Discover and read the best of Twitter Threads about #OSCP
Most recents (17)
Looking to kickstart your career in cybersecurity?
You can do it all with FREE resources and a clear step-by-step path
Here is How 🧵
#infosec #cybersecurity #pentesting #oscp @tryhackme #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Linux
You can do it all with FREE resources and a clear step-by-step path
Here is How 🧵
#infosec #cybersecurity #pentesting #oscp @tryhackme #hacking #cissp #redteam #technology #DataSecurity #CyberSec #Linux
1️⃣ Level - Introduction to OpenVPN
🅰️ OpenVPN: How to Connect
-OpenVPN - Windows
-OpenVPN - Linux
-OpenVPN - MacOS
The room is free complete it.👇
tryhackme.com/room/openvpn
🅰️ OpenVPN: How to Connect
-OpenVPN - Windows
-OpenVPN - Linux
-OpenVPN - MacOS
The room is free complete it.👇
tryhackme.com/room/openvpn
2️⃣ Introductory Research Walkthrough
Here you will learn
- How to research
- How to search for vulnerabilities
The room is free complete it.👇
tryhackme.com/room/introtore…
Here you will learn
- How to research
- How to search for vulnerabilities
The room is free complete it.👇
tryhackme.com/room/introtore…
🧵Free Resources to Help Your Learning Journey 🧵
🔴VulnHub- gain hands-on experience in #cybersecurity: vulnhub.com
🔴Proving Grounds Play- free practice labs with dedicated machines: offensive-security.com/labs/individua…
🔴Exploit Database - an archive of public exploits: exploit-db.com
🔴Proving Grounds Play- free practice labs with dedicated machines: offensive-security.com/labs/individua…
🔴Exploit Database - an archive of public exploits: exploit-db.com
Twitch
🟣OffSec Live- demonstrations and walkthroughs of course Topics and Proving Grounds machines. Sessions also offer career guidance, including how to build a resume, how to break into #cybersecurity, and interview tips: twitch.tv/offsecofficial
🟣OffSec Live- demonstrations and walkthroughs of course Topics and Proving Grounds machines. Sessions also offer career guidance, including how to build a resume, how to break into #cybersecurity, and interview tips: twitch.tv/offsecofficial
🧵Free Resources to Help Your Learning Journey 🧵
Hacking Practice
🔴VulnHub: vulnhub.com
🔴Proving Grounds Play- free practice labs with dedicated machines: offensive-security.com/labs/individua…
🔴Exploit Database - an archive of public exploits and corresponding vulnerable software: exploit-db.com
🔴VulnHub: vulnhub.com
🔴Proving Grounds Play- free practice labs with dedicated machines: offensive-security.com/labs/individua…
🔴Exploit Database - an archive of public exploits and corresponding vulnerable software: exploit-db.com
Twitch
🟣OffSec Live- demonstrations and walkthroughs of course Topics and Proving Grounds machines. Sessions also offer career guidance, including how to build a resume, how to break into #cybersecurity, and interview tips: twitch.tv/offsecofficial
🟣OffSec Live- demonstrations and walkthroughs of course Topics and Proving Grounds machines. Sessions also offer career guidance, including how to build a resume, how to break into #cybersecurity, and interview tips: twitch.tv/offsecofficial
LEARNING OSCP: Day #8
Initial Access tips #1
1. Don't rely on a single wordlist. I had instances where I couldn't find a hidden directory with dirbuster list, I got it when I ran with the dirb big.txt.
2. Don't forget to add extensions to directories: php, txt, html, etc.
#oscp
Initial Access tips #1
1. Don't rely on a single wordlist. I had instances where I couldn't find a hidden directory with dirbuster list, I got it when I ran with the dirb big.txt.
2. Don't forget to add extensions to directories: php, txt, html, etc.
#oscp
3. Try default passwords on every login function, ftp, ssh, mysql, smb, webdav, pop, etc. Search for the default creds for a specific web software and try to apply an educated guess if the original ones don't work.
