OSCP Tricks 2023 - Welcome and good journey!
Trigger Tips
- Information Gathering
- Web Application Attacks
- Password Attacks
- Client-Side Attacks
- File Transfers
- Linux Enumeration and Privilege Escalation
- Windows Enumeration and Privilege Escalation
- Shell and Some Payloads
- Port Forwarding and Tunneling
- Active Directory
Other Tips
- Linux Privilege Escalation - HackTricks
- Windows Local Privilege Escalation - HackTricks
- Active Directory - HackTricks
- Wordpress - HackTricks
- Drupal - HackTricks
- Joomla - HackTricks
- Tomcat - HackTricks
- Jenkins - HackTricks
Tutorials
-
Information Gathering
-
Web Application Attacks
- Hack The Box Academy - Introduction to Web Applications
- Hack The Box Academy - Web Attacks
- Hack The Box Academy - File Inclusion
- Hack The Box Academy - Abusing HTTP Misconfigurations
- Hack The Box Academy - HTTP Attacks
- Hack The Box Academy - SQL Injection Fundamentals
- Hack The Box Academy - Blind SQL Injection
- Hack The Box Academy - Advanced SQL Injection
- Hack The Box Academy - Using Web Proxies
- Hack The Box Academy - Attacking Web Applications with ffuf
- Hack The Box Academy - Session Security
- Hack The Box Academy - Attacking Authentication Mecanism
- Hack The Box Academy - Web Service & API Attacks
- Hack The Box Academy - Broken Authentication
- Hack The Box Academy - File Upload Attacks
- Hack The Box Academy - Whitebox Pentesting 101: Command Injection
- Hack The Box Academy - Command Injections
- Hack The Box Academy - Cross-Site Scripting (XSS)
- Hack The Box Academy - Server-Side Attacks
- Hack The Box Academy - Introduction to NoSQL Injection
- Hack The Box Academy - Introduction to Deserialization Attacks
- Try Hack Me - SQL Injection
- Try Hack Me - SQL Injection Lab
- Try Hack Me - Authentication Bypass
- Try Hack Me - IDOR
- Try Hack Me - SSRF
- Try Hack Me - File Inclusion
- Try Hack Me - Cross-Site Scripting
- Try Hack Me - Command Injection
- Try Hack Me - Upload Vulnerabilities
- Try Hack Me - Bypass Disable Functions
- PortSwigger Web Security Academy - SQL Injection
- PortSwigger Web Security Academy - Cross-Site Scripting
- PortSwigger Web Security Academy - XML external entity (XXE) injection
- PortSwigger Web Security Academy - OS command injection
- PortSwigger Web Security Academy - Server-side template injection
- PortSwigger Web Security Academy - Directory traversal
- PortSwigger Web Security Academy - Access control vulnerabilities
- PortSwigger Web Security Academy - Information Disclosure
- PortSwigger Web Security Academy - File upload vulnerabilities
- PortSwigger Web Security Academy - Authentication
- PortSwigger Web Security Academy - JWT attacks
- PortSwigger Web Security Academy - CSRF
- PortSwigger Web Security Academy - SSRF
- PortSwigger Web Security Academy - Business logic vulnerabilities
- PentesterLab - From SQL Injection to Shell
- PentesterLab - From SQL injection to Shell II
- PentesterLab - From SQL injection to Shell III
- PentesterLab - SQL Injection 01
- PentesterLab - SQL Injection 02
- PentesterLab - SQL Injection 03
- PentesterLab - SQL Injection 04
- PentesterLab - SQL Injection 05
- PentesterLab - SQL Injection 06
- PentesterLab - XSS and MySQL FILE
- PentesterLab - RCE via argument injection - PentesterLab
- PentesterLab - Server Side Template Injection 01
- PentesterLab - Server Side Template Injection 02
- PentesterLab - Express Local File Read
- PentesterLab - PHP Include And Post Exploitation
- PentesterLab - File Include 01
- PentesterLab - File Include 02
- PentesterLab - File Upload 01
- PentesterLab - File Upload 02
- PentesterLab - CVE-2021-33564 Argument Injection in Ruby Dragonfly
- PentesterLab - CVE-2014-6271/Shellshock
-
Shells & Payloads
-
Linux Enumeration and Privilege Escalation
-
Windows Enumeration and Privilege Escalation
-
File Transfers
-
Public Exploits (Localizing, Code Review, Improvements)
-
Port Forwarding and Tunneling
-
Active Directory
- Hack The Box Academy - Introduction to Active Directory
- Hack The Box Academy - Active Directory Enumeration Attacks
- Hack The Box Academy - Active Directory LDAP
- Hack The Box Academy - Active Directory PowerView
- Hack The Box Academy - Active Directory BloodHound
- Hack The Box Academy - Kerberos Attacks
- Hack The Box Academy - Using crackmapexec
- Hack The Box Academy - Password Attacks
- Hack The Box Academy - Attacking Enterprise Networks
- Try Hack Me - Active Directory Basics
- Try Hack Me - Attacktive Directory
- Try Hack Me - Attacking Kerberos
- Try Hack Me - Breaching Active Directory
- Try Hack Me - AD Enumeration
- Try Hack Me - Lateral Movement and Pivoting
- Try Hack Me - Exploiting Active Directory
- Try Hack Me - Post-Exploitation Basics
- Try Hack Me - HoloLive
- Try Hack Me - Throwback Network Labs Attacking Windows Active Directory
-
Pentest Report
Machines List
As you go through the list of machines, keep in mind the changes that occurred in the exam and disregard what came out of the exam recently. PEN-200 (PWK): Updated for 2023
- Machine List - vulndev
- TJ_Null's OSCP Prep - Youtube
- HackTheBox - Active Directory machines(OSCP) - Youtube
- Hack the Box - Active Directory - Youtube
- Vulnhub OSCP pathway training - Youtube
- Beco do Exploit - Hack 30 machines in 30 days! - Youtube
-> Platforms
Overview and Articles
I decided to put only recent overviews, due to the changes that occurred in the exam.
"Since Buffer Overflows will no longer be a part of the course material, they will also be removed from the exam body of knowledge and no longer part of the exam." PEN-200 (PWK): Updated for 2023
- OSCP 2023 version — A Small write-up on preparation and my exam experience - Neelamegha Kannan S
- Overview OSCP - rodolfomarianocy
- The road to OSCP in 2023 - Thexssrat
- Beginner's To OSCP 2023- Daniel Kula
- OSCP Reborn - 2023 Exam Preparation Guide - johnjhacking
- OffSec OSCP Review & Tips (2023)- James Billingsley
- 2023 OSCP STUDY GUIDE (NEW EXAM FORMAT) - JOHN STAWINSKI IV
- The Journey to Becoming an OSCP - 0xBEN
- Exame OSCP - Jornada e Dicas - Jonatas Villa Flor
- OSCP — Cracking The New Pattern - Jai Gupta