Need help with oscp?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

ferreirasc
414 Stars 163 Forks 74 Commits 2 Opened issues

Description

oscp study

Services available

!
?

Need anything else?

Contributors list

Oscp study

Notes of my Offensive Security Certified Professional (OSCP) study plan.

Last updated: 2019-04-10

OSCP-like VMs on Vulnhub:

  • Beginner friendly:
    • Kioptrix: Level 1 (#1) [ok]
    • Kioptrix: Level 1.1 (#2) [ok]
    • Kioptrix: Level 1.2 (#3) [ok]
    • Kioptrix: Level 1.3 (#4) [ok]
    • FristiLeaks: 1.3 [ok]
    • Stapler: 1 [ok]
    • PwnLab: init [ok]
    • Pluck: 1 [ok]
    • W1R3S: 1.0.1 [ok]
  • Intermediate:
    • Kioptrix: 2014 [ok]
    • Brainpan: 1 (Part 1 of BO is relevant to OSCP. egghunting is out of scope though)
    • Mr-Robot: 1 [ok]
    • HackLAB: Vulnix [ok]
    • Not so sure (Didn't solve them yet):
    • VulnOS: 2 [ok]
    • SickOs: 1.2 [ok]
    • /dev/random: scream
    • pWnOS: 2.0
    • SkyTower: 1
    • IMF
    • Lord of the Root 1.0.1 [ok]
    • Tr0ll
    • Pegasus
    • SkyTower [ok]
  • Windows
    • Metasploitable 3
    • Bobby: 1 (Uses VulnInjector, need to provide you own ISO and key.)

(credits for @abatchy)

Link to download VMs: http://vulnhub.com

Hackthebox.eu (HTB)

I strongly recommend the boxes on the hackthebox.eu to study for OSCP cert. HTB have a good set of windows boxes to training: Devel, Optimum, Bastard, Grandpa, Blue, Sizzle, Reel.

My hackthebox profile: https://www.hackthebox.eu/profile/5823. Feel free to contact me there :)

PS: It's necessary solve a little "challenge" to obtain the invite.

Recommended books:

Penetration Testing: A Hands-On Introduction to Hacking (+Highly recommended for beginners)
Hacking: The Art of Exploitation, 2nd Edition
Rtfm: Red Team Field Manual
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws
The Hacker Playbook: Practical Guide To Penetration Testing

Stack-based buffer overflow links [must-read]:

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ [Recommended]
http://www.tenouk.com/Bufferoverflowc/Bufferoverflow1.html
https://raw.githubusercontent.com/m0nad/Papers/master/bufferoverflowiniciantes.txt [PT-BR]

Other interesting links:

https://forum.hackthebox.eu/discussion/1655/oscp-exam-review-2019-notes-gift-inside/p1 [+ EXCELLENT tool from @21y4d to enumeration... I really recommend it :) ]
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ [Linux privilege escalation]
http://www.fuzzysecurity.com/tutorials/16.html [Windows privilege escalation]
http://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html
https://www.securitysift.com/offsec-pwb-oscp/ [+Scripts]
http://hackingandsecurity.blogspot.com.br/2016/04/oscp-related-notes.html
http://rtfm-ctf.org/2017/PWN-PATH-TO-OSCP
http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html [RECOMMENDED reading]
https://tulpa-security.com/2016/09/19/prep-guide-for-offsecs-pwk/

My write-ups

Kioptrix level 1
Kioptrix level 1.1
Kioptrix level 1.2

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.