-
Offensive Security’s PWB and OSCP — My Experience http://www.securitysift.com/offsec-pwb-oscp/
-
OSCP Journey https://scriptkidd1e.wordpress.com/oscp-journey/
-
Down with OSCP http://ch3rn0byl.com/down-with-oscp-yea-you-know-me/
-
Jolly Frogs - Tech Exams (Very thorough)
http://www.techexams.net/forums/security-certifications/110760-oscp-jollyfrogs-tale.html
-
Walk through of Tr0ll-1 - Inspired by on the Trolling found in the OSCP exam https://highon.coffee/blog/tr0ll-1-walkthrough/ Another walk through for Tr0ll-1 https://null-byte.wonderhowto.com/how-to/use-nmap-7-discover-vulnerabilities-launch-dos-attacks-and-more-0168788/ Taming the troll - walkthrough https://leonjza.github.io/blog/2014/08/15/taming-the-troll/ Troll download on Vuln Hub https://www.vulnhub.com/entry/tr0ll-1,100/
-
Sickos - Walkthrough: https://highon.coffee/blog/sickos-1-walkthrough/ Sickos - Inspired by Labs in OSCP https://www.vulnhub.com/series/sickos,70/
-
Lord of the Root Walk Through https://highon.coffee/blog/lord-of-the-root-walkthrough/ Lord Of The Root: 1.0.1 - Inspired by OSCP https://www.vulnhub.com/series/lord-of-the-root,67/
-
Tr0ll-2 Walk Through https://leonjza.github.io/blog/2014/10/10/another-troll-tamed-solving-troll-2/ Tr0ll-2 https://www.vulnhub.com/entry/tr0ll-2,107/
-
Penetration Tools Cheat Sheet https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
-
Pen Testing Bookmarks https://github.com/kurobeats/pentest-bookmarks/blob/master/BookmarksList.md
-
OSCP Cheatsheets https://github.com/slyth11907/Cheatsheets
-
CEH Cheatsheet https://scadahacker.com/library/Documents/Cheat_Sheets/Hacking%20-%20CEH%20Cheat%20Sheet%20Exercises.pdf
-
Net Bios Scan Cheat Sheet https://highon.coffee/blog/nbtscan-cheat-sheet/
-
Reverse Shell Cheat Sheet https://highon.coffee/blog/reverse-shell-cheat-sheet/
-
NMap Cheat Sheet https://highon.coffee/blog/nmap-cheat-sheet/
-
Linux Commands Cheat Sheet https://highon.coffee/blog/linux-commands-cheat-sheet/
-
Security Hardening CentO 7 https://highon.coffee/blog/security-harden-centos-7/
-
MetaSploit Cheatsheet https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
-
Google Hacking Database: https://www.exploit-db.com/google-hacking-database/
-
Windows Assembly Language Mega Primer http://www.securitytube.net/groups?operation=view&groupId=6
-
Linux Assembly Language Mega Primer http://www.securitytube.net/groups?operation=view&groupId=5
-
Metasploit Cheat Sheet https://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
-
A bit dated but most is still relevant
http://hackingandsecurity.blogspot.com/2016/04/oscp-related-notes.html
-
NetCat
-
http://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
-
http://www.secguru.com/files/cheatsheet/nessusNMAPcheatSheet.pdf
-
http://sbdtools.googlecode.com/files/hping3_cheatsheet_v1.0-ENG.pdf
-
http://sbdtools.googlecode.com/files/Nmap5%20cheatsheet%20eng%20v1.pdf
-
http://www.sans.org/security-resources/sec560/misc_tools_sheet_v1.pdf
-
http://rmccurdy.com/scripts/Metasploit%20meterpreter%20cheat%20sheet%20reference.html
-
Exploit-db https://www.exploit-db.com/
-
SecurityFocus - Vulnerability database http://www.securityfocus.com/
-
Vuln Hub - Vulnerable by design https://www.vulnhub.com/
-
Exploit Exercises https://exploit-exercises.com/
-
SecLists - collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads https://github.com/danielmiessler/SecLists
-
Security Tube http://www.securitytube.net/
-
Metasploit Unleashed - free course on how to use Metasploit https://www.offensive-security.com/metasploit-unleashed/
-
0Day Security Enumeration Guide http://www.0daysecurity.com/penetration-testing/enumeration.html
-
Github IO Book - Pen Testing Methodology https://monkeysm8.gitbooks.io/pentesting-methodology/
-
Fuzzy Security http://www.fuzzysecurity.com/tutorials/16.html
-
accesschk.exe https://technet.microsoft.com/en-us/sysinternals/bb664922
-
Windows Priv Escalation For Pen Testers https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
-
Elevating Privileges to Admin and Further https://hackmag.com/security/elevating-privileges-to-administrative-and-further/
-
Transfer files to windows machines https://blog.netspi.com/15-ways-to-download-a-file/
-
Windows-Privesc/windows privesc sectalks BNE0x19.pdf https://github.com/codingo/Windows-Privesc/blob/master/windows%20privesc%20sectalks%20BNE0x19.pdf
- A few HBH Updates
- A site to test and learn about web hacking
- Backdoor
- CTFLearn (a new CTF based learning platform with user-contributed challenges)
- CTFs · GitHub
- Embedded Security CTF (one of the best interfaces, a good difficulty curve and introduction to low-level reverse engineering, specifically on an MSP430)
- Exploit Exercises
- Go ahead and ScanMe!
