████████╗██╗ ██╗███████╗ ██╗ ██╗ ██╗███╗ ██╗██╗ ██╗ ████████╗███████╗ █████╗ ███╗ ███╗
╚══██╔══╝██║ ██║██╔════╝ ██║ ╚██╗ ██╔╝████╗ ██║╚██╗██╔╝ ╚══██╔══╝██╔════╝██╔══██╗████╗ ████║
██║ ███████║█████╗ ██║ ╚████╔╝ ██╔██╗ ██║ ╚███╔╝ ██║ █████╗ ███████║██╔████╔██║
██║ ██╔══██║██╔══╝ ██║ ╚██╔╝ ██║╚██╗██║ ██╔██╗ ██║ ██╔══╝ ██╔══██║██║╚██╔╝██║
██║ ██║ ██║███████╗ ███████╗██║ ██║ ╚████║██╔╝ ██╗ ██║ ███████╗██║ ██║██║ ╚═╝ ██║
╚═╝ ╚═╝ ╚═╝╚══════╝ ╚══════╝╚═╝ ╚═╝ ╚═══╝╚═╝ ╚═╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝
---- lynxes just wanna have fun ----
We have created this repo with the aim to gather all the info that we’d found useful and interesting for the OSCP. We have also collected material from other resources (websites, courses, blogs, git repos, books, etc).
YO! YO!: we are no more working on this repo, even if future updates are not excluded. We hope this could be still useful for future students. As always remember: this is not intended to be a comprehensive repo, cross-reference and information gathering are your friends.
- How to navigate the repo
- Official Offensive Security references
- Blog
- GitHub repos
- Webbing
- Genereal useful resources
- Buffer Overflow
- Active Directory
- PrivEsc
- Methodologies
- Automation scripts
- Tools
- Cheat sheets
- Gamified Learning
- Reporting
- Mental and Physical Health
The repo is structured by this way:
|── Box template
├── Methodologies
├── README.md
└── troubleshooting.md
- Box template: here you can see how we organize our work flow
- Methodologies: here you can find a checklist for each phase (recon/enum, postexploit, privesc, etc)
- README: where you can find a list of useful links
- troubleshooting.md: is a ledger to record all the tecnhical issues:solution we have found along the way
Be aware: we use Obsidian as note taking application. This justifies the directory structure and how we format files. We think the graph view provided by Obsidian is a pleasant way to have a visual view of the data we gather. So if you use our checklists, we suggest you run them on Obsidian for a better experience.
- OSCP Exam Change
- Exam Guide
- Try Harder: From mantra to mindset
- Proctored Exam Information
- Proctoring Tool Student Manual
- Upload Exam Report
- Student Forum
- Help Center
- OSCP: wirzka's two cents
- the-oscp-preperation-guide-2020
- Luke’s Ultimate OSCP Guide (Part 1, Part 2, Part 3)
- TJNulls' preparation guide for PWK OSCP
- Abatchy: How to prepare for PWK/OSCP, a noob-friendly guide
- 5 Tips for OSCP Prep
- BIG resource list
- Tip for succes in PWK OSCP
- My OSCP experience
- Path to OSCP
- Offensive Security Certified Professional – Lab and Exam Review
- My Fight for the OSCP
- Passing the OSCP while working full time
- Not your standard OSCP guide
- How to pass the OSCP in 30 days.
- Unofficial OSCP Approved Tools
- First Attempt ... Discouraged
- 1 attempt 1 fail with 55 points
- Failed the OSCP - any tips for the next attempt?
- Tips for passing the exam
- 1st attempt, 80+ points. My experience and some unpopular opinions inside.
- First cert, first try, unconventional approach
- How Offensive Security Saved My Life - An OSCP Journey
- Unmotivated in ctfs
- Need help to prepare OSCP Checklist
- Preparing for 4th attempt
- Second Attempt Failure
- Access to machines for report writing?
- OSCP Practical Advice for Success
- Failed this morning, a feels dump
- Proving Grounds Practice Review
- Uploading web.config for Fun and Profit 2 by @irsdl
- IIS Application vs. Folder Detection During Blackbox Testing by @irsdl
- Explain shell
- Powershell basics
- Pentest Tips and Tricks
- Big list with tips, tricks and cheat sheets
- How to PASS the OSCP Exam - You're probably not preparing like you should be!
- Do Stack Bufferoverflow Good
- OSCP Prep - x86 Windows Stack-Based Buffer Overflow Full Tutorial - War-FTP 1.65
- Attacking Active Directory: 0 to 0.9
- Stealthbits Attack Catalog
- Cheat Sheet - Attack Active Directory
- Active Directory Kill Chain Attack & Defense
- Active Directory Exploitation Cheat Sheet
- Vulnerable-AD (Local lab)
- Active Directory Labs/exams Review Extra
- PayloadAllTheThings - Linux Privilege Escalation methodology
- PayloadAllTheThings - Windows Privilege Escalation methodology
- Basic Linux Privilege Escalation
- Conda's YouTube Privilege Escalation playlist
- Windows Privilege Escalation Fundamentals
- Privilege Escaltion FTW (Jake Williams)
- Elevating your Windows Privileges Like a Boss! (Jake Williams)
- Weird PrivEsc Techinques
- Level Up! Practical Windows Privilege Escalation - Andrew Smith
- Linux Privilege Escalation using Capabilities
- Linux Capabilities
- Day 44: Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced
- Privilege Escalation by abusing SYS_PTRACE Linux Capability
Tip: You should create a dedicated profile for each browsing activity
- Reverse Shell Cheat Sheet
- OSCP-Prep-cheatsheet
- SecLists
- MSSQL Practical Injection Cheat Sheet
- c0deman's Cave MSSQL Injection Cheat Sheet
- How The Web Works
- Linux Fundamentals
- Windows Fundamentals
- Networking Fundamentals
- Web Hacking Fundamentals
- Web Fundamentals
- Shells and Privilege Escalation
- Common Linux Privilege Escalation
- Tib3rius' Linux PrivEsc
- Privilege Escalation OverlayFS
- Tib3rius' Windows PrivEsc
- Reporting * ptestmethod.readthedocs.io
- Offensive Security Exam Report Template in Markdown
- OSCP Report Exam and Lab Templates
- OSCP Report Exam Templates
Ok, this is not about popping shells, cracking codes, and launching exploits. Your health is more important than knowing how to pop a shell. If you are under burnout, if you can’t concentrate, if you can’t free your minds and visualize your target, all the above stuff is useless. You should find a spot to read the below links and do your own research. The InfoSec community is an enormous family, you’ll always find someone ready to help you.
- Mental Health Hackers
- The Causes of and Solutions for Security Burnout
- Cybersecurity’s Dirty Little Secret and Talent Grenade: Burnout
- Mental health in Cyber Security
- What Separates the Good From the Bad: Mental Health and Cybersecurity
- Check whole Azeria's Self-Improvement section
- Why People Who Protect Others Need to be at Their Best; Tackling Mental Health in Cybersecurity
- Mental Health for Hackers
- Mental Health for Hackers: Contents Under Pressure
- How to beat imposter syndrome to get into cybersecurity industry?
- Navigating Imposter Syndrome in the world of Information Security
- Staying Sane in Cybersecurity - Dealing with Burnout and Stress by Hakluke
- r00tMI Night Talk - Burnout nella Cybersecurity: la minaccia che non ti aspetti - Italian talk about burnout
- Ask Chloé: Vacations Aren’t the Cure for Burnout