OSCP (Offensive Security Certified Professional) Review and Exam
Hello everyone, I successfully completed the Offensive Security Certified Professional (OSCP) certificate last weekend and decided to write a blog when the information was fresh.In fact, there are many articles about this certificate, but each person Since the working method is different, I wanted to convey my experiences. 😊
First of all, the exam is difficult, but not that hard 😊 Because the exam actually measures your time management and your struggle with stress.
You are expected to receive a score of 70 points from the machines sent to you within 24 hours and 24 hours. The trouble here is, in fact, managing time well, keeping your stress level, sleep, taking your nutritional supplements and running the process correctly.
Be professional and knowledgeable in your job as much as you want, if you can’t manage the above, you will stay 😊
First of all, you have to control your stress before the exam, not the end of the world !! (Even though I say that, // it doesn’t work that way, even if I say in different blogs 😊, those who apply it already pass.
The second issue is that rabbithole is quite a lot, and you are constantly turning to them. DO NOT. If you’re going too deep and wasting time, I’d say change goals. Because you cannot go any further and you are wasting time in vain.
Actually, it is simple thinking. Offsec followed such a good method that it literally drives the student crazy 😊
Training Details
Educational content
About the Exam
Education:
First of all, you should work in a planned manner and apply the pdf + videos sent to you one by one and repeat the exercises. If you are already prepared to write a lab report, you should do this.
You should allocate a minimum of 2 hours a day and aim to solve a minimum of 35 lab machines.
At the same time, try to solve machines similar to OSCP exam by different people in HTB and Vulnhub, if you cannot, read the articles precisely and get ideas.
Remember, the more machines you see, the more information and ideas you will have.
In the lab environment, you can sometimes break even a bottle in your head due to anger, so you need to keep your nervous and stress under control.
You see, you cannot solve it, I say go to a different machine 😊
Keep all your notes and cherrytree is a nice tool for this, it will remove complex values with its tree structure.
At the same time, I recommend not only sticking to the pdf for bof, but finding and solving different examples to reinforce.
Lab:
If you cannot spare a lot of time because of your job or different subjects, I recommend you to get a 90-day lab. Because the scope of the new system has expanded considerably and 30 -60 days labs may not be sufficient.
If you say that you spend at least 4 hours a day, you can work in 30 or 60 days labs.
As stated on the Official Site, it takes a long time to watch 70+ machines in a lab environment and 700+ pdf and video contents delivered to you for your work, from beginning to end.
I took the lab for 90 days, successfully obtained the 55+ machines in the lab environment, and then I prepared my lab report. It takes more than 300+ because they want min 10 lab machines and all exercisers applied and you can start with 5 points plus in the exam only 😊
Do not think that 5 points could save life, it did not work for me, but it could.
Of course, there is a forum page to work and share information, from here you can share and see different people’s comments and tips about machines. My advice is to look at the clues your last job is to solve the machines in the lab environment, try yourself and believe you can solve it.
Before the Exam:
Get a good sleep before the exam.
Eat your food properly.
Create a plan but try to implement it in the exam. Usually not applicable with exam stress,
For example, I will buy this machine first, then I will switch to this machine, if I get stuck, I will turn to a different machine and it will be useful to determine a methodology like I will follow these steps during the exam.
Exam:
Let’s come to the rigorous exam, 24 hours is tried, but 23:45 hours actually. and you have to submit your report within one day after the exam, and you will usually get your exam result 2–3 days after the report submission. You can use a metasploit machine and tools like sqlmap are FORBIDDEN!
You think I started the exam by buying the machine with BOF and min points. Actually, the exam starts after these two machines.
Whether the exam is starting or the psychological warfare is unknown 😊
As I said in the exam, take breaks at regular intervals, do not focus on what you cannot do, do not neglect your sleep, even if you work 23 hours, it will not work. Don’t forget to take your dietary supplement. To give an example, I could not buy a machine for exactly 12 hours 😊 I slept, I woke up, I had the points that could pass in 6 hours 😊
In the exam, first make your discoveries quickly, record all the steps you have done, step by step, do not go back and do the same procedures and waste time. If you stay, it is not the end of the world as I said. TRY Harder !!
Useful Resources :
Blog :
My experience with the OSCP certification — Security Café
PWK and OSCP my experience | Fady Osman’s Technical Blog
Offensive Security’s PWB and OSCP — My Experience — Security SiftSecurity Sift
Penetration Testing With Backtrack — OSCP — Things all the hacking
Pentesting With BackTrack (PWB) + Offensive Security Certified Professional (OSCP)
OSCP Course and Exam Review — RCE Security
Try Harder! An OSCP Review.Blog of Jason Bernier
Open Security Research: Using Mimikatz to Dump Passwords!
