OSCP Walkthrough

  1. Introduction – Fundamentals and basics of different topics like networking, databases, web applications, commands, etc.
  • Windows
  • Linux
  • Networking
  • Web Application Basics
  • Services and Ports
  • File Transfers
  • Python Fundamentals
  • C# Fundamentals
  • TCPdump
  • Powershell
  • Wireshark
  • Packet Crafting Tools
  • FTP
  • SQL
  • YouTube Playlist
  1. Databases
  • SQL
  • IIS
  • IIS Web Server
  • MySQL
  1. Kali Tools
  • IP Tables
  • Tools
  • Bettercap
  • Masscan
  • SQL Injection Tools
  • Mimikatz
  • Wordlists
  • SecLists
  • Arp-scan
  • Dmitry
  • Dnsmap
  • DNSRecon
  • Dnswalk
  • dotDotPwn
  • Enum4Linux
  • GoLismero
  • Ident-user-enum
  • Nikto
  • Nmap
  • Recon-ng
  • SMBMap
  • Smtp-user-enum
  • Snmp-check
  • Sparta
  • SSLyze
  • theHarvester
  • Unicornscan
  • Openvas
  • Oscanner
  • Armitage
  • BeEF
  • Exploitdb
  • Maltego
  • Metasploit
  • Dirb
  • DirBuster
  • Gobuster
  • W3af
  • WebSlayer
  • WhatWeb
  • WPScan
  • XSSer
  • Bettercap
  • Ncat
  • Weevely
  1. Penetration Testing Methodology
  • SANS Penetration Testing
  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Penetration Testing Methodologies and Standards(PTES)
  • NIST 800-15
  • OWASP Testing Guide
  • Pen Testing Framework
  1. Planning and Scope
  • Planning
  • Scope
  • Intel Gathering
  • Network Topology
  1. Recon, Scanning, Enumeration
  • Recon
    • DNS
    • Whois
    • Social Media
    • Web Search
    • GHDB / Google
    • Nslookup
    • Shodan
  • Recon-ng
  • Passive Scanning
  • Active Scanning
  • Enumeration, Enumeration, Enumeration!
  • Web Applications
  • SQL
  • Network
  • Services and Ports
  • Commands
  • SMB
  • FTP
  • SSH
  • SNMP
  • SMTP
  • Other
  • TCP Dump
  • Cheatsheets and Checklists
  • Firewalls and AV Evasion
  1. Exploitation
  • Introduction
  • Searching for Vulnerabilities
    • Searchsploit
    • Exploit-db
  • Vulnerabilities Analysis
  • Editing and Fixing Vulnerabilities
  • Fuzzing
  • Shells
  • Metasploit Framework
  • Exploit Format
  • Writing an Exploit
  • Other
  1. Post Exploitation
  • Introduction
  • Privilege Escalation
    • Windows
    • Linux
  • Transferring Files
  • Pivoting
  • Tunneling
  • Passing the Hash
  • Port Forwarding
  • Metasploit
  • Pilfer and Plunder
  1. Web Application
  • Introduction/Overview
    • Glossary of Terms
  • OWASP
  • Basics of Web Application Penetration Testing
  • Web Application Services
  • Tools
  • What to use and when
  • Burp Suite (And Extensions)
  • OWASP ZAP
  • XSS
  • SQL Injection
  • CSRF
  • Directory Indexing
  • Directory Traversal/Path Traversal
  • SQL Injection
  • Cookies and Manipulate Sessions
  • Security Misconfigurations
  • Redirects and Forwards
  • Bypassing Authorization
  • Sensitive Data Exposure
  • Token Generation and Manipulation
  • Hidden Form Fields
  • Code Injection
  • OS Command Injection
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • Log Analysis
  • HTTPonly Cookie
  • W3af
  • SQLMap Commands and Examples
  • SQL Injection Tools
  • More Attack Examples and How To
  • More Attacks
  1. Web Application Vulnerabilities
  • Buffer Overflow
  • CRLF Injection
  • Cross Site Scripting Flaw
  • CSV Injection
  • Deserialization of Untrusted Data
  • Directory Restriction Error
  • Heartbleed Bug
  • Improper Data Validation
  • Insecure Transport
  • Memory Leak
  • Missing Error Handling
  • Missing XML Validation
  • .NET Vulnerability Research
  • Password Plaintext Storage
  • PHP File Inclusion
  • PHP Objection Injection
  • Session Variable Overloading
  • Undefined Behavior
  • XML External Entity
  • Configuration Vulnerability
  • Error Handling Vulnerability
  • General Logic Vulnerability
  • Input Validation Vulnerability
  • Path Vulnerability
  • Session Management Vulnerability
  1. Report Preparation and Notes
  • Report Content
  • Information
  • Reporting Tools
    • Cherrytree
    • Dradis
    • agicTree
    • Metagoofil
  • Common Problems in Report Writing
  • Note Taking Tips and Tools
  • Templates
  1. Walkthroughs
  • Jerry
  • Nightmare
  • Waldo
  • Active
  • Hawk
  • Tartar Sauce
  • Bastard
  • Dropzone
  • Bounty
  • DevOops
  • Olympus
  • Sunday
  • Gemini Inc 2
  • Canape
  • Stratosphere
  • Celestial
  • Minon
  • Holiday
  • Silo
  • Bart
  • Valentine
  • Ariekei
  • Cronos
  • Beep
  • Legacy
  • Sense
  • Solid State
  • Apocalyst
  • Mirai
  • Blue
  • Lame
  • Blocky
  • Kioptrix
  • pWnOs
  • Xeres – Vulnhub
  • Fulcrum
  • Posion
  • Aragog
  • Tally
  • Grandpa/Grandma
  • Mr. Robot
  • TrOll – Vulnhub
  • Temple of Doom – Vulnhub
  • Bulldog – Vulnhub
  • Brainpan – Vulnhub
  • Lazy
  • OWASP Mantra Browser
  1. Tools
  • Reconnoitre
  • Bloodhound
  • Responder
  • VHostScan
  • Vanquish
  • Rapidscan
  • Rpivot
  • SILENTTRINITY
  • CyberChef
  • Nishang
  • DNSStuff
  • Veil Evasion
  1. Password Attacks
  • Password Cracking Tools
  • Other Password Tools
  • User and Password Lists
  1. Python Scripts
  • Useful scripts
  1. Resources
  • Blogs
  • Walkthroughs
  • Github Repositories
  • Subreddits
  • Useful Reddit Posts
  • Twitter
  • Books
  • Other
    • Tmux and Terminator

Download Resources

Leave a Reply

Your email address will not be published.