(2/18)
I have encountered lot of people who told me that "I'll first learn all the aspects/skills required for OSCP and when i feels that I'm ready, Then I'll purchase the lab".
When I have purchased lab, I was also Not Ready. But this lines from Dr. Strange Movie motivated me.
I have encountered lot of people who told me that "I'll first learn all the aspects/skills required for OSCP and when i feels that I'm ready, Then I'll purchase the lab".
When I have purchased lab, I was also Not Ready. But this lines from Dr. Strange Movie motivated me.
(3/18)
If you have solved enough machines of Vulnhub and HackTheBox, You don't have to worry about anything.
Just Go for It.
OSCP related Vulnhub and HackTheBox Machines share by @TJ_Null in his blog:
If you have solved enough machines of Vulnhub and HackTheBox, You don't have to worry about anything.
Just Go for It.
OSCP related Vulnhub and HackTheBox Machines share by @TJ_Null in his blog:
(4/18)
For Web Application Pentest, Focus more on OWASP 2013's Server-side Vulnerabilities.
In Below image, I have listed few Web Application top attacks/vulnerabilities which i think you have to more focus on.
For Web Application Pentest, Focus more on OWASP 2013's Server-side Vulnerabilities.
In Below image, I have listed few Web Application top attacks/vulnerabilities which i think you have to more focus on.
(5/18)
Book I preferred when I started solving machines and building pentest methodology:
"Penetration Testing: A Hands-On Introduction to Hacking by @georgiaweidman "
amazon.com/Penetration-Te…
Book I preferred when I started solving machines and building pentest methodology:
"Penetration Testing: A Hands-On Introduction to Hacking by @georgiaweidman "
amazon.com/Penetration-Te…
(6/18)
Below are the top blogs I followed for Priv Esc during OSCP Journey :-
Linux/Windows Enumeration blog by @GuifreRuiz :
guif.re/linuxeop
guif.re/windowseop
Linux Privilege Escalation blog by @payatulabs :
payatu.com/guide-linux-pr…
Below are the top blogs I followed for Priv Esc during OSCP Journey :-
Linux/Windows Enumeration blog by @GuifreRuiz :
guif.re/linuxeop
guif.re/windowseop
Linux Privilege Escalation blog by @payatulabs :
payatu.com/guide-linux-pr…
(8/18)
Now come to Python for scripting/automation😍:
Videos: "Complete Python Bootcamp: Go from zero to hero in Python 3"
udemy.com/course/complet…
Book: "Think Python - How to Think Like a Computer Scientist"
greenteapress.com/wp/think-pytho…
Now come to Python for scripting/automation😍:
Videos: "Complete Python Bootcamp: Go from zero to hero in Python 3"
udemy.com/course/complet…
Book: "Think Python - How to Think Like a Computer Scientist"
greenteapress.com/wp/think-pytho…
(9/18)
Pivoting/Port Tunneling
"PWK Notes: Tunneling and Pivoting" by @0xdf_
0xdf.gitlab.io/2019/01/28/pwk…
"Explore Hidden Networks With Double Pivoting" by @m3karadag
pentest.blog/explore-hidden…
Pivoting/Port Tunneling
"PWK Notes: Tunneling and Pivoting" by @0xdf_
0xdf.gitlab.io/2019/01/28/pwk…
"Explore Hidden Networks With Double Pivoting" by @m3karadag
pentest.blog/explore-hidden…
(10/18)
And the last but not least, To whom most of people feared, but trust me its so much easy. Its like @offsectraining is giving you 25 points free😉 - Win32 BUFFER OVERFLOW😐 :-
And the last but not least, To whom most of people feared, but trust me its so much easy. Its like @offsectraining is giving you 25 points free😉 - Win32 BUFFER OVERFLOW😐 :-
(11/18)
I have followed Chapter No. 16 & 17 of "Penetration Testing - A hands-on introduction to Hacking" to better understand Buffer Overflow concepts.
But in above book of @georgiaweidman , Finding Bad Characters is not covered,
I have followed Chapter No. 16 & 17 of "Penetration Testing - A hands-on introduction to Hacking" to better understand Buffer Overflow concepts.
But in above book of @georgiaweidman , Finding Bad Characters is not covered,
(12/18)
Now you can go through her blog for "Finding Bad Characters with Immunity Debugger and Mona.py"
bulbsecurity.com/finding-bad-ch…
Now you can go through her blog for "Finding Bad Characters with Immunity Debugger and Mona.py"
bulbsecurity.com/finding-bad-ch…
(13/18)
Although I have also written blog on Win32 Buffer Overflow i.e "10 Easy Steps to Exploit Basic Stack-Based Buffer Overflow"
medium.com/@loopspell/10-…
Although I have also written blog on Win32 Buffer Overflow i.e "10 Easy Steps to Exploit Basic Stack-Based Buffer Overflow"
medium.com/@loopspell/10-…
(14/18)
Daily read at least 2-3 vulnerable machines walkthrough.
You can go through blog of @0xdf_ :
0xdf.gitlab.io
And for video, i would suggest Youtube channel of @ippsec :
youtube.com/channel/UCa6eh…
Daily read at least 2-3 vulnerable machines walkthrough.
You can go through blog of @0xdf_ :
0xdf.gitlab.io
And for video, i would suggest Youtube channel of @ippsec :
youtube.com/channel/UCa6eh…
(15/18)
Tips
1) Its an Always easy, if you solved enough machines of Lab then focus on what you already know. Don't make things over-complicated.
2) Try to solve Lab machines more than one way.
3) Use mona.py for Finding Bad Characters, it will save lot of time.
Tips
1) Its an Always easy, if you solved enough machines of Lab then focus on what you already know. Don't make things over-complicated.
2) Try to solve Lab machines more than one way.
3) Use mona.py for Finding Bad Characters, it will save lot of time.
(16/18)
4) Start enumeration with top 5 services first.
5) Read and watch OSCP Course Material carefully.
6) Take break every 2 hour during exam and drink lots of water (I got sick during exam😬)
7) Enumerate well if stuck, start again from basics.
4) Start enumeration with top 5 services first.
5) Read and watch OSCP Course Material carefully.
6) Take break every 2 hour during exam and drink lots of water (I got sick during exam😬)
7) Enumerate well if stuck, start again from basics.
(17/18)
And below is the blog that I have followed to set every day target during Lab time:
arvandy.com/category/oscp/
That All from my side.
Reply to this thread if you want to add something.
If you face any problem relates to Resources😉 then DM me.
And below is the blog that I have followed to set every day target during Lab time:
arvandy.com/category/oscp/
That All from my side.
Reply to this thread if you want to add something.
If you face any problem relates to Resources😉 then DM me.
Tip 8) Keep yourself update with latest linux privilege escalation technique/exploit
