Need help with OSCE-Prep?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

snoopysecurity
163 Stars 51 Forks 11 Commits 0 Opened issues

Description

A list of freely available resources that can be used as a prerequisite before taking OSCE.

Services available

!
?

Need anything else?

Contributors list

# 253,624
PHP
vulnera...
OCaml
program...
11 commits

OSCE PREP

This repository contains a list of freely available resources that can be used as a pre-requisite before enrolling in Offensive Security's Cracking the Perimeter (CTP) course and OSCE certification.

The following table shows notes, courses, challenges, and tutorials that can taken in preparation for the OSCE. It should be noted that the content within multiple sources do overlap each other so not all of these resources are needed.

Web Application Security

| Order | Name | Type | Link | |--- | ----- | ----- | --- | | 1 | PayloadsAllTheThings Directory Traversal CheatSheet | CheatSheet | https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal | | 2 | PayloadsAllTheThings XSS CheatSheet | CheatSheet | https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection | | 3 | XSS Payloads | Payloads | http://www.xss-payloads.com/ | | 4 | XSS to Domain Admin | Webinar | https://www.elearnsecurity.com/resources/webinar_video/xss-to-domain-admin/ | | 5 | LFI to RCE Exploit with Perl Script | Paper | https://www.exploit-db.com/papers/12992 | | 6 | Using XSS to bypass CSRF protection | Paper | https://www.exploit-db.com/docs/13534 | | 7 | Local File Inclusion (LFI) | Paper | https://www.exploit-db.com/docs/english/40992-web-app-penetration-testing---local-file-inclusion-(lfi).pdf |

Anti Detection

| Order | Name | Type | Link | |--- | ----- | ----- | --- | | 1 | Backdooring PE Files - Part 1 | Blog | http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-1.html | | 2 | Backdooring PE Files - Part 2 | Blog | http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-2.html | | 3 | Backdooring Windows EXEs for Fun and Profit | Blog | http://ly0n.me/2015/07/09/backdooring-windows-exes-for-fun-and-profit-part-1/ | | 4 | Art of Anti Detection – 1 | Paper | https://www.exploit-db.com/docs/40900.pdf | | 5 | Art of Anti Detection – 2 | Paper | https://www.exploit-db.com/docs/41129.pdf | | 6 | Art of Anti Detection – 2 | Paper | https://www.exploit-db.com/docs/41129.pdf | | 7 | Art of Anti Detection – 1 Blog | Blog | https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/ | | 8 | Art of Anti Detection – 2 Blog | Blog | https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/ | | 9 | Art of Anti Detection – 3 Blog | Blog | https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/ | | 10 | Art of Anti Detection – 4 Blog | Blog | https://pentest.blog/art-of-anti-detection-4-self-defense/ |

Assembly Language

| Order | Name | Type | Link | |--- | ----- | ----- | --- | | 1 | Skullsecurity Assembly Language Wiki | Blog | https://wiki.skullsecurity.org/index.php?title=Assembly | | 2 | Sensepost A Crash Course in x86 Assembly for Reverse Engineers | Paper | https://sensepost.com/blogstatic/2014/01/SensePostcrashcourseinx86_assembly-.pdf | | 3 | SecurityTube Windows Assembly Language Megaprimer | Videos | http://www.securitytube.net/groups?operation=view&groupId=6 |

Fuzzing

| Order | Name | Type | Link | |--- | ----- | ----- | --- | | 1 | Introduction to Network Protocol Fuzzing & Buffer Overflow Exploitation | Blog | https://blog.own.sh/introduction-to-network-protocol-fuzzing-buffer-overflow-exploitation/ | | 2 | HowTo: ExploitDev Fuzzing | Blog | https://hansesecure.de/2018/03/howto-exploitdev-fuzzing/ | | 3 | [VulnServer] Exploiting TRUN Command via Vanilla EIP Overwrite | Blog | https://captmeelo.com/exploitdev/osceprep/2018/06/27/vulnserver-trun.html | | 4 | CTP/OSCE Prep – Boofuzzing Vulnserver for EIP Overwrite | Blog | https://h0mbre.github.io/BoofuzztoEIP_Overwrite/# | | 5 | Boofuzz – A helpful guide (OSCE – CTP) | Blog | https://zeroaptitude.com/zerodetail/fuzzing-with-boofuzz/ |

