+ Reply to Thread
Results 1 to 3 of 3
  1. Not a Senior Member
    Join Date
    Apr 2010
    Location
    Alberta, Canada
    Posts
    142

    Certifications
    WGU BSIT, VCP 5, MCITP: EA W2K8, MCITP: Enterprise Technician, A+, Security+, MCTS: Exchange 2007, MCTS: Win 7,MCTS: SCCM,CEH, CCNA,VCAP5-DCA
    #1

    Default Updated OSCP Prep

    Here is my Updated OSCP Prep

    Learn Python:

    Pick 1 of 2 below
    1. Codeacademy https://www.codecademy.com/learn/learn-python
    2. https://learnpythonthehardway.org/

    Apply Python to Pentesting
    https://www.amazon.ca/Violent-Python.../dp/1597499579

    Learn Pentesting:
    Georgia Weidman Pen- Testing Course (Book and Video go together)
    1.Video Course - https://www.cybrary.it/course/advanc...ation-testing/
    2. Book - https://www.amazon.com/Penetration-T.../dp/1593275641

    Master Pentesting and Practice in Lab Environment

    Pentesting Course with 30 Hands on Labs in a Virtual Lab (covers most if not all the OSCP Material)
    https://www.virtualhackinglabs.com/?...ration-testing



    Master BufferOverflow with below resources



    Learn BufferOverflow - Credit to - JUZ P3NT3$T Hashim Shaikh

    Go over First:
    0x0 Exploit Tutorial: Buffer Overflow – Vanilla EIP Overwrite
    It explain buffer overflow in details.
    Secondly use Exploit research Megaprimer
    http://www.securitytube.net/groups?o...view&groupId=7
    Las setup lab and practiced buffer overflow. I wrote 2 of such buffer overflow exploit on my blog:
    EchoServer (Strcpy) bufferoverflow Securitytube Exploit research Megaprimer
    Minishare 1.4.1 Bufferoverflow

    Buffer Overflow - Credit to A Detailed Guide on OSCP Preparation – From Newbie to OSCP » Checkmate
    Buffer overflow is a very important concept you should practice. Because, if you are good at exploiting buffer overflows, you are sure to get the maximum point machine in the practical exam. But don’t worry if you know nothing about buffer overflows. The following steps will make you not only understand the concept of a buffer overflow, but you can also do it by yourself.1. A quick intro on buffer overflow.https://www.youtube.com/watch?v=1S0aBV-WaeoWhat is Buffer Overflow? (very clearly explained). After watching this video, you will get an idea on the concept behind buffer overflow. Also, will increase your urge on learning buffer overflow.2. Assembly language primer by Vivek Ramachandran. http://www.securitytube.net/groups?o...view&groupId=5Don’t get bored after seeing Assembly language. Just go through the first 2 videos in this video series. That is enough for understanding the memory layout.3. Buffer Overflow Megaprimer by Vivek Ramachandran. http://www.securitytube.net/groups?o...view&groupId=4.In-depth video of buffer overflow where its explained in a very detailed way.4. Exploit Research Megaprimer by Vivek Ramachandran. http://www.securitytube.net/groups?o...view&groupId=7Real-time Exploitation of buffer overflow which will be very interesting, where exploitation is explained in stepwise clearly. You can even try it yourself as mentioned in the video for your practice. It’s enough to go through first 5 videos. SEH Based buffer overflow is not required for OSCP.If you follow the above steps, you will be able to do exploitation with buffer overflow by yourself 100%.Many people shy away from preparing for buffer overflows because it helps to exploit only one machine in the exam. But still, it’s a very important and interesting concept. I have seen many people failing because of improper preparation on buffer overflows. Moreover, OSCP is not the target. All the things you learn here is for the real world.
    Reply With Quote Quote  

  2. SS -->
  3. Darth Lord of the Sith ITSpectre's Avatar
    Join Date
    May 2016
    Location
    The Normandy/ DMV
    Posts
    994

    Certifications
    Sec+, MTA, MCP
    #2
    thanks for this.... I will use this in my OSCP studies
    In the darkest hour, there is always a way out - Eve ME3
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
    Reply With Quote Quote  

  4. Member
    Join Date
    Nov 2016
    Location
    Iowa
    Posts
    67

    Certifications
    OSCP, CISSP, Sec+
    #3
    Don't overthink this too much. OSCP is considered entry level as far as pen testing goes. You don't need more than an understanding of general programming and some exposure to Python. You also don't need much exposure at all to Buffer Overflows.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks