OSCP (Offensive Security Certified Professional) Review and Exam

Hello everyone, I successfully completed the Offensive Security Certified Professional (OSCP) certificate last weekend and decided to write a blog when the information was fresh.In fact, there are many articles about this certificate, but each person Since the working method is different, I wanted to convey my experiences. 😊

First of all, the exam is difficult, but not that hard 😊 Because the exam actually measures your time management and your struggle with stress.

You are expected to receive a score of 70 points from the machines sent to you within 24 hours and 24 hours. The trouble here is, in fact, managing time well, keeping your stress level, sleep, taking your nutritional supplements and running the process correctly.

Be professional and knowledgeable in your job as much as you want, if you can’t manage the above, you will stay 😊

First of all, you have to control your stress before the exam, not the end of the world !! (Even though I say that, // it doesn’t work that way, even if I say in different blogs 😊, those who apply it already pass.

The second issue is that rabbithole is quite a lot, and you are constantly turning to them. DO NOT. If you’re going too deep and wasting time, I’d say change goals. Because you cannot go any further and you are wasting time in vain.

Actually, it is simple thinking. Offsec followed such a good method that it literally drives the student crazy 😊

Training Details
Educational content
About the Exam

Education:

First of all, you should work in a planned manner and apply the pdf + videos sent to you one by one and repeat the exercises. If you are already prepared to write a lab report, you should do this.

You should allocate a minimum of 2 hours a day and aim to solve a minimum of 35 lab machines.

At the same time, try to solve machines similar to OSCP exam by different people in HTB and Vulnhub, if you cannot, read the articles precisely and get ideas.

Remember, the more machines you see, the more information and ideas you will have.

Similar Machines:

In the lab environment, you can sometimes break even a bottle in your head due to anger, so you need to keep your nervous and stress under control.

You see, you cannot solve it, I say go to a different machine 😊

Keep all your notes and cherrytree is a nice tool for this, it will remove complex values ​​with its tree structure.

At the same time, I recommend not only sticking to the pdf for bof, but finding and solving different examples to reinforce.

Lab:

If you cannot spare a lot of time because of your job or different subjects, I recommend you to get a 90-day lab. Because the scope of the new system has expanded considerably and 30 -60 days labs may not be sufficient.

If you say that you spend at least 4 hours a day, you can work in 30 or 60 days labs.

As stated on the Official Site, it takes a long time to watch 70+ machines in a lab environment and 700+ pdf and video contents delivered to you for your work, from beginning to end.

I took the lab for 90 days, successfully obtained the 55+ machines in the lab environment, and then I prepared my lab report. It takes more than 300+ because they want min 10 lab machines and all exercisers applied and you can start with 5 points plus in the exam only 😊

Do not think that 5 points could save life, it did not work for me, but it could.

Of course, there is a forum page to work and share information, from here you can share and see different people’s comments and tips about machines. My advice is to look at the clues your last job is to solve the machines in the lab environment, try yourself and believe you can solve it.

Before the Exam:

Get a good sleep before the exam.

Eat your food properly.

Create a plan but try to implement it in the exam. Usually not applicable with exam stress,

For example, I will buy this machine first, then I will switch to this machine, if I get stuck, I will turn to a different machine and it will be useful to determine a methodology like I will follow these steps during the exam.

Exam:

Let’s come to the rigorous exam, 24 hours is tried, but 23:45 hours actually. and you have to submit your report within one day after the exam, and you will usually get your exam result 2–3 days after the report submission. You can use a metasploit machine and tools like sqlmap are FORBIDDEN!

You think I started the exam by buying the machine with BOF and min points. Actually, the exam starts after these two machines.

