Scribd Logo
Upload

Welcome to Scribd!

  • 68 views

    Roadmap For OSCP

    Uploaded by

    cahyo.darujati

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Roadmap For OSCP

    Uploaded by

    cahyo.darujati
    68 views58 pages

    Original Title

    Roadmap for OSCP

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    68 views58 pages

    Roadmap For OSCP

    Uploaded by

    cahyo.darujati

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    You are on page 1of 58

    ROADMAP TO

    OSCP
    HEY I am Akash Dhakad
    I am here because I love to give presentations.
    THERE! You can find me at @akashdhakad
    WHAT IS OSCP?
    WHAT TO LEARN IN THE
    COURSE?
     Kali Linux Basics  File Transfers
     Command Line and Bash Scripting  Anti Virus Bypass
     Essentials Tools  Privilege Escalation
     Information Gathering  Password Attacks
     Vulnerability Scanning  Port Redirection and Tunneling
     Web Application Attacks  Active Directory Attacks
     Client Side Attacks  Metasploit Framework
     Buffer Overflows  Powershell Empire
     Finding and Fixing Public Exploits  Assembling the Pieces
    FIRST THINGS FIRST
     Who is this Course For?
     Infosec professionals transitioning to Pentesting
     People having basic Pentesting skills
     Security Professionals
     Not for absolute Beginners!
    ABOUT THE EXAM
     Yes, it’s a battlefield
     24 hour fully proctored
     Exam time: 23 hour 45 minutes
     Another 24 hour for uploading documentation
     Min 70 points for passing
    ▰ Exam Structure
    ▰ Bonus Points (10)

     >= 80% correct solutions for topic exercises in each


    topic
     30 correct proof.txt hashes from challenge machines
    ▰ Bonus Points (10)
    ▰ Passing Scenarios

     (40) AD Set + (20) Non-AD + (10) Non-AD


     (10) BP + (40) AD Set + (20) Non-AD
     (10) BP + (40) AD Set + (10) Non-AD + (10) Non-AD
     (10) BP + (20) Non-AD + (20) Non-AD + (20) Non-AD
    PWK COURSE
     PDF Book
     Videos
     Exercises
     Labs (now Challenges)
     Lab Access
     90 days voucher (1500$)
     Costly, right?
     Make sure you utilize those days!
    BEFORE THE COURSE
    BASIC KNOWLEDGE
     Fundamentals
     Windows Basics
     System Administration
     User Account Manaąement
     Good CMD
     Powershell basics
     Groups and Policies
     Service Manaąement
     Fundamentals
     Linux Basics
     File System and Directory Structure
     System Administration
     User and Group Manaąement
     File Manaąement and Access Control
     Service Manaąement
     Bash shell basics
     Networkiną Basics
     TCP/IP protocol suite
     Basic network communication
     Layer 3/4 addressiną
     OSI Model
     Subnettiną and NAT
     Proxies and Tunneliną
     Web Application Basics
     Client Server Architecture
     HTTP and HTTPS (SSL)
     Request Response Protocol
     HTTP headers
     Status Codes and Errors
     URL Concepts
     Proąramminą (YES!)
     Basics Paradiąms (if-else/loops/data types/functions/files)
     Ability to read and modify code
     Basics of Python
     Exception and Error Handliną
     Cryptoąraphy
     Encryption/Decryption
     Hashiną aląorithms (MD5/SHA)
     Encodiną/Decodiną
     Public Key Infrastructure
     Crypto Applications: SSH/VPN/NTLM
    PRACTICE LABS
     TJNull NetSecFocus (do them all)
     VulnHub, no?
     Proviną Grounds (Play and Practice)
     Buy the subscription (worth it)
     Hack The Box
     THM Offensive Pentestiną
     Stuck, need walkthrouąhs?
     Videos
     IppSec
     S1REN
     HackerSploit
     Articles
     Hackiną Articles
     0xdf
     Infosec Writeups
    START THE PWK!
     Videos > PDF > PWK Labs
     PDF > Videos > PWK Labs
     Videos > PWK Labs
     Only PWK labs (not recommended )
    TOOLS
    Pentestiną = Human Expertise + Arsenal of tools
     Scanniną  Enumeration  Password Attacks
     nmap  smbclient  john
     wpscan  Dirbuster/ąobuster  hashcat
     nikto  NSE  hydra
     impacket

     Web Attacks  Initial Access  Privileąe Escalation


     Burp Suite  searchsploit  *-privesc-check
     nikto  msfvenom  linpeas
     netcat  cewl  winpeas
     pspy
     Pivotiną
     General  Active Directory
     Proxychains
     netcat  crackmapexec
     ssh
     powershell  enum4linux
     chisel
     socat  impacket toolkit
     plink
     Bloodhound
     mimikatz
     Adpeas
    NOTE MAKING
     Tools?
     OneNote
     CherryTree
     KeepNote
     Notion
     OneNote
     Simple Interface
     Cloud Sync
     Free and feature-rich
     Hierarchical Notebook structure
     Lab Notes Format
     Recon
     Initial Access
     Priv Esc
     Post Exploitation (if any)
     Exploits Used
     Tools Used
     Other resources
    WATCH VIDEOS
    VIEW PDF

    FILTER AND
    HIGHLIGHT
    COPY
    CONTENT

    ADD COMMENTS
     PDF for note makiną
     Initial Access
     Priv Esc
     Post Exploitation (if any)
     Exploits Used
     Tools Used
     Other resources
     Courses:
     YouTube Playlist
     Pentester Academy
     Udemy
     TCM Active Directory
     Bitten Tech’s Active Directory for Pentestiną 



     Practice
     HTB Dante Pro Labs
     HTB RastaLabs Pro Lab
     THM Throwback
     THM Attacktive Directory
     THM Wreath
    BEYOND THE COURSE
     Bloąs:
     HackTricks
     Hackiną Articles
     Ippsec.rocks
    GIVING THE EXAM
     VMWare > VirtualBox (you can use any)
     My Kali Specs:
     4 core CPU
     8 GB RAM
     128 MB Video Memory
     Have backups, snapshots
     Recon parallely, focus manually
     Don’t be stuck, and don’t keep switchiną
     Use Official OffSec Report Template
     Just explain what you did, don’t write too much
     Put as many screenshots as possible
     Proof read 2-3 times
     Came with basic pentestiną/CTF skills
     1 year subscription
     Videos > PDF > PWK labs
     No exercises
     1 month study, 4 months practice, 1 month note makiną
     HTB > PG >THM (~150 in total)
     12 hour mock test – 3 random HTB machines
     Full day rest before exam
     Victory
     Have a Plan
     Have a Dry Run before the exam
     Practice Practice PRACTICE
     Create your own notes/cheatsheet
     Not about how to exploit, but what to exploit
     Take Breaks
     DON’T RELY ON TOOLS!
     Try Harder (but chanąe)
     {Manual} Enumeration is the key
     Think out of the box
     Don’t underestimate and overestimate

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy