Skip to content

Instantly share code, notes, and snippets.

@keithrozario
Last active June 12, 2018 00:14
Show Gist options
  • Save keithrozario/5fef6955c1f4aa5baa706cbbbe78497e to your computer and use it in GitHub Desktop.
Save keithrozario/5fef6955c1f4aa5baa706cbbbe78497e to your computer and use it in GitHub Desktop.
Reviews of people who've taken the exam:
http://www.securitysift.com/offsec-pwb-oscp/ - great detail and pythong scripts
https://codemonkeyism.co.uk/the-road-to-oscp/
http://www.jasonbernier.com/oscp-review/
https://www.cybrary.it/0p3n/prep-guide-offsecs-pwkoscp/
https://itgeekchronicles.co.uk/2012/10/10/oscp-useful-resources/
http://n3ko1.github.io/certification/2015/05/27/oscp---offensive-security-certified-professional/ (very good!!)
Windows Priviledge Escalation
http://www.fuzzysecurity.com/tutorials/16.html
https://toshellandback.com/2015/11/24/ms-priv-esc/
Linux Priviledge Escalation
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
http://pentestmonkey.net/category/tools/audit
Vulnerable host
https://www.vulnhub.com/
Syllabus
https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf
Good snippets of advice:
If you’re still unsure, my overall recommendation is this…assuming you have working knowledge of the above topics,
get on exploit-db.com, find some buffer overflow exploits, download the vulnerable applications, break out your fuzzer,
debugger, and favorite scripting language, and start replicating the exploits from scratch.
@keithrozario
Copy link
Author

,Gray Hat Hacking,Penetration Testing : A Hands-On Introduction,The Hacker Playbook 2,The Shellcoder's handbook,The Web Applications Hacker's Handbook,RTFM: Red Team Field Manual,Hacking: The Art of Exploitation,Violent Python,Black Hat Python,Metasploit : A Pentesters guide,Basic Security Testing with Kali Linux
Netcat/Ncat,,Yes,,,,,,Partial,,,
Wireshark,,,,,,,,,,,
Google Hacking,,,Yes,,,,,,,,
DNS Enumeration,,,,,,,,Yes,,,
Port Scanning,,Yes,Yes,,,,Yes,Yes,Yes,,
Buffer Overflow,Yes (detailed),Yes,,Yes (detailed),,,Yes,Partial,,,
Fuzzing,Yes (detailed),Yes,Yes,Yes (detailed),,,,,Yes,,
Priviledge Escalation,,Yes,Yes,,,,,,Yes (Windows),,
Client Side Attacks,Yes,Yes,,,Yes,,,,,,
XSS,Yes,Yes,Yes,,Yes (Detailed),,,,,,
File Inclusion,,,,,,,,,,,
SQL Injection,,Yes,Yes,,Yes,,,,,,
Password Attacks,,Yes,Yes,,,,Yes,,,,
Port Redirection,,,,,,,,,,,
Metasploit,,Yes,Yes,,,,,,,,
Penetration Phases,,Yes,,,,,,,,,

@keithrozario
Copy link
Author

,Penetration Testing : A Hands-On Introduction,The Hacker Playbook 2,The Shellcoder's handbook,The Web Applications Hacker's Handbook,RTFM: Red Team Field Manual,Metasploit : A Pentesters guide,Gray Hat Hacking,Violent Python,Black Hat Python,Basic Security Testing with Kali Linux,Hacking the art
Netcat/Ncat,Yes,,,,,,,Partial,,,
Wireshark,,,,,,,,,,,
Google Hacking,,Yes,,,,,,,,,
DNS Enumeration,,,,,,,,Yes,,,
Port Scanning,Yes,Yes,,,,,,Yes,Yes,,
Buffer Overflow,Yes,,Yes (detailed),,,,Yes (detailed),Partial,,,
Fuzzing,Yes,Yes,Yes (detailed),,,,Yes (detailed),,Yes,,
Priviledge Escalation,Yes,Yes,,,,,,,Yes (Windows),,
Client Side Attacks,Yes,,,Yes,,,Yes,,,,
XSS,Yes,Yes,,Yes (Detailed),,,Yes,,,,
File Inclusion,,,,,,,,,,,
SQL Injection,Yes,Yes,,Yes,,,,,,,
Password Attacks,Yes,Yes,,,,,,,,,
Port Redirection,,,,,,,,,,,
Metasploit,Yes,Yes,,,,Yes (detailed),,,,,
Penetration Phases,Yes,,,,,,,,,,

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment