The Purple Rabbit

OSCP, VHL+, BTL1, SC-200, BSc Cyber Security and Forensics

OSCP Resources

March 28, 2022 1 minute read

Here are a list of OSCP Resources that have helped me in my journey and I will also be posting my methodlogy which is in cheerytree that I used in my journey to obtaining the OSCP.

Priv Esc

Linux

https://payatu.com/guide-linux-privilege-escalation

https://github.com/Anon-Exploiter/SUID3NUM

Windows

https://github.com/Gr1mmie/Windows-Privilege-Escalation-Resources

https://www.udemy.com/course/windows-privilege-escalation/

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md

https://medium.com/bugbountywriteup/privilege-escalation-in-windows-380bee3a2842

https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/

https://lolbas-project.github.io/#

https://guif.re/windowseop#EoP%203:%20ClearText%20passwords%20(quick%20hits)

https://guif.re/windowseop#Useful%20commands

https://butter0verflow.github.io/oscp/OSCP-WindowsPrivEsc-Part1/

https://guif.re/windowseop

https://stackoverflow.com/questions/28989750/running-powershell-as-another-user-and-launching-a-script/34307483#34307483

https://hacknpentest.com/windows-privilege-escalation-using-powershell/

https://blog.ropnop.com/using-credentials-to-own-windows-boxes/

https://ivanitlearning.wordpress.com/2019/07/07/bypassing-default-uac-settings-manually/

https://foxglovesecurity.com/2016/09/26/rotten-potato-privilege-escalation-from-service-accounts-to-system/

https://github.com/sagishahar/lpeworkshop

https://github.com/J3rryBl4nks/LPEWalkthrough

https://medium.com/@SumitVerma101/windows-privilege-escalation-part-1-unquoted-service-path-c7a011a8d8ae

https://github.com/gto76/linux-cheatsheet/blob/master/linux-cheatsheet.txt

https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs

https://github.com/Flangvik/SharpCollection

https://github.com/M4ximuss/Powerless

https://github.com/rhodejo/OSCP-Prep/blob/master/Priv-Esc.md

https://github.com/Binject/backdoorfactory

https://godlikesecurity.com/index.php/2016/10/14/post-exploitation-persisting-and-triggering-backdoors-in-windows/

https://github.com/initstring/dirty_sock

https://forums.offensive-security.com/

Courses

https://www.virtualhackinglabs.com/

https://www.cyberseclabs.co.uk/

https://portswigger.net/web-security

https://github.com/J3rryBl4nks/VirtualHackingLabs

OSCE

http://opensecuritytraining.info/Exploits1.html

https://www.reddit.com/r/ExploitDev/comments/gmhx9r/advice_and_osce_study_material/fr4bcnt/

https://www.reddit.com/r/ExploitDev/

https://github.com/ctf-wiki/ctf-wiki/

https://github.com/guyinatuxedo/nightmare

https://github.com/securityELI/CTP-OSCE

https://github.com/timip/OSEE

Resources

https://www.hackingarticles.in/

https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA

https://github.com/SpiderLabs/Responder

https://github.com/PowerShellMafia/PowerSploit

https://www.reddit.com/r/oscp/comments/g3qh3p/sql_injection/

https://0xdf.gitlab.io/

https://asecuritysite.com/

https://github.com/alebcay/awesome-shell

https://ippsec.rocks/#

https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8/edit#gid=0

https://github.com/mzfr/vulnhub-writeups

https://www.youtube.com/channel/UCHKjl4des9E3I__s6QX_C_w/videos

https://www.youtube.com/channel/UC--DwaiMV-jtO-6EvmKOnqg/videos

https://www.youtube.com/channel/UCND1KVdVt8A580SjdaS4cZg/videos

https://www.pentesteracademy.com/

https://hyd3.home.blog/

https://ired.team/

https://github.com/rewardone/OSCPRepo

https://medium.com/@CyberOPS.LittleDog

https://donavan.sg/blog/

https://www.elearnsecurity.com/

https://www.invidio.us/channel/UCpoyhjwNIWZmsiKNKpsMAQQ

https://gist.github.com/sankhyans/71be0492086401fc9b3a12c0dcdc4c6c

https://github.com/johntheh4cker/OSCP_study

https://www.pentesterlab.com/

https://github.com/pluralsight/PS-Autolab-Env

https://github.com/yeyintminthuhtut/Awesome-Red-Teaming#-discovery

https://medium.com/@andr3w_hilton/oscp-training-vms-hosted-on-vulnhub-com-22fa061bf6a1

