Last active
June 12, 2018 00:14
-
-
Save keithrozario/5fef6955c1f4aa5baa706cbbbe78497e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Reviews of people who've taken the exam: | |
http://www.securitysift.com/offsec-pwb-oscp/ - great detail and pythong scripts | |
https://codemonkeyism.co.uk/the-road-to-oscp/ | |
http://www.jasonbernier.com/oscp-review/ | |
https://www.cybrary.it/0p3n/prep-guide-offsecs-pwkoscp/ | |
https://itgeekchronicles.co.uk/2012/10/10/oscp-useful-resources/ | |
http://n3ko1.github.io/certification/2015/05/27/oscp---offensive-security-certified-professional/ (very good!!) | |
Windows Priviledge Escalation | |
http://www.fuzzysecurity.com/tutorials/16.html | |
https://toshellandback.com/2015/11/24/ms-priv-esc/ | |
Linux Priviledge Escalation | |
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ | |
http://pentestmonkey.net/category/tools/audit | |
Vulnerable host | |
https://www.vulnhub.com/ | |
Syllabus | |
https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf | |
Good snippets of advice: | |
If you’re still unsure, my overall recommendation is this…assuming you have working knowledge of the above topics, | |
get on exploit-db.com, find some buffer overflow exploits, download the vulnerable applications, break out your fuzzer, | |
debugger, and favorite scripting language, and start replicating the exploits from scratch. | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
,Penetration Testing : A Hands-On Introduction,The Hacker Playbook 2,The Shellcoder's handbook,The Web Applications Hacker's Handbook,RTFM: Red Team Field Manual,Metasploit : A Pentesters guide,Gray Hat Hacking,Violent Python,Black Hat Python,Basic Security Testing with Kali Linux,Hacking the art
Netcat/Ncat,Yes,,,,,,,Partial,,,
Wireshark,,,,,,,,,,,
Google Hacking,,Yes,,,,,,,,,
DNS Enumeration,,,,,,,,Yes,,,
Port Scanning,Yes,Yes,,,,,,Yes,Yes,,
Buffer Overflow,Yes,,Yes (detailed),,,,Yes (detailed),Partial,,,
Fuzzing,Yes,Yes,Yes (detailed),,,,Yes (detailed),,Yes,,
Priviledge Escalation,Yes,Yes,,,,,,,Yes (Windows),,
Client Side Attacks,Yes,,,Yes,,,Yes,,,,
XSS,Yes,Yes,,Yes (Detailed),,,Yes,,,,
File Inclusion,,,,,,,,,,,
SQL Injection,Yes,Yes,,Yes,,,,,,,
Password Attacks,Yes,Yes,,,,,,,,,
Port Redirection,,,,,,,,,,,
Metasploit,Yes,Yes,,,,Yes (detailed),,,,,
Penetration Phases,Yes,,,,,,,,,,