4. Always check the source code, for usernames, passwords, etc.
4. Always check the source code, for usernames, passwords, etc.
5. Bruteforce all authenticated services with identified strings which look like usernames.
6. Use README.txt/LICENSE.txt/CHANGELOG.txt for enumerating service versions.
7. Not every exploit is available on searchsploit, many times custom exploits from google/github work fine.
6. Use README.txt/LICENSE.txt/CHANGELOG.txt for enumerating service versions.
7. Not every exploit is available on searchsploit, many times custom exploits from google/github work fine.
#OSCP prep tips from George Raileanu, Content Developer at OffSec
👇🧵
👇🧵
1/6 Time management, practicing on boxes, and ironing out a methodology are my best pieces of advice.
2/6 In addition to the PEN-200 lab boxes, there are a good number of PG boxes that are very similar (some say harder) to the exam.
LEARNING OSCP: Day #7
Rooted a whole AD domain.
I will share my methodology. There are multiple paths and ways to gain access and move laterally, multiple tools and techniques will work.
I must say the AD in OSCP is pretty easy and straightforward.
#oscp #infosec
Rooted a whole AD domain.
I will share my methodology. There are multiple paths and ways to gain access and move laterally, multiple tools and techniques will work.
I must say the AD in OSCP is pretty easy and straightforward.
#oscp #infosec
For initial access:
1. Start with the box having a web server, it is the most common path.
2. Use revshells.com for powershell payloads, I prefer the base64 one
3. Just remember Windows prefers '\' rather than '/', don't mess up the syntax. (C:\Users and not C:/Users)
1. Start with the box having a web server, it is the most common path.
2. Use revshells.com for powershell payloads, I prefer the base64 one
3. Just remember Windows prefers '\' rather than '/', don't mess up the syntax. (C:\Users and not C:/Users)
For AD enumeration:
1. Use adPEAS, just like linpeas and winpeas, it is a powershell script for automating domain info gathering and lateral movement vectors: github.com/61106960/adPEAS
2. I would recommend to perform the enum manually before using this to understand better.
1. Use adPEAS, just like linpeas and winpeas, it is a powershell script for automating domain info gathering and lateral movement vectors: github.com/61106960/adPEAS
2. I would recommend to perform the enum manually before using this to understand better.
LEARNING OSCP: Day #2
Finished watching all the course videos. Took me 10 days, with about an hour a day, at 2x speed.
It starts from the basics, but elevates real fast. You'll learn about using Kali Linux, and the bash environment (a complete module for that).
#oscp #infosec
Finished watching all the course videos. Took me 10 days, with about an hour a day, at 2x speed.
It starts from the basics, but elevates real fast. You'll learn about using Kali Linux, and the bash environment (a complete module for that).
#oscp #infosec
It will teach you about connection tools like netcat/socat/PowerShell/Powercat, and using them practically for file transfers, reverse/bind listeners, and channelizing I/O.
We also learn to make simple bash scripts for automation. You'll have practical exercises for each module.
We also learn to make simple bash scripts for automation. You'll have practical exercises for each module.
The modules passive info gathering isn't much of a requirement in the exam, though there are some useful tools like google dorks and shodan that might help.
Active info gathering is useful for DNS, SMB, Port scanning, NFS, SMTP and SNMP Enumerations.
Active info gathering is useful for DNS, SMB, Port scanning, NFS, SMTP and SNMP Enumerations.
OSCP (Offensive Security Certified Professional) Pass and Preparation - Tips and Tricks 💡
A thread🧵
A thread🧵
OSCP journey how I passed #OSCP with 100 points in 10 hours.