https://noobsec.net/

https://backdoorshell.gitbooks.io/oscp-useful-links/content/

https://coffeejunkie.me/

Other

https://hausec.com/2019/03/05/penetration-testing-active-directory-part-i/

https://github.com/justinsteven/dostackbufferoverflowgood

https://layer8conference.com/

https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

https://www.microsoft.com/en-us/software-download/windows10ISO

https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf

https://github.com/bats3c/shad0w

https://github.com/21y4d/Notes/blob/master/Pivoting.txt

https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/DEFCON-26-Egypt-One-Liners-to-Rule-Them-All-Updated.pdf

https://docs.google.com/spreadsheets/d/1b4mUxa6cDQuTV2BPC6aA-GR4zGZi0ooPYtBe4IgPsSc/edit#gid=0

https://github.com/jhackz/RTO-Implant

https://www.kali.org/docs/

https://github.com/TH3xACE/SCREEN_KILLER

https://blog.zsec.uk/cve-2020-1350-research/

https://github.com/yeyintminthuhtut/Awesome-Advanced-Windows-Exploitation-References

Practice

https://www.hackthebox.eu/

https://www.vulnhub.com/

https://overthewire.org/wargames/natas/

OSCP cheat sheets

https://six2dez.gitbook.io/pentest-book/

https://github.com/six2dez/OSCP-Human-Guide

https://sushant747.gitbooks.io/total-oscp-guide/

https://cas.vancooten.com/posts/2020/05/oscp-cheat-sheet-and-command-reference/#rpc--nfs-111tcp

https://ceso.github.io/posts/2020/04/hacking/oscp-cheatsheet/#version-nmap-didnt-detect-it

https://medium.com/@hakluke/haklukes-ultimate-oscp-guide-part-3-practical-hacking-tips-and-tricks-c38486f5fc97

https://guide.offsecnewbie.com/

https://github.com/CyDefUnicorn/OSCP-Archives/blob/master/README.md

https://github.com/Cr0wTom/OSCP-PWK-Repo

https://github.com/xMilkPowderx/OSCP

https://medium.com/@falconspy/useful-oscp-notes-commands-d71b5eda7b02

https://medium.com/@falconspy/oscp-developing-a-methodology-32f4ab471fd6

https://cas.vancooten.com/posts/2020/05/oscp-cheat-sheet-and-command-reference/

https://teckk2.github.io/category/OSCP.html

https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html#section-3-passive-reconnaissance

https://ceso.github.io/posts/2020/04/hacking/oscp-cheatsheet/

https://github.com/Elinpf/OSCP-survival-guide#networking-pivoting-and-tunneling

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE

https://medium.com/oscp-cheatsheet/oscp-cheatsheet-6c80b9fa8d7e

https://noobsec.net/oscp-cheatsheet/

https://sushant747.gitbooks.io/total-oscp-guide/persistence.html

https://malikashish8.github.io/Walkthrough/notes/

https://awesomeopensource.com/project/akenofu/OSCP-Cheat-Sheet?categoryPage=26

https://noobsec.net/hack-oscp/

https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/

https://github.com/sh4d3s/RedTeamCheatsheet

https://github.com/Sentinal920/OSCP/blob/master/OSCP%20Notes.txt

https://www.bytefellow.com/oscp-ultimate-cheatsheet/

http://0xc0ffee.io/blog/OSCP-Goldmine

https://github.com/avi7611/oscp/tree/master/oscp

https://medium.com/bug-bounty-hunting/beginner-tips-to-own-boxes-at-hackthebox-9ae3fec92a96

http://0daysecurity.com/penetration-testing/enumeration.html

OSCP writeups

https://ceso.github.io/posts/2020/04/a-journey-in-the-dark-an-adventures-tale-towards-oscp/

https://medium.com/@ranakhalil101/my-oscp-journey-a-review-fa779b4339d9

https://ubg-hacking.team/2020/05/12/post-oscp-exam-writeup.html

https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html

https://www.tripwire.com/state-of-security/security-awareness/oscp-journey/

https://medium.com/@arnavtripathy98/my-oscp-struggle-210a4496ffe8

https://medium.com/@shibzz/my-journey-to-the-oscp-certification-50c5c6d25a93

https://medium.com/@falconspy/oscp-exam-attempt-1-1893df5a0a00

https://medium.com/@falconspy/oscp-exam-attempt-2-c9e4d5b8f858

https://medium.com/@falconspy/passing-oscp-exam-attempt-3-efce6b0d6f6c

https://medium.com/@falconspy/post-oscp-certification-jo-9fe8c8438db9

https://gist.github.com/meldridge/d45a1886662a0b59f29bb94114163a0e

https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html

https://jhalon.github.io/OSCP-Review/

https://forum.hackthebox.eu/discussion/1655/oscp-exam-review-2019-notes-gift-inside