- Hacker Challenges
- Hacking Challenges
- RingZer0
- Mod
- Net
- Reversing.Kr
- Roothack.org
- SmashTheStack Wargaming Network
- TheBlacksheep at www.bright
- Wargames
- World Wide Web Challenges
- Xtreme Vulnerable Web Application (XVWA)
- http://intruded.net
- http://pwnable.kr one of the most popular recent wargamming sets of challenges
- https://pwn0.com
- io.netgarage.org
- picoCTF 2017Designed for high school students while the event is usually new every year, it's left online and has a great - difficulty progression
- plateforme d'apprentissage dédiée au Hacking et à la Sécurité de l'Information
dead linkdead linkdead linkdead linkdead linkdead linkdead linkdead linkdead linkdead linkdead linkdead linkdead linkdead linkdead linkdead linkdead linkdead link
- Recent Tags
- Add bookmarks to this folder to see them displayed on the Bookmarks Toolbar
- Forums
- Offensive Security Training student forums
- Support
- IRC
- Reporting
- Control Panel
- Exploitdb
- The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.
- Regex cheatsheet
- TL;DR Pages
- Simplified, community-driven man pages!
- Markdown Cheatsheet
- markdown-here - Google Chrome, Firefox, and Thunderbird extension that lets you write email in Markdown and render it before sending.
- CVEDetails
- Openbsd Openssh security vulnerabilities, exploits, metasploit modules, vulnerability statistics and list of versions
- FuzzySecurity | Windows Privilege Escalation Fundamentals
- Privilege Escalation - Windows · Security - My notepad
- OSCP Survival Guide
- OSCP-Survival-Guide - Kali Linux Offensive Security Certified Professional Survival Exam Guide
- SecLists
- SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.
- Guide to Alpha
- Welcome to Offensive Security's complete guide to "Alpha".
Warning. This thread contains spoilers. Please note that Alpha cannot be included in your Lab Report
Table of Contents:
Introduction Abstract/Overview Reconnaissance
- SSH Bad Keys
- ssh-badkeys - A collection of static SSH keys (public and private) that have made their way into software and hardware products.
- Port 135 - MSRPC · Pentesting Methodology
- Internet Security by Zscaler
Jim Wilbur's Blog OSCP Links This is a list of links I used while studying for the Offensive Security Certified Professional (OSCP) exam. Reverse Shell Cheat Sheet – http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet Offensive Security’s Exploit Database Archive – https://www.exploit-db.com/ OSCP resource gold mine – https://backdoorshell.gitbooks.io/oscp-useful-links/content/ 0x0 Exploit Tutorial: Buffer Overflow – Vanilla EIP Overwrite – http://www.primalsecurity.net/0x0-exploit-tutorial-buffer-overflow-vanilla-eip-overwrite-2/ Basic Linux Privilege Escalation – https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation Vulnerable by Design – https://vulnhub.com Elevating privileges by exploiting weak folder permissions – www.greyhathacker.net/?p=738/ NSEDoc Reference – https://nmap.org/nsedoc/ Encyclopaedia Of Windows Privilege Escalation – Brett Moore – www.youtube.com/watch?v=kMG8IsCohHA Windows Privilege Escalation Fundamentals – http://www.fuzzysecurity.com/tutorials/16.html 0daysecurity Enumeration – http://0daysecurity.com/penetration-testing/enumeration.html Free Password Hash Cracker – https://crackstation.net/ LinEnum – https://github.com/rebootuser/LinEnum Linux_Exploit_Suggester – https://github.com/PenturaLabs/Linux_Exploit_Suggester Windows-Exploit-Suggester – https://github.com/GDSSecurity/Windows-Exploit-Suggester Windows Privilege Escalation – a cheatsheet – http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html unix-privesc-check – http://pentestmonkey.net/tools/audit/unix-privesc-check windows-privesc-check – http://pentestmonkey.net/tools/windows-privesc-check John The Ripper Hash Formats – http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats Microsoft Privilege Escalation – www.toshellandback.com/2015/11/24/ms-priv-esc/ Kali linux Commands Complete List from A to Z – https://geekviews.tech/kali-linux-commands-complete-list/
Resources: Some resources I used for this challenge: http://www.fuzzysecurity.com/tutorials/16.html http://pentestmonkey.net/category/cheat-sheet/shell https://github.com/GDSSecurity/Windows-Exploit-Suggester https://github.com/PenturaLabs/Linux_Exploit_Suggester https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ http://www.offensive-security.com/metasploit-unleashed/Main_Page I also read the hackers playbook, the Metasploit unleashed book, and the Penetration Testing book by Georgia Weidman. These are all very good resources.