Whether the exam is starting or the psychological warfare is unknown 😊

As I said in the exam, take breaks at regular intervals, do not focus on what you cannot do, do not neglect your sleep, even if you work 23 hours, it will not work. Don’t forget to take your dietary supplement. To give an example, I could not buy a machine for exactly 12 hours 😊 I slept, I woke up, I had the points that could pass in 6 hours 😊

In the exam, first make your discoveries quickly, record all the steps you have done, step by step, do not go back and do the same procedures and waste time. If you stay, it is not the end of the world as I said. TRY Harder !!

Exam Report Sample

Useful Resources :

Blog :

My experience with the OSCP certification — Security Café

PWK and OSCP my experience | Fady Osman’s Technical Blog

Offensive Security’s PWB and OSCP — My Experience — Security SiftSecurity Sift

Penetration Testing With Backtrack — OSCP — Things all the hacking

Pentesting With BackTrack (PWB) + Offensive Security Certified Professional (OSCP)

OSCP Course and Exam Review — RCE Security

Try Harder! An OSCP Review.Blog of Jason Bernier

Pentest Tips and Tricks — EK

Open Security Research: Using Mimikatz to Dump Passwords!

Hacking/OSCP cheatsheet :: Ceso Adventures

The CORE Hacking Course — YouTube

Eğlence ve Kâr için bir web.config Dosyası Yükleme | Soroush Dalili (@irsdl) — سروش دلیلی

NetSecFocus Trophy Room — Google Drive

Enumeration :

oscp/linux-template.md at master · xapax/oscp

oscp/windows-template.md at master · xapax/oscp

CTF Series : Vulnerable Machines — tech.bitvijays.com

PWK Notes: SMB Enumeration Checklist [Updated] | 0xdf hacks stuff

nmapAutomator/nmapAutomator.sh at master · 21y4d/nmapAutomator

Privilege_Escalation_Windows:

Windows Privilege Escalation Guide

FuzzySecurity | Windows Privilege Escalation Fundamentals

Windows elevation of privileges

(1) Windows Privilege Escalation — AlwaysInstallElevated — YouTube

PowerSploit/PowerUp.ps1 at master · PowerShellMafia/PowerSploit

WindowsEnum/WindowsEnum.ps1 at master · absolomb/WindowsEnum

Windows-Exploit-Suggester/windows-exploit-suggester.py at master · AonCyberLabs/Windows-Exploit-Suggester

Windows Privilege Escalation Methods for Pentesters — Pentest Blog

FuzzySecurity | Windows Privilege Escalation Fundamentals

Windows Local Privilege Escalation — HackTricks

GhostPack/SharpUp: SharpUp is a C# port of various PowerUp functionality.

Ghostpack-CompiledBinaries/SharpUp.exe at master · r3motecontrol/Ghostpack-CompiledBinaries

https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1

GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives.

Ghostpack-CompiledBinaries/Seatbelt.exe at master · r3motecontrol/Ghostpack-CompiledBinaries

privilege-escalation-awesome-scripts-suite/winPEAS at master · carlospolop/privilege-escalation-awesome-scripts-suite

bitsadmin/wesng: Windows Exploit Suggester — Next Generation

rasta-mouse/Watson: Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities

SecWiki/windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合

Neohapsis/creddump7

juicy-potato/README.md at master · ohpe/juicy-potato

antonioCoco/RoguePotato: Another Windows Local Privilege Escalation from Service Account to System

itm4n/PrintSpoofer: Abusing Impersonation Privileges on Windows 10 and Server 2019

Privilege_Escalation_Linux:

sagishahar/lpeworkshop: Windows / Linux Local Privilege Escalation Workshop

Linux elevation of privileges

LinEnum/LinEnum.sh at master · rebootuser/LinEnum

Basic Linux Privilege Escalation

Linux Privilege Escalation Scripts

Linux Privilege Escalation — HackTricks

diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels

Cronjobs’u Kullanarak Linux Ayrıcalık Yükselmesi

rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks

linted/linuxprivchecker: linuxprivchecker.py — a Linux Privilege Escalation Check Script