https://thor-sec.com/review/oscp/oscp_review/

https://coffeejunkie.me/HTB-OSCP-Prep/

https://www.hackersinterview.com/category/oscp/

https://www.hackersinterview.com/oscp/is-the-oscp-lab-and-exercise-reporting-worth-it/

https://atom.hackstreetboys.ph/hacking-oscp/

https://medium.com/@sunilsathyanarayan/yet-another-oscp-success-story-522c3bdc2965

https://forum.hackthebox.eu/discussion/1730/a-script-kiddie-s-guide-to-passing-oscp-on-your-first-attempt

https://www.invidio.us/watch?v=9yNKGm7fty0

https://eqqn.github.io/2020/06/30/OSCP-journey.html

https://oscpnotes.infosecsanyam.in/My_OSCP_Preparation_Notes.html

https://nexsniper.blogspot.com/2020/07/oscp-v2-journey.html

https://noobsec.net/oscp-journey/

https://infosecuritygeek.com/my-oscp-journey/

https://www.hackingdream.net/2020/07/oscp-review-how-to-pass-oscp-on-first-attempt.html?m=0

https://medium.com/@un4gi/try-harder-a-guide-to-smash-and-grab-your-oscp-certification-part-2-6fa8237f6054

https://medium.com/@LearnerPentest/oscp-i-did-it-af9ee3335a1c

https://411hall.github.io/OSCP-Preparation/

https://oscp.infosecsanyam.in/

https://hackfox.net/OSCP-Writeup/

https://t3chnocat.com/oscp-writeup/

https://github.com/avi7611/oscp

https://medium.com/cybersecpadawan/the-long-awaited-oscp-review-5a377f103a39

https://medium.com/@parthdeshani/how-to-pass-oscp-like-boss-b269f2ea99d

https://coffeejunkie.me/OSCP-Exam-Overview/

https://fluidattacks.com/web/blog/oscp-journey/

https://medium.com/@das.pratikpd97/oscp-a-4-year-journey-of-trying-harder-cfb52456de5a

https://medium.com/@klockw3rk/my-oscp-guide-a-philosophical-approach-a98232bc818

https://medium.com/@agent_maximus/oscp-my-2-cents-f5e47eff169e

https://blog.luckolen.xyz/posts/Other/OSCP

https://forum.hackthebox.eu/discussion/1902/oscp-proctored-exam-guide-tips

https://www.mjkranch.com/2019/06/tips-for-success-in-pwk-oscp/

https://0daylego.wordpress.com/2017/04/29/scripting-my-way-through-the-oscp-labs/

https://twitter.com/IanColdwater/status/1278508895233888257

https://medium.com/@vishnu0002/with-pain-comes-sufferance-and-you-get-humble-3cc10ab47be9

https://h4ck.co/oscp-journey-exam-lab-prep-tips/

SQL injection

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

https://www.exploit-db.com/papers/12975

http://www.securityidiots.com/Web-Pentest/SQL-Injection/MSSQL/MSSQL-Union-Based-Injection.html

https://owasp.org/www-community/attacks/SQL_Injection

https://owasp.org/www-community/attacks/Blind_SQL_Injection

https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/#Enablecmdshell

https://www.youtube.com/watch?v=qfCihV1pp6A

https://www.reddit.com/r/oscp/comments/gmntvk/blind_sqli/

http://www.securityidiots.com/Web-Pentest/SQL-Injection/Union-based-Oracle-Injection.html

https://www.doyler.net/security-not-included/oracle-command-execution-sys-shell

https://www.imperva.com/learn/application-security/sql-injection-sqli/

https://perspectiverisk.com/2013/09/17/mssql-practical-injection-cheat-sheet/

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/MSSQL%20Injection.md#mssql-error-based