Hacking/OSCP cheatsheet :: Ceso Adventures
The CORE Hacking Course — YouTube
Eğlence ve Kâr için bir web.config Dosyası Yükleme | Soroush Dalili (@irsdl) — سروش دلیلی
NetSecFocus Trophy Room — Google Drive
Enumeration :
oscp/linux-template.md at master · xapax/oscp
oscp/windows-template.md at master · xapax/oscp
CTF Series : Vulnerable Machines — tech.bitvijays.com
PWK Notes: SMB Enumeration Checklist [Updated] | 0xdf hacks stuff
nmapAutomator/nmapAutomator.sh at master · 21y4d/nmapAutomator
Privilege_Escalation_Windows:
Windows Privilege Escalation Guide
FuzzySecurity | Windows Privilege Escalation Fundamentals
Windows elevation of privileges
(1) Windows Privilege Escalation — AlwaysInstallElevated — YouTube
PowerSploit/PowerUp.ps1 at master · PowerShellMafia/PowerSploit
WindowsEnum/WindowsEnum.ps1 at master · absolomb/WindowsEnum
Windows Privilege Escalation Methods for Pentesters — Pentest Blog
FuzzySecurity | Windows Privilege Escalation Fundamentals
Windows Local Privilege Escalation — HackTricks
GhostPack/SharpUp: SharpUp is a C# port of various PowerUp functionality.
Ghostpack-CompiledBinaries/SharpUp.exe at master · r3motecontrol/Ghostpack-CompiledBinaries
https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1
Ghostpack-CompiledBinaries/Seatbelt.exe at master · r3motecontrol/Ghostpack-CompiledBinaries
bitsadmin/wesng: Windows Exploit Suggester — Next Generation
SecWiki/windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合
juicy-potato/README.md at master · ohpe/juicy-potato
antonioCoco/RoguePotato: Another Windows Local Privilege Escalation from Service Account to System
itm4n/PrintSpoofer: Abusing Impersonation Privileges on Windows 10 and Server 2019
Privilege_Escalation_Linux:
sagishahar/lpeworkshop: Windows / Linux Local Privilege Escalation Workshop
LinEnum/LinEnum.sh at master · rebootuser/LinEnum
Basic Linux Privilege Escalation
Linux Privilege Escalation Scripts
Linux Privilege Escalation — HackTricks
Cronjobs’u Kullanarak Linux Ayrıcalık Yükselmesi
rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks
linted/linuxprivchecker: linuxprivchecker.py — a Linux Privilege Escalation Check Script
AlessandroZ/BeRoot: Privilege Escalation Project — Windows / Linux / Mac
unix-privesc-check | pentestmonkey
jondonas/linux-exploit-suggester-2: Next-Generation Linux Kernel Exploit Suggester
Linux Sızma Testlerinde Hak Yükseltme Yöntemleri | SİBER GÜVENLİK PORTALİ
Reverse_Shell:
Upgrading Simple Shells to Fully Interactive TTYs — ropnop blog
Reverse Shell Cheat Sheet | pentestmonkey
Remote-File-Inclusion-Shell/knock.txt at master · namansahore/Remote-File-Inclusion-Shell
BOF:
PWK/OSCP — Stack Buffer Overflow Practice — vortex’s blog
(1) Buffer Overflow Exploitation (Minishare & FreeFloat) — YouTube
justinsteven/dostackbufferoverflowgood
(2) Immunity Debugger Overview — YouTube
Stack Based Buffer Overflow in Win 32 Platform: The Basics
Stack Buffer Overflow Zafiyeti — PCMan FTP Server 2.0.7 | Ahmet GÜREL
Zero Day Zen Garden: Windows Exploit Development — Part 5 [Return Oriented Programming Chains]
Zero Day Zen Garden: Windows Exploit Development — Part 4 [Overwriting SEH with Buffer Overflows]
Buffer Overflow — Easy Chat Server 3.1 — OnSecurity
Buffer Overflow Exploit Geliştirme ~ BTRiskBlog Pentest, ISO27001 ve BT Denetimi Hakkında Herşey
Coalfire — The Basics of Exploit Development 1: Win32 Buffer Overflows
Vulnserver Kullanarak Basit Bir Arabellek Taşması | Z3R0th tarafından | Orta
Bağışıklık Hata Ayıklayıcısı ve Mona.py ile Kötü Karakterler Bulma — Bulb Security
minishare 1.4.1 exploit — YouTube
SQLI:
SQL-Injections · Security — My notepad
44348-error-based-sql-injection-in-order-by-clause-(mssql).pdf
MSSQL Practical Injection Cheat Sheet — Perspective Risk
SQL Injection Cheat Sheet | Netsparker
Öner KAYA: Gelişmiş SQL Enjeksiyon İşlemleri (Advanced Sql Injection)
Red Team Tales 0x01: From MSSQL to RCE — Tarlogic Security — Cyber Security and Ethical hacking
SQL Injection Cheat Sheet | Bhanu Notes
SQL-Injections · Total OSCP Guide
LFI:
Hack The Box — Poison Writeup w/o Metasploit | by Rana Khalil | The Startup | Medium