-
-
Save keithrozario/5fef6955c1f4aa5baa706cbbbe78497e to your computer and use it in GitHub Desktop.
Reviews of people who've taken the exam: | |
http://www.securitysift.com/offsec-pwb-oscp/ - great detail and pythong scripts | |
https://codemonkeyism.co.uk/the-road-to-oscp/ | |
http://www.jasonbernier.com/oscp-review/ | |
https://www.cybrary.it/0p3n/prep-guide-offsecs-pwkoscp/ | |
https://itgeekchronicles.co.uk/2012/10/10/oscp-useful-resources/ | |
http://n3ko1.github.io/certification/2015/05/27/oscp---offensive-security-certified-professional/ (very good!!) | |
Windows Priviledge Escalation | |
http://www.fuzzysecurity.com/tutorials/16.html | |
https://toshellandback.com/2015/11/24/ms-priv-esc/ | |
Linux Priviledge Escalation | |
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ | |
http://pentestmonkey.net/category/tools/audit | |
Vulnerable host | |
https://www.vulnhub.com/ | |
Syllabus | |
https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf | |
Good snippets of advice: | |
If you’re still unsure, my overall recommendation is this…assuming you have working knowledge of the above topics, | |
get on exploit-db.com, find some buffer overflow exploits, download the vulnerable applications, break out your fuzzer, | |
debugger, and favorite scripting language, and start replicating the exploits from scratch. | |
,Penetration Testing : A Hands-On Introduction,The Hacker Playbook 2,The Shellcoder's handbook,The Web Applications Hacker's Handbook,RTFM: Red Team Field Manual,Metasploit : A Pentesters guide,Gray Hat Hacking,Violent Python,Black Hat Python,Basic Security Testing with Kali Linux,Hacking the art
Netcat/Ncat,Yes,,,,,,,Partial,,,
Wireshark,,,,,,,,,,,
Google Hacking,,Yes,,,,,,,,,
DNS Enumeration,,,,,,,,Yes,,,
Port Scanning,Yes,Yes,,,,,,Yes,Yes,,
Buffer Overflow,Yes,,Yes (detailed),,,,Yes (detailed),Partial,,,
Fuzzing,Yes,Yes,Yes (detailed),,,,Yes (detailed),,Yes,,
Priviledge Escalation,Yes,Yes,,,,,,,Yes (Windows),,
Client Side Attacks,Yes,,,Yes,,,Yes,,,,
XSS,Yes,Yes,,Yes (Detailed),,,Yes,,,,
File Inclusion,,,,,,,,,,,
SQL Injection,Yes,Yes,,Yes,,,,,,,
Password Attacks,Yes,Yes,,,,,,,,,
Port Redirection,,,,,,,,,,,
Metasploit,Yes,Yes,,,,Yes (detailed),,,,,
Penetration Phases,Yes,,,,,,,,,,
,Gray Hat Hacking,Penetration Testing : A Hands-On Introduction,The Hacker Playbook 2,The Shellcoder's handbook,The Web Applications Hacker's Handbook,RTFM: Red Team Field Manual,Hacking: The Art of Exploitation,Violent Python,Black Hat Python,Metasploit : A Pentesters guide,Basic Security Testing with Kali Linux
Netcat/Ncat,,Yes,,,,,,Partial,,,
Wireshark,,,,,,,,,,,
Google Hacking,,,Yes,,,,,,,,
DNS Enumeration,,,,,,,,Yes,,,
Port Scanning,,Yes,Yes,,,,Yes,Yes,Yes,,
Buffer Overflow,Yes (detailed),Yes,,Yes (detailed),,,Yes,Partial,,,
Fuzzing,Yes (detailed),Yes,Yes,Yes (detailed),,,,,Yes,,
Priviledge Escalation,,Yes,Yes,,,,,,Yes (Windows),,
Client Side Attacks,Yes,Yes,,,Yes,,,,,,
XSS,Yes,Yes,Yes,,Yes (Detailed),,,,,,
File Inclusion,,,,,,,,,,,
SQL Injection,,Yes,Yes,,Yes,,,,,,
Password Attacks,,Yes,Yes,,,,Yes,,,,
Port Redirection,,,,,,,,,,,
Metasploit,,Yes,Yes,,,,,,,,
Penetration Phases,,Yes,,,,,,,,,