https://whwriteups.blogspot.com/2015/05/sql-injection-cheatsheet-for.html

https://www.exploit-db.com/papers/13045

https://www.exploit-db.com/papers/13650

http://www.garage4hackers.com/showthread.php?t=1990

https://www.whitelist1.com/2018/04/sql-injection-blind-iii-boolean-based.html

https://0xdf.gitlab.io/2019/08/24/htb-unattended.html

LFI/RFI

https://awakened1712.github.io/oscp/oscp-lfi-rfi/

https://noobsec.net/file-inclusion/

https://highon.coffee/blog/lfi-cheat-sheet/

https://resources.infosecinstitute.com/local-file-inclusion-code-execution/

Active Directory

https://m0chan.github.io/2019/07/31/How-To-Attack-Kerberos-101.html#from-linux

https://mlcsec.com/cybernetics-review/#thoughts

https://www.pentesteracademy.com/course?id=47

https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet

https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

https://medium.com/@browninfosecguy/active-directory-lab-for-penetration-testing-5d7ac393c0c4

https://www.exploit-db.com/docs/english/46990-active-directory-enumeration-with-powershell.pdf

https://github.com/CapitolNumbers/SecTools

https://github.com/Hack-with-Github/Powerful-Plugins

https://xsshunter.com/

Buffer Overflow

https://github.com/stephenbradshaw/vulnserver

https://github.com/freddiebarrsmith/Buffer-Overflow-Exploit-Development-Practice

https://github.com/Ignitetechnologies/Vulnhub-CTF-Writeups

https://bulbsecurity.com/finding-bad-characters-with-immunity-debugger-and-mona-py/

https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/

https://github.com/gh0x0st/Buffer_Overflow

https://vulp3cula.gitbook.io/hackers-grimoire/exploitation/buffer-overflow

https://esseum.com/win-32-buffer-overflow-walkthrough-exploiting-slmail-5-5/

https://resources.infosecinstitute.com/seh-exploit/

https://captmeelo.com/exploitdev/osceprep/2018/06/27/vulnserver-trun.html

Recon

https://wiki.archlinux.org/index.php/Port_knocking

https://github.com/21y4d/nmapAutomator

https://github.com/codingo/reconnoitre

https://github.com/m8r0wn/nullinux

Reporting

https://github.com/noraj/OSCP-Exam-Report-Template-Markdown

https://github.com/gpalo/cherrypy-report

https://github.com/juliocesarfort/public-pentesting-reports

Password

https://github.com/FlameOfIgnis/Pwdb-Public

https://cracker.offensive-security.com/

Tools

https://infinitelogins.com/2020/01/25/msfvenom-reverse-shell-payload-cheatsheet/

https://gist.github.com/m8r0wn/eff67a82efebcb22e08de1beb8c5d88d

https://www.wappalyzer.com/download

https://github.com/1N3/Sn1per

https://github.com/calebstewart/pwncat

https://github.com/infodox/python-pty-shells

https://github.com/wintrmvte/Netenum

https://www.cybersecurityintelligence.com/

https://medium.com/@falconspy/oscp-understanding-ssh-tunnels-519e31c698bf

https://github.com/Carp704/OnePunchScan

https://github.com/avi7611/Active-directory-small-cheatsheet

https://github.com/codingo/Reconnoitre

https://github.com/gh0x0st/Secure_Kali

https://github.com/NARKOZ/hacker-scripts

https://0xprashant.github.io/

https://www.youtube.com/channel/UCr8h9u258fq605akq_dGA1A/featured

https://github.com/vanhauser-thc/THC-Archive

https://github.com/grimneko/cadaver

https://www.cyber.gov.au/sites/default/files/2020-06/ACSC-Advisory-2020-008-Copy-Paste-Compromises.pdf

https://support.offensive-security.com/proctoring-faq/

https://support.offensive-security.com/oscp-exam-guide/

https://support.offensive-security.com/proctoring-tool-student-manual/

https://research.nccgroup.com/wp-content/uploads/2020/07/1992-Insight-Space-Technical-Deep-Dive-June-v2.pdf

Share on

Twitter Facebook LinkedIn

You may also enjoy

How To Store CMD History in Windows

January 1, 2024 less than 1 minute read

This article is going to be a very quick guide on how you can add history to your commands for command prompt on Windows.

Check Windows 11 Compatability

January 1, 2024 1 minute read

This is going to be a quick article guide on how to check if your Windows 10 Computer is compatible with Windows 11. The first thing you should know is that ...

Fix Device Descriptor Request Failed Windows 10

December 31, 2023 1 minute read

Quick article on this issue I came across in Windows 10

KeepassXC and KeepassDX Guide

December 17, 2023 3 minute read