ben0 / OSCE

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

OSCE Plan

Source: (https://aminbohio.com/study-guide-tips-offensive-security-certified-expert-osce-cracking-the-perimeter-ctp/)

Added a few more guides and from: https://jhalon.github.io/OSCE-Review/

Lab ✅

Windows 7
Windows XP
Olly Debugger.
WinDBG.
Immunity Debugger with Mona.
CFF Explorer.
LordPE.
DevCPP
NetWide Assembler aka nasm.
VulnServer

0x00 Assembly Language

http://opensecuritytraining.info/IntroX86.html
Hacking: The Art of Exploitation
NASM Tuturial: - https://cs.lmu.edu/~ray/notes/nasmtutorial/

0x01 Basic Stack/Buffer Overflows

https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://www.ma.rhul.ac.uk/static/techrep/2009/RHUL-MA-2009-06.pdf

0x02 Beyond stack and buffer overflows

https://www.sans.org/reading-room/whitepapers/malicious/basic-reverse-engineering-immunity-debugger-36982/
https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
https://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
http://opensecuritytraining.info/Exploits1.html
http://opensecuritytraining.info/Exploits2.html
Fuzzy Security - Windows Exploit Development series

0x03 Egg Hunters

http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf
http://www.fuzzysecurity.com/tutorials/expDev/4.html
https://aminbohio.com/offensive-security-certified-expert-osce-cracking-the-perimeter-ctp-review/

0x04 Fuzzing

https://www.mwrinfosecurity.com/our-thinking/15-minute-guide-to-fuzzing/
http://sh3llc0d3r.com/vulnserver-fuzzing-with-spike/

0x05 Practice With VulnServer

TRUN GMON HTER KSTET

0x06 Bypassing Exploit Mitigation

https://www.exploit-db.com/docs/english/17914-bypassing-aslrdep.pdf
https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
https://www.abatchy.com/2017/06/exploit-dev-101-bypassing-aslr-on.html
http://tekwizz123.blogspot.com/2014/02/bypassing-aslr-and-dep-on-windows-7.html

0x07 ShellCode

https://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
https://www.exploit-db.com/docs/english/17065-manual-shellcode.pdf
http://security.cs.rpi.edu/courses/binexp-spring2015/lectures/7/05_lecture.pdf
http://sh3llc0d3r.com/windows-reverse-shell-shellcode-i \

0x08 Recreating Exploits

https://www.exploit-db.com/
FreeFTPd 1.0.10 SEH

0x09 Web Application Exploitation

https://www.youtube.com/watch?v=Fj0n17Jtnzw&list=PLZOToVAK85MqYHbkAVK-ViD-Xb7pF6RKq/
https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/
https://www.exploit-db.com/papers/17052/
https://www.exploit-db.com/papers/12871/

0x0a Antivirus Evasion

https://blog.kowalczyk.info/articles/pefileformat.html
https://buffered.io/posts/jumping-with-bad-chars/
https://idafchev.github.io/exploit/2017/09/26/writing_windows_shellcode.html
http://www.gosecure.it/blog/art/452/sec/create-a-custom-shellcode-using-system-function/
https://resources.infosecinstitute.com/bypassing-antivirus/
https://www.youtube.com/watch?v=tBY46vs0ptE/
https://dl.packetstormsecurity.net/papers/bypass/bypassing-av.pdf
https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/ https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/

Challenge: http://fc4.me/

About