johnchakauya.medium.com/oscp-journey-h…
johnchakauya.medium.com/oscp-journey-h…
OSCP (Offensive Security Certified Professional) Pass and Preparation - Tips and Tricks💡
A thread🧵
#oscp #CyberSecurity #infosec
A thread🧵
#oscp #CyberSecurity #infosec
1. [John J Hacking](johnjhacking.com/blog/the-oscp-…)
2. [0x4D31/awesome-oscp: A curated list of awesome OSCP resources (github.com)](github.com/0x4D31/awesome…)
An AWESOME 🧵 THREAD ON OSCP...⤵
#cybersecurity #infosec #oscp
@offsectraining @three_cube @theXSSrat
#cybersecurity #infosec #oscp
@offsectraining @three_cube @theXSSrat
BLOGS:
hacksplaining.com
abatchy.com/search/label/O…
techexams.net/forums/securit…
jasonbernier.com/oscp-review/
localhost.exposed/path-to-oscp/
pinboard.in/u:unfo/t:oscp
hacksplaining.com
abatchy.com/search/label/O…
techexams.net/forums/securit…
jasonbernier.com/oscp-review/
localhost.exposed/path-to-oscp/
pinboard.in/u:unfo/t:oscp
The Basics - Start Here
To get more comfortable with Linux, scripting, TCP/IP, etc. I recommend starting with these, especially if you don't have much/any experience
pentesterlab.com/bootcamp
penguintutor.com/linux/basic-ne…
cybrary.it/course/advance…
tulpasecurity.files.wordpress.com/2016/09/tulpa-…
To get more comfortable with Linux, scripting, TCP/IP, etc. I recommend starting with these, especially if you don't have much/any experience
pentesterlab.com/bootcamp
penguintutor.com/linux/basic-ne…
cybrary.it/course/advance…
tulpasecurity.files.wordpress.com/2016/09/tulpa-…
OSCP Preparation resources 🔥
(1/3)
github.com/0x4D31/awesome…
github.com/RustyShacklefo…
github.com/cpardue/OSCP-P…
github.com/gh0x0st/OSCP-A…
github.com/noraj/OSCP-Exa…
github.com/wwong99/pentes…
github.com/omurugur/OSCP
gist.github.com/natesubra/5117…
#cybersecurity #OSCP #infosec
(1/3)
github.com/0x4D31/awesome…
github.com/RustyShacklefo…
github.com/cpardue/OSCP-P…
github.com/gh0x0st/OSCP-A…
github.com/noraj/OSCP-Exa…
github.com/wwong99/pentes…
github.com/omurugur/OSCP
gist.github.com/natesubra/5117…
#cybersecurity #OSCP #infosec
(2/3)
github.com/whoisflynn/OSC…
github.com/strongcourage/…
github.com/CyDefUnicorn/O…
github.com/DriftSec/AutoR…
gist.github.com/unfo/5ddc85671…
github.com/six2dez/OSCP-H…
github.com/tagnullde/OSCP
github.com/superhero1/OSC…
github.com/The-Lynx-Team/…
github.com/chvancooten/OS…
#cybersecurity #OSCP
github.com/whoisflynn/OSC…
github.com/strongcourage/…
github.com/CyDefUnicorn/O…
github.com/DriftSec/AutoR…
gist.github.com/unfo/5ddc85671…
github.com/six2dez/OSCP-H…
github.com/tagnullde/OSCP
github.com/superhero1/OSC…
github.com/The-Lynx-Team/…
github.com/chvancooten/OS…
#cybersecurity #OSCP
Made a massive repository for the preparation of OSCP. Take complete advantage of it and share it with others and your pentesting partners.
#OSCP #cybersecurity #infosec #github #repository
Inspirations: @three_cube @offsectraining @theXSSrat @hakluke
github.com/Cyber-Junk/OSC…
#OSCP #cybersecurity #infosec #github #repository
Inspirations: @three_cube @offsectraining @theXSSrat @hakluke
github.com/Cyber-Junk/OSC…
discord.gg/ZmCmkw2enz check it out for a huge list of tools for pentesting [100+(tools and courses)]>>
A Big Curated List Of Resources For OSCP Prepration
A thread 🚨 👇
#infosec #cybersecurity
#bugbounty #oscp @offsectraining
A thread 🚨 👇
#infosec #cybersecurity
#bugbounty #oscp @offsectraining
Offensive Security Certified Professional is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution.
All about OSCP : oscp.infosecsanyam.in
>2
All about OSCP : oscp.infosecsanyam.in
>2
initinfosec's #PWK / #OSCP survival tips/thoughts. Thread of tips/tricks to hopefully help in PWK/OSCP:
caveat emptor:
* i'm a scrub, trust but verify?
