscp-offensive-security-certified-professional)

- [Jan's "Path to OSCP" Videos](https://www.youtube.com/playlist?list=PLyPJ3SHNkjIFITR-Lzsc0XSOBS7JUXsOy)

- [Offensive Security’s PWB and OSCP - My Experience](http://www.securitysift.com/offsec-pwb-oscp/) (+ some scripts)

- [OSCP Lab and Exam Review](https://theslickgeek.com/oscp/)

- [OSCP Preparation Notes](https://www.jpsecnetworks.com/category/oscp/)

- [A Detailed Guide on OSCP Preparation – From Newbie to OSCP](http://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/)

- [My Fight for OSCP](https://alphacybersecurity.tech/my-fight-for-the-oscp/)

- [The Ultimate OSCP Preparation Guide](https://johnjhacking.com/blog/the-oscp-preperation-guide-2020/)

- [The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0](https://www.netsecfocus.com/oscp/2021/05/06/The_Journey_to_Try_Harder-_TJnull-s_Preparation_Guide_for_PEN-200_PWK_OSCP_2.0.html)



### Cheatsheets and Scripts



- [Luke's Practical hacking tips and tricks](https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-3-practical-hacking-tips-and-tricks-c38486f5fc97)

- [Penetration Testing Tools Cheat Sheet](https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/)

- [How to Pass OSCP](https://gist.github.com/unfo/5ddc85671dcf39f877aaf5dce105fac3)

- [Reverse Shell Cheat Sheet](https://highon.coffee/blog/reverse-shell-cheat-sheet/)

- [Reverse Shell Generator](https://www.revshells.com/)

- [7 Linux Shells Using Built-in Tools](https://www.lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/)

- [Windows Exploit Suggester](https://github.com/GDSSecurity/Windows-Exploit-Suggester)

- [Linux Exploit Suggester](https://github.com/InteliSecureLabs/Linux_Exploit_Suggester)

- [OSCPRepo](https://github.com/rewardone/OSCPRepo)

- [Go-for-OSCP](https://github.com/pythonmaster41/Go-For-OSCP)

- [Pentest Compilation](https://github.com/adon90/pentest_compilation)

- [Collection of OSCP scripts](https://github.com/ihack4falafel/OSCP)



### Topics



#### Buffer Overflow

- [Corelan's Exploit writing tutorial part 1 : Stack Based Overflows](https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/)

- [Justin's DoStackBufferOverflowGood](https://github.com/justinsteven/dostackbufferoverflowgood)

- [Writing Exploits for Win32 Systems from Scratch](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/writing-exploits-for-win32-systems-from-scratch/)

- [32-Bit Windows Buffer Overflows Made Easy](https://veteransec.com/2018/09/10/32-bit-windows-buffer-overflows-made-easy/)

- [Introduction to Buffer Overflow Video](https://www.youtube.com/watch?v=1S0aBV-Waeo)

- [OverTheWire's Narnia Wargame](http://overthewire.org/wargames/narnia/)



#### Privilege Escalation

- [Windows Privilege Escalation Fundamentals](http://www.fuzzysecurity.com/tutorials/16.html)

- [Common Windows Privilege Escalation Vectors](https://toshellandback.com/2015/11/24/ms-priv-esc/)

- [Encyclopaedia Of Windows Privilege Escalation by Brett Moore](https://www.youtube.com/watch?v=kMG8IsCohHA)

- [Level Up! Practical Windows Privilege Escalation by Andrew Smith](https://www.youtube.com/watch?v=PC_iMqiuIRQ)

- [Basic Linux Privilege Escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)

- [Linux privilege escalation by Jake Williams](https://www.youtube.com/watch?v=dk2wsyFiosg)



#### Active-Directory

- [Active Directory Methodology](https://book.hacktricks.xyz/windows/active-directory-methodology)

- [Active Directory Exploitation Cheat Sheet](https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet)

- [PayloadsAllTheThings AD](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md)

- [Attacking Active Directory: 0 to 0.9](https://zer1t0.gitlab.io/posts/attacking_ad/)

- [PowerView-3.0 tips and tricks](https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993#file-powerview-3-0-tricks-ps1)



##### Hands-On Resources.

- TryHackMe

  -  [Active Directory Basics](https://tryhackme.com/room/activedirectorybasics) - Easy

  -  [Post-Exploitation Basics](https://tryhackme.com/room/postexploit) - Easy

  -  [Vulnnet Roasted](https://tryhackme.com/room/vulnnetroasted) - Easy

  -  [Attacktive Directory](https://tryhackme.com/room/attacktivedirectory) - Medium

  -  [raz0r black](https://tryhackme.com/room/raz0rblack) - Medium

  -  [Enterprise](https://tryhackme.com/room/enterprise) - Medium

  -  [Vulnnet Active](https://tryhackme.com/room/vulnnetactive) - Medium

  -  [Zero Logon](https://tryhackme.com/room/zer0logon) - Hard

  -  [Holo](https://tryhackme.com/room/hololive) - Hard

  -  [Throwback](https://tryhackme.com/network/throwback) - Easy

- HackTheBox

  -  [Forest](https://app.hackthebox.com/machines/212) - Easy

  -  [Active](https://app.hackthebox.com/machines/148) - Easy

  -  [Fuse](https://app.hackthebox.com/machines/235) - Medium

  -  [Cascade](https://app.hackthebox.com/machines/235) - Medium

  -  [Monteverde](https://app.hackthebox.com/machines/223) - Medium

  -  [Resolute](https://app.hackthebox.com/machines/220) - Medium

  -  [Arkham](https://app.hackthebox.com/machines/179) - Medium

  -  [Mantis](https://app.hackthebox.com/machines/98) - Hard

  -  [APT](https://app.hackthebox.com/machines/296) - Insane

  -  [Dante](https://app.hackthebox.com/prolabs/overview/dante) - Beginner

  -  [Offshore](https://app.hackthebox.com/prolabs/overview/offshore) - Intermediate

  -  [RastaLabs](https://app.hackthebox.com/prolabs/overview/rastalabs) - Intermediate

  -  [Cybernetics](https://app.hackthebox.com/prolabs/overview/cybernetics) - Advanced

  -  [APT Labs](https://app.hackthebox.com/prolabs/overview/aptlabs) - Advanced

- HackTheBox Academy ( PAID )

  -  [Introduction to Active Directory](https://academy.hackthebox.com/module/details/74) - Fundamental

  -  [ActiveDirectory LDAP](https://academy.hackthebox.com/course/preview/active-directory-ldap) - Medium

  -  [ActiveDirectory Powerview](https://academy.hackthebox.com/module/details/68) - Medium

  -  [ActiveDirectory BloodHound](https://academy.hackthebox.com/module/details/69) - Medium

  -  [ActiveDirectory Enumeration & Attacks](https://academy.hackthebox.com/module/details/143) - Medium

- Proving Grounds

	- [PG-Practice](https://portal.offsec.com/labs/practice)	( PAID )

		* Hutch 

		* Heist

		* Vault



# Other OSCP Resources



- [PWK Syllabus](https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf)

- [OSCP-Prep-Resources](https://github.com/burntmybagel/OSCP-Prep)

- [Offensive Security Bookmarks](https://jivoi.github.io/2015/07/03/offensive-security-bookmarks/)

- [The how to get the OSCP certification wiki](https://www.peerlyst.com/posts/the-how-to-get-the-oscp-certification-wiki-peerlyst)

- [OSCP Goldmine](http://0xc0ffee.io/blog/OSCP-Goldmine)

- [Penetration Testing Study Notes](https://github.com/AnasAboureada/Penetration-Testing-Study-Notes)

- [OSCP-like Vulnhub VMs](https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms)

- [Metasploit Unleashed](https://www.offensive-security.com/metasploit-unleashed/)

- [Awesome Penetration Testing](https://github.com/enaqx/awesome-pentest)

- [OSCP Exam Report Template in Markdown](https://github.com/noraj/OSCP-Exam-Report-Template-Markdown)



#### Books



- [Penetration Testing: A Hands-on Introduction to Hacking](https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641)

- [The Hacker Playbook 3: Practical Guide to Penetration Testing](https://www.amazon.com.au/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759)

- [RTFM: Red Team Field Manual](https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504)

- [The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (2nd Edition)](https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting-ebook/dp/B005LVQA9S)



## License



[![CC0](http://mirrors.creativecommons.org/presskit/buttons/88x31/svg/cc-zero.svg)](http://creativecommons.org/publicdomain/zero/1.0)



To the extent possible under law, Adel "0x4D31" Karimi has waived all copyright and

related or neighboring rights to this work.