LifesFun's 101

"The only true wisdom is in knowing you know nothing." - Socrates

OSCP Essentials Manual

20 Sep 2019

A little manual with essentials for OSCP preparation. These are some of the resources I used and noted while preparing for OSCP. I hope this helps some of you on your journey

Essentials

All the course prerequisites can easily be found on offensive-security’s webpage.

A lot of these prerequisites can be learned or reviewed on cybrary.com or codeacademy.com

*Cybrary has a lot of free courses, Codeacademy has some free courses but mostly subscription based.

A solid understanding of TCP/IP:

What is TCP/IP - youtube presentation

TCP/IP and Subnet Masking - youtube presentation

Networking:

Cybrary’s Cisco CCNA course - https://app.cybrary.it/browse/course/cisco-ccna

Reasonable Linux skills:

A collection of *nix Sysadmin Test Questions and Answers - https://github.com/trimstray/test-your-sysadmin-skills

Familiarity with Bash scripting along with basic Perl or Python is considered a plus:

Bash - https://www.codecademy.com/learn/learn-the-command-line

Python - https://www.codecademy.com/learn/learn-python

Basic Penetration Testing Learning Resources:

Book: “Penetration Testing: A Hands-On Introduction to Hacking” (my review of it can be found at Helpful Books)

Cybrary: Penetration Testing and Ethical Hacking - https://www.cybrary.it/course/ethical-hacking/

Introductory course to the basics of ethical hacking/penetration testing

Cybrary: Advanced Penetration Testing - https://www.cybrary.it/course/advanced-penetration-testing/

I discovered this course much later than reading the book mentioned above. The course basically follows the exercises in the Penetration Testing book and is narrated by the book’s author, Georgia Weidman. It’s always nice to have 2 ways of learning.

Cybrary: Web Application Penetration Testing - https://www.cybrary.it/course/web-application-pen-testing/

Introductory course to web application vulnerabilities such as SQL Injections, Cross Site Scripts and Local File Inclusion/Remote File Inclusion. It also goes over Report Creation.

After going through the resources above one should have a basic understanding of penetration testing , some tools and techniques (at least I did).

Websites Providing Hands On Experience:

Over the Wire War Games: Presents you with various CTF like challenges in Linux environment - https://overthewire.org/wargames/

Hack this Site: Free website with various pentesting challenges - https://www.hackthissite.org/

PentesterLab: Web application hacking with some free VMs/Exercises - https://pentesterlab.com

Hack the Box: Pentesting/CTF Labs - https://www.hackthebox.eu/

Vulnhub: Provides OSCP like virtual machines for download and practice - https://www.vulnhub.com/

Some of the boxes I’ve done:

Kioptrix 1 — walkthrough can be found here
Kioptrix 1.1 — walkthrough can be found here
Kiotprix 1.2 — walkthrough can be found here
Kioptrix 1.3 — walkthrough can be found here
Kioptrix 2014 — walkthrough can be found here
Stapler — walkthrough can be found here
Tr0ll 1 — walkthrough can be found here
Prime: 1 — walkthrough can be found here
symfonos: 2 — walkthrough can be found here
Me and My Girlfriend — walkthrough can be found here

OWASP Vulnerable Web Applications: Numerous links for vulnerabale web application to practice on, both online and offline: OWASP Vulnerable App

Some of my favorites for Web App Pentesting: Security Shepherd, Damn Vulnerable Web Application

Buffer OverFlow: VeteranSecurity’s 32-Bit Windows Buffer Overflows Made Easy

Buffer Overflows were a little confusing to me, but this tutorial made it really easy. Also if you follow the Advanced Penetration Testing course on Cybrary or/and read Penetration Testing: A Hands-On Introduction to Hacking, Georgia Weidman also has good step by step example of this.

Bookmarks

Various helpful resources I bookmarked while studying for OSCP: bookmarks