+ Reply to Thread
Results 1 to 19 of 19

Thread: OSCP Prep

  1. Not a Senior Member
    Join Date
    Apr 2010
    Location
    Alberta, Canada
    Posts
    129

    Certifications
    WGU BSIT, VCP 5, MCITP: EA W2K8, MCITP: Enterprise Technician, A+, Security+, MCTS: Exchange 2007, MCTS: Win 7,MCTS: SCCM,CEH, CCNA,VCAP5-DCA
    #1

    Default OSCP Prep

    Hi All;
    So I am starting my OSCP Prep. After doing a lot research below seems to be the optimal material to tackle before signing up for OSCP.

    Here goes:

    Phase 1: (2 to 3 weeks)

    Book: Penetration Testing: A Hands-On Introduction to Hacking (Read the whole book)
    Free Course: CodeAcadamy: Python

    Phase 2: (2 to 3 weeks)
    Book: Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
    Free Course: https://www.cybrary.it/course/advanc...ation-testing/
    Book: Kali Linux Revealed - Possibly also write the exam KLCP


    Phase 3: (2 to 3 weeks)

    Book: Black Hat Python: Python Programming for Hackers and Pentesters
    VM Practice:
    (#1) Kioptrix: 2014 https://www.vulnhub.com/entry/kioptrix-2014-5,62/
    (#2) FristiLeaks: 1.3 https://www.vulnhub.com/entry/fristileaks-13,133/
    (#3) Stapler: 1 https://www.vulnhub.com/entry/stapler-1,150/
    (#4) VulnOS: 2 https://www.vulnhub.com/entry/vulnos-2,147/
    (#5) SickOs: 1.2 https://www.vulnhub.com/entry/sickos-12,144/
    (#6) Brainpan: 1 ttps://www.vulnhub.com/entry/brainpan-1,51/
    (#7) HackLAB: Vulnix https://www.vulnhub.com/entry/hacklab-vulnix,48/
    (# /dev/random: scream https://www.vulnhub.com/entry/devrandom-scream,47/
    (#9) pWnOS: 2.0 https://www.vulnhub.com/entry/pwnos-20-pre-release,34/
    (#10) SkyTower: 1 https://www.vulnhub.com/entry/skytower-1,96/

    Phase 4: ( 2 to 3 weeks)
    PentesterLab Web - https://pentesterlab.com/exercises/
    (#1) Web for Pentester: https://pentesterlab.com/exercises/web_for_pentester
    (#2) Web for Pentester II: https://pentesterlab.com/exercises/web_for_pentester_II
    (#3) From SQLI to Shell: https://pentesterlab.com/exercises/from_sqli_to_shell
    (#4) From SQL to Shell II: https://pentesterlab.com/exercises/f...li_to_shell_II
    (#5) FromSQL to Shell PostGreSQL Edition: https://pentesterlab.com/exercises/f...ell_pg_edition
    (#6) PHP Include and Post Exploitation: https://pentesterlab.com/exercises/p...t_exploitation


    Exploit Exercises VM's - https://exploit-exercises.com/ (Ruxcon 2011)
    (#1) Nebula: https://exploit-exercises.com/nebula/ (beginner)
    (#2) Protostar: https://exploit-exercises.com/protostar/ (intermediate)
    (#3) Fusion: https://exploit-exercises.com/fusion/ (advanced)


    Phase 5 (optional) - Otherwise might skip and just register for OSCP - 2 Weeks
    OverTheWire - OverTheWire: Wargames
    (#1) Bandit: OverTheWire: Bandit (beginner - ssh/shell)
    (#2) Natas: OverTheWire: Natas (beginner - webapp)
    (scoring and other challenges via Wechall https://www.wechall.net/)

    Corelan Tutorials https://www.corelan.be/index.php/cat...ing-tutorials/
    (#1) https://www.corelan.be/index.php/200...sed-overflows/
    (#2) https://www.corelan.be/index.php/200...torial-part-2/
    (#3a) https://www.corelan.be/index.php/200...al-part-3-seh/
    (#3b) https://www.corelan.be/index.php/200...ample-part-3b/
    (#4) https://www.corelan.be/index.php/200...it-the-basics/
    (#5) https://www.corelan.be/index.php/200...t-development/
    (#6) https://www.corelan.be/index.php/200...-dep-and-aslr/
    Last edited by asurania; 07-09-2017 at 11:48 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member adrenaline19's Avatar
    Join Date
    Dec 2015
    Posts
    248
    #2
    Reply With Quote Quote  

  4. Member
    Join Date
    Mar 2017
    Location
    India
    Posts
    46

    Certifications
    OSCP
    #3
    Quote Originally Posted by asurania View Post
    Hi All;
    So I am starting my OSCP Prep. After doing a lot research below seems to be the optimal material to tackle before signing up for OSCP.

    Here goes:

    ......

    Phase 2: (2 to 3 weeks)
    Book: Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
    Free Course: https://www.cybrary.it/course/advanc...ation-testing/
    Book: Kali Linux Revealed - Possibly also write the exam KLCP

    Phase 4: ( 2 to 3 weeks )

    ............

    Exploit Exercises VM's - https://exploit-exercises.com/ (Ruxcon 2011)
    (#1) Nebula: https://exploit-exercises.com/nebula/ (beginner)
    (#2) Protostar: https://exploit-exercises.com/protostar/ (intermediate)
    (#3) Fusion: https://exploit-exercises.com/fusion/ (advanced)

    .....
    Personally I feel that what you mentioned in Phase 2 and the Exploit Exercises VM's from Vulnhub are not needed. As far as Python is concerned you will be using it mostly for Buffer Overflow exercise. And writing it is damn easy even if you are familiar with general programming. It will only a day or two even if you are not aware of programming.

    And doing Exploit Exercises is definitely an overkill for OSCP. As far as I remember Protostar and Fusion has some challenges which are related to heap overflows, format strings and other stuffs. ( I think even for OSCE we are not asked to exploit heap though not sure )

    As you yourself has mentioned, Phase 5 is optional that is okay.

    Instead of the above things, I would suggest to concentrate more on thorough enumeration of targets from Vulnhub and privilege escalation. AFAIK most people struggle with privilege escalation in the exam.
    Reply With Quote Quote  

  5. Member
    Join Date
    May 2017
    Posts
    85
    #4
    wondering about OSCP lab and exam,
    someone can tell me what is going on in the lab ? it is have workaround or guidance ? how about the exam? its reflect to the lab that we learn or different and much harder ?
    Reply With Quote Quote  

  6. Member
    Join Date
    Jun 2017
    Posts
    48
    #5
    Quote Originally Posted by vynx View Post
    wondering about OSCP lab and exam,
    someone can tell me what is going on in the lab ? it is have workaround or guidance ? how about the exam? its reflect to the lab that we learn or different and much harder ?
    Can you clarify what you are referring to exactly?
    Reply With Quote Quote  

  7. Member
    Join Date
    May 2017
    Posts
    85
    #6
    Quote Originally Posted by infosec123 View Post
    Can you clarify what you are referring to exactly?
    you mean refer is compare with another or ?
    Reply With Quote Quote  

  8. Senior Member chrisone's Avatar
    Join Date
    Nov 2009
    Location
    Los Angeles
    Posts
    1,569

    Certifications
    SilentBreakSecurity - DarkSideOps, CISSP, CCDP, CCNP R/S, CCNP Security (Secure, FW) , C|EH , PA ACE
    #7
    Quote Originally Posted by adrenaline19 View Post
    Excellent! Thanks!
    2017 Goals: Dark Side OPS: Custom Pentesting (complete), eCPPT (in progress), LFCS (in progress), OSCP
    Reply With Quote Quote  

  9. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    62

    Certifications
    OSCP, CISSP, Sec+
    #8
    I agree with what saraguru suggested up above.

    I think the VMs and exercises are not necessary. You can certainly try them or just give an attempt and read the walkthrus. I don't really suggest a book for Python. Personally, I think you can get more out of a Python fundamentals course or two via video.

