https://github.com/ferreirasc/OSCP_study_guide

Notes of my OSCP study plan
https://github.com/ferreirasc/OSCP_study_guide

Last synced: 11 days ago
JSON representation

Notes of my OSCP study plan

• Host: GitHub
• URL: https://github.com/ferreirasc/OSCP_study_guide
• Owner: ferreirasc
• Created: 2017-04-22T13:49:31.000Z (over 7 years ago)
• Default Branch: master
• Last Pushed: 2022-06-29T18:53:04.000Z (over 2 years ago)
• Last Synced: 2024-08-11T17:10:17.408Z (3 months ago)
• Language: PowerShell
• Homepage:
• Size: 24.9 MB
• Stars: 459
• Watchers: 33
• Forks: 161
• Open Issues: 2
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# Oscp study

Notes of my Offensive Security Certified Professional (OSCP) study plan.

**Last update**: 2019-04-10

## OSCP-like VMs on Vulnhub:

- Beginner friendly:

	- Kioptrix: Level 1 (#1) [ok]

	- Kioptrix: Level 1.1 (#2) [ok]

	- Kioptrix: Level 1.2 (#3) [ok]

	- Kioptrix: Level 1.3 (#4) [ok]

	- FristiLeaks: 1.3 [ok]

	- Stapler: 1 [ok]

	- PwnLab: init [ok]

	- Pluck: 1 [ok]

	- W1R3S: 1.0.1 [ok]

- Intermediate:

	- Kioptrix: 2014 [ok]

	- Brainpan: 1 (Part 1 of BO is relevant to OSCP. egghunting is out of scope though)

	- Mr-Robot: 1 [ok] 

	- HackLAB: Vulnix [ok]

 	- Not so sure (Didn't solve them yet):

	- VulnOS: 2 [ok]

	- SickOs: 1.2 [ok]

	- /dev/random: scream 

	- pWnOS: 2.0

	- SkyTower: 1 

	- IMF

	- Lord of the Root 1.0.1 [ok]

	- Tr0ll

	- Pegasus

	- SkyTower [ok]

- Windows 

	- Metasploitable 3

	- Bobby: 1 (Uses VulnInjector, need to provide you own ISO and key.)

(credits for **@abatchy**)  

  

Link to download VMs: http://vulnhub.com

## Hackthebox.eu (HTB)

I strongly recommend the boxes on the  hackthebox.eu to study for OSCP cert. HTB has a good set of windows boxes to training: **Devel**, **Optimum**, **Bastard**, **Grandpa**, **Blue**, **Sizzle**, **Reel**.

My hackthebox profile: https://www.hackthebox.eu/profile/5823. Feel free to contact me there :)

*PS: It's needed to solve a little "challenge" to obtain the invite.*  

## Recommended books:

Penetration Testing: A Hands-On Introduction to Hacking (+Highly recommended for beginners)  

Hacking: The Art of Exploitation, 2nd Edition  

Rtfm: Red Team Field Manual  

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws  

The Hacker Playbook: Practical Guide To Penetration Testing

## Stack-based buffer overflow links [must-read]:

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ [Recommended]  

http://www.tenouk.com/Bufferoverflowc/Bufferoverflow1.html  

https://raw.githubusercontent.com/m0nad/Papers/master/buffer_overflow_iniciantes.txt [PT-BR]

## Other interesting links:

https://forum.hackthebox.eu/discussion/1655/oscp-exam-review-2019-notes-gift-inside/p1 [+ EXCELLENT tool from @21y4d to enumeration... I really recommend it :) ]  

https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ [Linux privilege escalation]  

http://www.fuzzysecurity.com/tutorials/16.html [Windows privilege escalation]  

http://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html  

https://www.securitysift.com/offsec-pwb-oscp/ [+Scripts]     

http://hackingandsecurity.blogspot.com.br/2016/04/oscp-related-notes.html  

http://rtfm-ctf.org/2017/PWN-PATH-TO-OSCP  

http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html [RECOMMENDED reading]  

https://tulpa-security.com/2016/09/19/prep-guide-for-offsecs-pwk/

## My write-ups

Kioptrix level 1  

Kioptrix level 1.1   

Kioptrix level 1.2