oscp_course_layout.md

OSCP Course Layout

• Penetration Testing: What You Should Know

  • About Kali Linux
  • About Penetration Testing
  • Legal
  • The megacorpone.com Domain
  • Offensive Security Labs

• Getting Comfortable with Kali Linux

  • Finding Your Way Around Kali
  • Managing Kali Linux Services
  • The Bash Environment
  • Intro to Bash Scripting

• The EssentiaTools

  • Netcat
  • Ncat
  • Wireshark
  • Tcpdump

• Passive Information Gathering

  • Open Web Information Gathering
  • Email Harvesting
  • Additional Resources
  • ReconLng

• Active Information Gathering

  • DNS Enumeration
  • Port Scanning
  • SMB Enumeration
  • SMTP Enumeration
  • SNMP Enumeration

• Vulnerability Scanning

  • Vulnerability Scanning with Nmap
  • The OpenVAS Vulnerability Scanner

• Buffer Overflows

  • Fuzzing

• Win32 Buffer Overflow Exploitation

  • Replicating the Crash
  • Controlling EIP
  • Locating Space for Your Shellcode
  • Checking for Bad Characters
  • Redirecting the Execution Flow
  • Generating Shellcode with Metasploit
  • Getting a Shell
  • Improving the Exploit

• Linux Buffer Overflow Exploitation

  • Setting Up the Environment
  • Crashing Crossfire
  • Controlling EIP
  • Finding Space for Our Shellcode
  • Improving Exploit Reliability
  • Discovering Bad Characters
  • Finding a Return Address
  • Getting a Shell

• Working with Exploits

  • Searching for Exploits
  • Customizing and Fixing Exploits

• File Transfers

  • A Word About Anti Virus Software
  • File Transfer Methods

• Privilege Escalation

  • Privilege Escalation Exploits
  • Configuration Issues

• Client Side Attacks

  • Know Your Target
  • MS12L037Internet Explorer 8 Fixed CoSpan ID
  • Java Signed Applet Attack

• Web Application Attacks

  • Essential firefox AddLons
  • Cross Site Scripting (XSS)
  • File Inclusion Vulnerabilities
  • MySQL SQL Injection
  • Web Application Proxies
  • Automated SQL Injection Tools

• Password Attacks

  • Preparing for Brute Force
  • Online Password Attacks
  • Password Hash Attacks

• Port Redirection and Tunneling

  • Port Forwarding/Redirection
  • SSH Tunneling
  • Proxy chains
  • HTTP Tunneling
  • Traffic Encapsulation

• The Metasploit Framework

  • Metasploit User Interfaces
  • Setting up Metasploit Framework on Kali
  • Exploring the Metasploit Framework
  • Auxiliary Modules
  • Exploit Modules
  • Metasploit Payloads
  • Building Your Own MSF Module
  • Post Exploitation with Metasploit

• Bypassing Antivirus Software

  • Encoding Payloads with Metasploit
  • Crypting Known Malware with Software Protectors
  • Using Custom/Uncommon Tools and Payloads
  • Exercise

• Assembling the Pieces: Penetration Test Breakdown

  • Phase 0 – Scenario Description
  • Phase 1 – Information Gathering
  • Phase 2 – Vulnerability Identification and Prioritization
  • Phase 3 – Research and Development
  • Phase 4 – Exploitation
  • Phase 5 – PostLExploitation