* none are novel/new, YMMV
* can only speak to my own exp
* in no particular order
* added to/updated at random
GL;HF
1/x
caveat emptor:
* i'm a scrub, trust but verify?
* none are novel/new, YMMV
* can only speak to my own exp
* in no particular order
* added to/updated at random
GL;HF
1/x
RCE to shell:
In OSCP world, usually the time to dig in, if you truly have RCE, just need to be clever and creative.
For rev shells, see above. Try common ports or ones on target likely to be allowed by FW.
1/x
In OSCP world, usually the time to dig in, if you truly have RCE, just need to be clever and creative.
For rev shells, see above. Try common ports or ones on target likely to be allowed by FW.
1/x
That doesn't work? Try URL-encoding and/or bash -c 'rev_shell_cmd' - redirection can get weird.
That doesn't work? Try alt methods - bind shell? look for creds or SSH keys for users? Upload a webshell (i like github.com/WhiteWinterWol…) for easier time working.
2/x
That doesn't work? Try alt methods - bind shell? look for creds or SSH keys for users? Upload a webshell (i like github.com/WhiteWinterWol…) for easier time working.
2/x
#OSCP exam advice thread.
Someone recently asked me if I have any advice for the OSCP exam, and I decided to share it with everyone in case someone else finds it useful.
Here's the advice I gave:
Someone recently asked me if I have any advice for the OSCP exam, and I decided to share it with everyone in case someone else finds it useful.
Here's the advice I gave:
1. Stay calm. Chances are at some point during the exam you’re going to think you’re going to fail. It happens to everyone including myself. When that happens, take a break and repeat to yourself that you’re prepared and that OS designed the exam in a way that it can be completed
2. When stuck on something always google the technology + HTB/vulnhub/oscp. You won’t find the exact solution but you’re likely to find something similar that might nudge you in the right direction.
OSCP Review, Resources, and Tips
Hy Guys, I have got lots DMs relates review and preparation. So now I'll try to cover important points in this short OSCP review.
P.S: I'm noob and this review is based on my experience and methodology in OSCP.
(1/18)
#oscp #offsec
Hy Guys, I have got lots DMs relates review and preparation. So now I'll try to cover important points in this short OSCP review.
P.S: I'm noob and this review is based on my experience and methodology in OSCP.
(1/18)
#oscp #offsec
(2/18)
I have encountered lot of people who told me that "I'll first learn all the aspects/skills required for OSCP and when i feels that I'm ready, Then I'll purchase the lab".
When I have purchased lab, I was also Not Ready. But this lines from Dr. Strange Movie motivated me.
I have encountered lot of people who told me that "I'll first learn all the aspects/skills required for OSCP and when i feels that I'm ready, Then I'll purchase the lab".
When I have purchased lab, I was also Not Ready. But this lines from Dr. Strange Movie motivated me.
(3/18)
If you have solved enough machines of Vulnhub and HackTheBox, You don't have to worry about anything.
Just Go for It.
OSCP related Vulnhub and HackTheBox Machines share by @TJ_Null in his blog:
If you have solved enough machines of Vulnhub and HackTheBox, You don't have to worry about anything.
Just Go for It.
OSCP related Vulnhub and HackTheBox Machines share by @TJ_Null in his blog:
There were some days when I wasn't learning anything,I was not satisfied with the way life was going on,then I heard about most challenging certificate in security #OSCP.I read more than 100 reviews of it and everyone was calling it as tough and requires "TRY HARDER" attitude.
I registered 4 it because I want huge kick on my ass.On first day,I don't even know abt port scanning.Yes,I was ok/somewhat good in linux but never went deep into topics which can be used in exploitation,never knew in my life that gathering info is having significant importance.
I see so many people even with experience doesn't pass OSCP on their first attempt so when I was starting my journey I knew it is going to be hell amount of tough for me. But,today I am #OSCP certified and that too on my first attempt. Journey doesn't stop here,it actually starts