Exploit Development

| Order | Name | Type | Link | |--- | ----- | ----- | --- | | 1 | DEFCON 16: BackTrack Foo - From bug to 0day | Presentation | https://www.youtube.com/watch?v=gHISpAZiAm0 | | 2 | Corelan Exploit Writing Tutorial part 1: Stack Based Overflows | Blog | http://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ | | 3 | Corelan Exploit Writing Tutorial part 2: Stack Based Overflows | Blog | http://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/ | | 4 | Corelan Exploit Writing Tutorial part 3: SEH Based Exploits | Blog| http://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/ | | 5 | Corelan Exploit Writing Tutorial part 3b: SEH Based Exploits | Blog | http://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ | | 6 | Corelan Exploit Writing Tutorial part 4: From Exploit to Metasploit | Blog | http://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ | | 7 | Corelan Exploit Writing Tutorial part 5: How debugger modules & plugins can speed up basic exploit development | Blog | http://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/ | | 8 | Corelan Exploit Writing Tutorial part 6: Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR | Blog | http://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/ | | 9 | Corelan Exploit Writing Tutorial part 7: Unicode from 0x00410041 to calc | Blog | http://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/ | | 10 | Corelan Exploit Writing Tutorial part 8: Win32 Egg Hunting | Blog | http://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/ | | 11 | Corelan Exploit Writing Tutorial part 9: Introduction to Win32 shellcoding | Blog | http://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/ | | 12 | Mona py : The Exploit Writer's Swiss Army Knife | Presentation | https://www.youtube.com/watch?v=y2zrEAwmdws | | 13 | Eliminating the bad characters in your Exploit | Presentation | https://www.youtube.com/watch?v=IOjl3tU1Ht8 | | 14 | Understanding Windows Shellcode | Paper | http://www.hick.org/code/skape/papers/win32-shellcode.pdf | | 15 | Safely Searching Process Virtual Address Space | Paper | http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf |

Practical

| Order | Name | Type | Link | |--- | ----- | ----- | --- | | 1 | Vulnserver | Lab | https://github.com/stephenbradshaw/vulnserver | | 2 | Fuzzysecurity Part 1: Introduction to Exploit Development | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/1.html | | 3 | Fuzzysecurity Part 2: Saved Return Pointer Overflows | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/2.html | | 4 | Fuzzysecurity Part 3: Part 3: Structured Exception Handler (SEH) | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/3.html | | 5 | Fuzzysecurity Part 4: Egg Hunters | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/4.html | | 6 | Fuzzysecurity Part 5: Unicode 0x00410041 | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/5.html | | 7 | Fuzzysecurity Part Part 6: Writing W32 shellcode | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/6.html | | 8 | SecuritySift Windows Exploit Development – Part 1: The Basics | Tutorial | https://www.securitysift.com/windows-exploit-development-part-1-basics/ | 9 | SecuritySift Windows Exploit Development – Part 2: StackOverflow | Tutorial | https://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/ | 10 | SecuritySift Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules | Tutorial | https://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/ | 11 | SecuritySift Windows Exploit Development – Part 4: Locating Shellcode Jumps) | Tutorial | https://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/ | 12 | SecuritySift Windows Exploit Development – Part 5: Locating Shellcode Egghunting | Tutorial | https://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/ | 13 | SecuritySift Windows Exploit Development – Part 6: SHE Exploits | Tutorial | https://www.securitysift.com/windows-exploit-development-part-6-seh-exploits/ | 14 | SecuritySift Windows Exploit Development – Part 7: Unicode Buffer Overflows | Tutorial | https://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows/

Network Security

| Order | Name | Type | Link | |--- | ----- | ----- | --- | | 1 | Cisco SNMP configuration attack with a GRE tunnel | Blog | https://www.symantec.com/connect/articles/cisco-snmp-configuration-attack-gre-tunnel | | 2 | Bypassing Cisco SNMP access lists using Spoofed SNMP Requests| Blog | http://new.remote-exploit.org/index.php/SNMP_Spoof | | 3 | Bypassing Router’s Access Control List (ACL) | Blog | https://securityshards.wordpress.com/2016/02/05/bypassing-routers-access-control-list-acl/ |

Misc/Extra

| Order | Name | Type | Link | |--- | ----- | ----- | --- | | 1 | Mona.py The Manual | Cheatsheet | https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/r | | 2 | Windows Reverse Shell Shellcode I | log | http://sh3llc0d3r.com/windows-reverse-shell-shellcode-i/ | | 3 | hellcoding for Linux and Windows Tutorial | Blog |http://www.vividmachines.com/shellcode/shellcode.html#ws | | 4 | peCloak.py – An Experiment in AV Evasion | Tool | https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/ | | 5 | EggSandwich – An Egghunter with Integrity | Tool | https://www.securitysift.com/eggsandwich-egghunter-integrity/ | | 6 | Live Demo from Backtrack to the MAX 1/5 | Tool | https://www.youtube.com/watch?v=kwq5VQj3Ils | | 7 | Live Demo from Backtrack to the MAX 2/5 | Tool | https://www.youtube.com/watch?v=ykfHy2lX88c | | 8 | Live Demo from Backtrack to the MAX 3/5 | Tool | https://www.youtube.com/watch?v=IWf7UM7qX0M | | 9 | Live Demo from Backtrack to the MAX 4/5 | Tool | https://www.youtube.com/watch?v=azepnwdVfyU | | 10 | Live Demo from Backtrack to the MAX 5/5 | Tool | https://www.youtube.com/watch?v=6gmAoW1mtYg | | 11 | CTP/OSCE Scripts | Repository | https://github.com/h0mbre/CTP-OSCE | | 12 | OSCE-exam-practice | Repository | https://github.com/epi052/OSCE-exam-practice | | 13 | Vulnserver: Fuzzing and Exploits | Repository | https://github.com/ricardojoserf/vulnserver-exploits |

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.