AlessandroZ/BeRoot: Privilege Escalation Project — Windows / Linux / Mac

unix-privesc-check | pentestmonkey

jondonas/linux-exploit-suggester-2: Next-Generation Linux Kernel Exploit Suggester

Linux Sızma Testlerinde Hak Yükseltme Yöntemleri | SİBER GÜVENLİK PORTALİ

Reverse_Shell:

reverseshell | pentestmonkey

netcat 1.11 for Win32/Win64

Upgrading Simple Shells to Fully Interactive TTYs — ropnop blog

Spawning a TTY Shell

Reverse Shell Cheat Sheet | pentestmonkey

Reverse Shell Cheat Sheet

Remote-File-Inclusion-Shell/knock.txt at master · namansahore/Remote-File-Inclusion-Shell

BOF:

PWK/OSCP — Stack Buffer Overflow Practice — vortex’s blog

Seattle Lab Mail (SLmail) 5.5 Üzerinde Stack Tabanlı Bellek Taşma Zafiyetinin İstismarı | SİBER GÜVENLİK PORTALİ

(1) Buffer Overflow Exploitation (Minishare & FreeFloat) — YouTube

justinsteven/dostackbufferoverflowgood

jessekurrus/slmailsploits: Several Python scripts used to fuzz and exploit SLmail. These are meant to supplement the Kali Linux Hands-on Pentesting Udemy course.

(2) Immunity Debugger Overview — YouTube

Stack Based Buffer Overflow in Win 32 Platform: The Basics

Stack Buffer Overflow Zafiyeti — PCMan FTP Server 2.0.7 | Ahmet GÜREL

Zero Day Zen Garden: Windows Exploit Development — Part 5 [Return Oriented Programming Chains]

Zero Day Zen Garden: Windows Exploit Development — Part 4 [Overwriting SEH with Buffer Overflows]

Buffer Overflow — Easy Chat Server 3.1 — OnSecurity

Buffer Overflow Exploit Geliştirme ~ BTRiskBlog Pentest, ISO27001 ve BT Denetimi Hakkında Herşey

Coalfire — The Basics of Exploit Development 1: Win32 Buffer Overflows

Coalfire — Coalfire Blog

Coalfire — Coalfire Blog

Customized Mail Server Software Buffer Overflow on Windows Server 2008 | by Rudy Samuel Pardosi | Medium

Vulnserver Kullanarak Basit Bir Arabellek Taşması | Z3R0th tarafından | Orta

Bağışıklık Hata Ayıklayıcısı ve Mona.py ile Kötü Karakterler Bulma — Bulb Security

minishare 1.4.1 exploit — YouTube

SQLI:

SQL-Injections · Security — My notepad

44348-error-based-sql-injection-in-order-by-clause-(mssql).pdf

Full MSSQL Injection PWNage

MSSQL Practical Injection Cheat Sheet — Perspective Risk

SQL Injection Cheat Sheet | Netsparker

Öner KAYA: Gelişmiş SQL Enjeksiyon İşlemleri (Advanced Sql Injection)

Red Team Tales 0x01: From MSSQL to RCE — Tarlogic Security — Cyber Security and Ethical hacking

SQL Injection Cheat Sheet | Bhanu Notes

SQL-Injections · Total OSCP Guide

SQL Tutorial

LFI:

Hack The Box — Poison Writeup w/o Metasploit | by Rana Khalil | The Startup | Medium

(7) HackTheBox — Poison — YouTube

--

Sr.Penetration Tester | Bug Bounty Hunter | MBA | OSCP | OSWP | CRTO | eMAPT | eWPTX | CEH Master | ISO 27001 LA | ICS | Security Test Manager / Synack

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ömür Uğur

Sr.Penetration Tester | Bug Bounty Hunter | MBA | OSCP | OSWP | CRTO | eMAPT | eWPTX | CEH Master | ISO 27001 LA | ICS | Security Test Manager / Synack