    Personally, I'd suggest people take a month at PluralSight (monthly fee) or some selected courses at cybrary.it (free) to get some good fundamental python, linux, shell, windows administration primers. Search "OSCP review" on Google and start reading up on other reviews. Many include lists of useful resources, plus should give a good idea what skills or knowledge is needed for success.

    For writing buffer overflows and such, the OffSec material is excellent. It helps to have seen a course in general buffer overflows with animations (YouTube or SecurityTube?), but beyond that, the OffSec material can take you from 0 to success with simple BOF.
    Last edited by LonerVamp; 07-11-2017 at 02:43 PM.
    -------------------------------------------------------
    Security Engineer/Analyst/Geek, Pen Testing
    Reply With Quote Quote  

  10. Member
    Join Date
    May 2017
    Posts
    85
    #9
    to be fair i'm interesting to take OSCP but dont have confidence enough to achieve it,
    is there any whatsapp / telegram group that discuss related with OSCP ?
    Reply With Quote Quote  

  11. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    153

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #10
    The platform wasn't available when I did OSCP but if you haven't heard of hackthebox then you seriously need to check it out. To me, that is the single greatest prep for OSCP at the moment. Although, I should mention that some of the boxes on there are much much harder than anything you will see in OSCP.
    Reply With Quote Quote  

  12. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,283

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #11
    I completely forgot about hackthebox. Definitely worth looking into for some practice before the OSCP.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  13. Not a Senior Member
    Join Date
    Apr 2010
    Location
    Alberta, Canada
    Posts
    129

    Certifications
    WGU BSIT, VCP 5, MCITP: EA W2K8, MCITP: Enterprise Technician, A+, Security+, MCTS: Exchange 2007, MCTS: Win 7,MCTS: SCCM,CEH, CCNA,VCAP5-DCA
    #12
    Thank You all. I Going to update this thread with updated resources, for my OSCP Prep (so others can use it to)...this weekend.
    Reply With Quote Quote  

  14. Member
    Join Date
    May 2017
    Posts
    85
    #13
    Quote Originally Posted by MrAgent View Post
    I completely forgot about hackthebox. Definitely worth looking into for some practice before the OSCP.
    is this share environment and lab ? tried some but seems likely someone after get the admin fix the hole ... : (
    Reply With Quote Quote  

  15. Senior Member
    Join Date
    Jul 2012
    Location
    Internet
    Posts
    160

    Certifications
    ITIL V3, Prince2, COBIT, CISA, CISSP
    #14
    Well just went through hackthebox website, just the enrollment process seems a good way to start.
    Reply With Quote Quote  

  16. Member
    Join Date
    May 2017
    Posts
    85
    #15
    Quote Originally Posted by !nf0s3cure View Post
    Well just went through hackthebox website, just the enrollment process seems a good way to start.
    hack to get the ticket join
    Reply With Quote Quote  

  17. Not a Senior Member
    Join Date
    Apr 2010
    Location
    Alberta, Canada
    Posts
    129

    Certifications
    WGU BSIT, VCP 5, MCITP: EA W2K8, MCITP: Enterprise Technician, A+, Security+, MCTS: Exchange 2007, MCTS: Win 7,MCTS: SCCM,CEH, CCNA,VCAP5-DCA
    #16
    so i found that even through i have used linux in the past, this was still a real weak point for me.
    Book: Kali Linux Revealed & #1) Bandit: OverTheWire: Bandit
    Reply With Quote Quote  

  18. Junior Member
    Join Date
    Feb 2017
    Posts
    8

    Certifications
    CCIE Security, PCNSE7, CCSA, CCNP, CEH
    #17
    Can anyone assist with an Invite to Hackthebox?
    Reply With Quote Quote  

  19. Member
    Join Date
    May 2017
    Posts
    85
    #18
    Quote Originally Posted by lynad View Post
    Can anyone assist with an Invite to Hackthebox?
    hack it
    Reply With Quote Quote  

  20. Junior Member
    Join Date
    Jan 2017
    Posts
    6

    Certifications
    CCNA, MCITP, CISSP
    #19
    Very helpful. Its not late for me to change my tact
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks