Skip to content

My OSCP Pre-Preparation Phase. I'm not sure if I'll be able to afford the exam but what count's trying and learning things. I'm gonna give it a try. [Start Date: 21st March 2022]

License

Notifications You must be signed in to change notification settings

shreyaschavhan/oscp-pre-preparation-plan-and-notes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

ย 

History

34 Commits
ย 
ย 
ย 
ย 

Repository files navigation

visitor badge

Note: These are my notes for personal reference!

๐Ž๐’๐‚๐ ๐๐ซ๐ž-๐๐ซ๐ž๐ฉ๐š๐ซ๐š๐ญ๐ข๐จ๐ง ๐๐ฅ๐š๐ง ๐š๐ง๐ ๐๐จ๐ญ๐ž๐ฌ

  • 21st March 2022 : Start Date
  • 19th Sept 2022 : Expected End Date
  • 180 days : Goal

โ ๐“๐š๐›๐ฅ๐ž ๐จ๐Ÿ ๐‚๐จ๐ง๐ญ๐ž๐ง๐ญ๐ฌ

  • Resources:

๐๐ซ๐ž-๐ซ๐ž๐ช๐ฎ๐ข๐ฌ๐ข๐ญ๐ž๐ฌ

Update (16th Oct 2022): 

One of the above python course wasn't available anymore. But you can use waybackmachine to access it again.

A quick tip for any broken link that might exist here in this repository:
- Use Wayback machine
Thoughts:

`Learn python 3 the hard way` is the best book for python according to me!
Estimated Time: 24 hours

๐†๐ž๐ญ๐ญ๐ข๐ง๐  ๐‚๐จ๐ฆ๐Ÿ๐จ๐ซ๐ญ๐š๐›๐ฅ๐ž ๐ฐ๐ข๐ญ๐ก ๐Š๐š๐ฅ๐ข ๐‹๐ข๐ง๐ฎ๐ฑ

  • Should learn (imp):
- man
- apropos
- ls
- cd
- pwd
- mkdir
- rm
- which
- locate
- find
- ssh
- grep
- apt

Estimated Time: 8 hours

๐‚๐จ๐ฆ๐ฆ๐š๐ง๐ ๐‹๐ข๐ง๐ž ๐…๐ฎ๐ง

  • Should learn:
- Environment Variables in Bash
- grep
- awk
- cut
- sed
- comm
- diff
- vimdiff
- ping
- bg
- fg
- jobs
- kill
- ps
- wget
- curl
- axel
  • Text Editors you should be familiar with:
- nano
- vi(m)
Excepted time (without practice): 12 hours 

๐๐ซ๐š๐œ๐ญ๐ข๐œ๐š๐ฅ ๐“๐จ๐จ๐ฅ๐ฌ

  • Official Syllabus Tools
- Netcat
- Socat
- Powershell
- Powercat
- Wireshark
- Tcpdump
  • Enumeration
AutoRecon โ€” https://github.com/Tib3rius/AutoRecon
nmapAutomator โ€” https://github.com/21y4d/nmapAutomator
Reconbot โ€” https://github.com/Apathly/Reconbot
Raccoon โ€” https://github.com/evyatarmeged/Raccoon
RustScan โ€” https://github.com/RustScan/RustScan
BashScan โ€” https://github.com/astryzia/BashScan
  • Web Related
Dirsearch โ€” https://github.com/maurosoria/dirsearch
GoBuster โ€” https://github.com/OJ/gobuster
Recursive GoBuster โ€” https://github.com/epi052/recursive-gobuster
wfuzz โ€” https://github.com/xmendez/wfuzz
goWAPT โ€” https://github.com/dzonerzy/goWAPT
ffuf โ€” https://github.com/ffuf/ffuf
Nikto โ€” https://github.com/sullo/nikto
dirb โ€” https://tools.kali.org/web-applications/dirb
dirbuster โ€” https://tools.kali.org/web-applications/dirbuster
feroxbuster โ€” https://github.com/epi052/feroxbuster
FinalRecon โ€” https://github.com/thewhiteh4t/FinalRecon
  • Network tools:
Impacket (SMB, psexec, etc) โ€” https://github.com/SecureAuthCorp/impacket
  • File Transfers:
updog โ€” https://github.com/sc0tfree/updog
  • Wordlists:
SecLists โ€” https://github.com/danielmiessler/SecLists
  • Payload Generators:
Reverse Shell Generator โ€” https://github.com/cwinfosec/revshellgen
Windows Reverse Shell Generator โ€” https://github.com/thosearetheguise/rev
MSFVenom Payload Creator โ€” https://github.com/g0tmi1k/msfpc
  • Php reverse shell:
Windows PHP Reverse Shell โ€” https://github.com/Dhayalanb/windows-php-reverse-shell
PenTestMonkey Unix PHP Reverse Shell โ€” http://pentestmonkey.net/tools/web-shells/php-reverse-shell
  • Terminal Related:
tmux โ€” https://tmuxcheatsheet.com/ (cheat sheet)
tmux-logging โ€” https://github.com/tmux-plugins/tmux-logging
Oh My Tmux โ€” https://github.com/devzspy/.tmux
screen โ€” https://gist.github.com/jctosta/af918e1618682638aa82 (cheat sheet)
Terminator โ€” http://www.linuxandubuntu.com/home/terminator-a-linux-terminal-emulator-with-multiple-terminals-in-one-window
vim-windir โ€” https://github.com/jtpereyda/vim-windir
  • Exploits:
Exploit-DB โ€” https://www.exploit-db.com/
Windows Kernel Exploits โ€” https://github.com/SecWiki/windows-kernel-exploits
AutoNSE โ€” https://github.com/m4ll0k/AutoNSE
Linux Kernel Exploits โ€” https://github.com/lucyoa/kernel-exploits
  • Password Brute Forcer:
BruteX โ€” https://github.com/1N3/BruteX
Hashcat โ€” https://hashcat.net/hashcat/
John the Ripper โ€” https://www.openwall.com/john/
  • Post Exploitation / Privilege Escalation
LinEnum โ€” https://github.com/rebootuser/LinEnum
linprivchecker โ€”https://www.securitysift.com/download/linuxprivchecker.py
Powerless โ€” https://github.com/M4ximuss/Powerless
PowerUp โ€” https://github.com/HarmJ0y/PowerUp
Linux Exploit Suggester โ€” https://github.com/mzet-/linux-exploit-suggester
Windows Exploit Suggester โ€” https://github.com/bitsadmin/wesng
Windows Privilege Escalation Awesome Scripts (WinPEAS) โ€” https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS
CHECK THE VERSION NUMBER!!! Linux Privilege Escalation Awesome Script (LinPEAS) โ€” https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
GTFOBins (Bypass local restrictions) โ€” https://gtfobins.github.io/
Get GTFOBins โ€” https://github.com/CristinaSolana/ggtfobins
sudo_killer โ€” https://github.com/TH3xACE/SUDO_KILLER
WADComs โ€” https://wadcoms.github.io/
LOLBAS โ€” https://lolbas-project.github.io/
  • Buffer Overflow Practice
Vulnserver for Windows โ€” https://github.com/stephenbradshaw/vulnserver
Vulnserver for Linux โ€” https://github.com/ins1gn1a/VulnServer-Linux
Tib3rius TryHackMe BOF โ€” https://tryhackme.com/jr/bufferoverflowprep
  • Privilege Escalation Practice
Local Privilege Escalation Workshop โ€” https://github.com/sagishahar/lpeworkshop
Linux Privilege Escalation โ€” https://www.udemy.com/course/linux-privilege-escalation/
Windows Privilege Escalation โ€” https://www.udemy.com/course/windows-privilege-escalation/
Expected Tools Overview: 12 hours

๐๐š๐ฌ๐ก ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ 

Expected Time: 4 hours

๐๐š๐ฌ๐ฌ๐ข๐ฏ๐ž ๐ˆ๐ง๐Ÿ๐จ๐ซ๐ฆ๐š๐ญ๐ข๐จ๐ง ๐†๐š๐ญ๐ก๐ž๐ซ๐ข๐ง๐ 

- Website Recon
- Whois Enumeration
- Google hacking : https://www.exploit-db.com/google-hacking-database
- Netcraft
- Recon-ng : https://github.com/lanmaster53/recon-ng
- Open source code
- Shodan
- Security Headers Scanner
- SSL Server Test
- Pastebin
- User information Gathering
- Email Harvesting
- Stack Overflow
- OSINT Framework
- Maltego
Expected time: 30 mins

๐€๐œ๐ญ๐ข๐ฏ๐ž ๐ˆ๐ง๐Ÿ๐จ๐ซ๐ฆ๐š๐ญ๐ข๐จ๐ง ๐†๐š๐ญ๐ก๐ž๐ซ๐ข๐ง๐ 

- DNS Enumeration
  - Forward Lookup
  - Reverse Lookup
  - DNS Zone Transfers
  - Tools:
    - DNSrecon
    - DNSenum
- Port Scanning
  - TCP Scanning
  - UDP Scanning
  - Nmap: 
    - https://nmap.org/book/toc.html
    - https://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717
    - https://blog.zsec.uk/nmap-rtfm/
  - Masscan
- SMB Enumeration
- NFS Enumeration
- SMTP Enumeration
- SNMP Enumeration
Expected Time: 12 hours

๐•๐ฎ๐ฅ๐ง๐ž๐ซ๐š๐›๐ข๐ฅ๐ข๐ญ๐ฒ ๐’๐œ๐š๐ง๐ง๐ข๐ง๐ 

- Vulnerability Scanning using Nessus
- Vulnerability Scanning using Nmap
Expected Time: 4 hours

๐–๐ž๐› ๐€๐ฉ๐ฉ๐ฅ๐ข๐œ๐š๐ญ๐ข๐จ๐ง ๐€๐ญ๐ญ๐š๐œ๐ค๐ฌ

  • Web Tools:
- DIRB: http://dirb.sourceforge.net/
- Dirsearch: https://github.com/maurosoria/dirsearch
- Dirbuster: https://tools.kali.org/web-applications/dirbuster
- Gobuster: https://github.com/OJ/gobuster
- Wfuzz: https://github.com/xmendez/wfuzz
- ffuf: https://github.com/ffuf/ffuf
- Burpsuite
- Nikto
- HTTPIe https://httpie.io/
  • Practice:
Expected Time: 30 days

๐๐ฎ๐Ÿ๐Ÿ๐ž๐ซ ๐Ž๐ฏ๐ž๐ซ๐Ÿ๐ฅ๐จ๐ฐ

  • Blogs:
  • Practice:
1. https://tryhackme.com/room/oscpbufferoverflowprep
2. protostar on vulnhub
3. vulnserver
4. Brainpan on vulnhub
5. warFTP
6. miniserv
7. https://overthewire.org/wargames/behemoth/
8. https://overthewire.org/wargames/narnia/
9. Brainpan 1: https://www.vulnhub.com/entry/brainpan-1,51/
10. Pinkyโ€™s Palace version 1: https://www.vulnhub.com/entry/pinkys-palace-v1,225/
11. Stack Overflows for Beginners: https://www.vulnhub.com/entry/stack-overflows-for-beginners-101,290/
12. SmashTheTux: https://www.vulnhub.com/entry/smashthetux-101,138/
13. Pandoraโ€™s Box: https://www.vulnhub.com/entry/pandoras-box-1,111/

  • Windows Binaries (Recommend that you run these on Windows 7/XP 32 bit):
Vulnserver: https://samsclass.info/127/proj/vuln-server.htm
Minishare 1.4.1: https://www.exploit-db.com/exploits/636
Savant Web Server 3.1: https://www.exploit-db.com/exploits/10434
Freefloat FTP Server 1.0: https://www.exploit-db.com/exploits/40673
Core FTP Server 1.2: https://www.exploit-db.com/exploits/39480
WarFTP 1.65: https://www.exploit-db.com/exploits/3570
VUPlayer 2.4.9: https://www.exploit-db.com/exploits/40018
  • Linux Binaries
Linux Buffer Overflow: https://samsclass.info/127/proj/lbuf1.htm
  • Videos:
  • Github:
1. https://github.com/justinsteven/dostackbufferoverflowgood
2. https://github.com/3isenHeiM/OSCP-BoF
3. https://github.com/gh0x0st/Buffer_Overflow
4. https://github.com/sradley/overflow (You should not use it in the exam)
5. https://github.com/onecloudemoji/BOF-Template (Buffer overflow template)
6. https://github.com/V1n1v131r4/OSCP-Buffer-Overflow
  • Other Resources:
Whitepaper Introduction to Immunity Debugger: https://www.sans.org/reading-room/whitepapers/malicious/basic-reverse-engineering-immunity-debugger-36982
Do Stack Buffer Overflow Good: https://github.com/justinsteven/dostackbufferoverflowgood
Buffer Overflows for Dummies: https://www.sans.org/reading-room/whitepapers/threats/buffer-overflows-dummies-481
Vortex Stack Buffer Overflow Practice: https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/
Smashing the Stack For Fun and Profit: http://www-inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf
Buffer Overflow Guide: https://github.com/johnjhacking/Buffer-Overflow-Guide
Stack based Linux Buffer Overflow: https://www.exploit-db.com/docs/english/28475-linux-stack-based-buffer-overflows.pdf
Expected time (without practice): 8 hours

๐‚๐ฅ๐ข๐ž๐ง๐ญ-๐ฌ๐ข๐๐ž ๐€๐ญ๐ญ๐š๐œ๐ค๐ฌ

https://www.offensive-security.com/metasploit-unleashed/client-side-attacks/
Expected Time: (not sure)

๐‹๐จ๐œ๐š๐ญ๐ข๐ง๐  ๐๐ฎ๐›๐ฅ๐ข๐œ ๐„๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ฌ

  • Places to Find Exploits:
  • Tools for finding exploits:
Searchsploit: a command line search tool for Exploit-DB
Nmap NSE Script
The Browser Exploitation Framework (BeEF)


Manual for searchsploit: https://www.exploit-db.com/searchsploit
Expected Time: 1 hour

๐€๐ง๐ญ๐ข๐ฏ๐ข๐ซ๐ฎ๐ฌ ๐„๐ฏ๐š๐ฌ๐ข๐จ๐ง

  • Book
Antivirus Bypass Techniques: Learn Practical Techniques and Tactics to Combat, Bypass, and Evade Antivirus Software 

Link: https://g.co/kgs/WzEjAH
  • Tools to play with Anti-Virus evasion:
Veil-Framework: https://github.com/Veil-Framework/Veil
Shellter: https://www.shellterproject.com/
Unicorn https://github.com/trustedsec/unicorn
UniByAV: https://github.com/Mr-Un1k0d3r/UniByAv
  • Tools to play with for Obfuscation:
PowerShell:

Invoke-Obfuscation: https://github.com/danielbohannon/Invoke-Obfuscation
Chimera: https://github.com/tokyoneon/Chimera
Python:

Pyarmor: https://pypi.org/project/pyarmor/
PyObfx: https://github.com/PyObfx/PyObfx
C#:

ConfuserEx: https://github.com/yck1509/ConfuserEx
  • Testing Payloads Publicly. (Keep in mind that submitting your samples to online scanners may be distributed to other AV engines):
Nodistribute: https://nodistribute.com/
Virustotal: https://www.virustotal.com/gui/home
Hybrid-Analysis: https://www.hybrid-analysis.com/
Any-Run: https://app.any.run
Reverse.it: https://reverse.it
Anti-Virus Evasion Tool: https://github.com/govolution/avet
DefenderCheck: https://github.com/matterpreter/DefenderCheck
ThreatCheck: https://github.com/rasta-mouse/ThreatCheck
Expected: 12 hours

๐๐ซ๐ข๐ฏ๐ข๐ฅ๐ž๐ ๐ž ๐„๐ฌ๐œ๐š๐ฅ๐š๐ญ๐ข๐จ๐ง

  • Blogs:
  • Practice:
  • Videos/Courses
  • Github:
1. https://github.com/sagishahar/lpeworkshop
2. https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Methodology%20and%20Resources
3. https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
4. https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md
5. https://github.com/netbiosX/Checklists/blob/master/Windows-Privilege-Escalation.md
6. https://github.com/abatchy17/WindowsExploits
7. https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc
8. https://github.com/rasta-mouse/Sherlock
9. https://github.com/AonCyberLabs/Windows-Exploit-Suggester

  • Others
- https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS
- https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/
- https://www.vulnhub.com/entry/linsecurity-1,244/
- https://www.netsecfocus.com/oscp/2021/05/06/The_Journey_to_Try_Harder-_TJnull-s_Preparation_Guide_for_PEN-200_PWK_OSCP_2.0.html#section-10-buffer-overflows-for-windows-and-linux
- http://pwnwiki.io/#!privesc/windows/index.md
- https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
- https://github.com/N7WEra/SharpAllTheThings
- https://github.com/411Hall/JAWS/commits?author=411Hall
- https://github.com/bitsadmin/wesng
- https://github.com/rasta-mouse/Sherlock
- https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS
- https://github.com/rasta-mouse/Watson
- https://github.com/GhostPack/Seatbelt
- https://github.com/gladiatx0r/Powerless
- https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
- https://github.com/breenmachine/RottenPotatoNG
- https://github.com/ohpe/juicy-potato
- https://rahmatnurfauzi.medium.com/windows-privilege-escalation-scripts-techniques-30fa37bd194
- https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
- https://github.com/jondonas/linux-exploit-suggester-2
Expected: 12 hours

๐๐š๐ฌ๐ฌ๐ฐ๐จ๐ซ๐ ๐€๐ญ๐ญ๐š๐œ๐ค๐ฌ

  • Offline tools for password cracking
Hashcat: https://hashcat.net/hashcat/ Sample Hashes to test with Hashcat: https://hashcat.net/wiki/doku.php?id=example_hashes
John the Ripper: https://www.openwall.com/john/
Metasploit Unleashed using John the Ripper with Hashdump: https://www.offensive-security.com/metasploit-unleashed/john-ripper/
  • Online Tools for password cracking
THC Hydra: https://github.com/vanhauser-thc/thc-hydra
Crowbar: https://github.com/galkan/crowbar
  • Wordlist Generator
Cewl: https://digi.ninja/projects/cewl.php
Crunch: https://tools.kali.org/password-attacks/crunch
Cupp (In Kali Linux): https://github.com/Mebus/cupp
  • Tools to check the hash type:
Hash-Identifier: https://github.com/psypanda/hashID

  • Tools to dump for hashes:
Mimikatz: https://github.com/gentilkiwi/mimikatz
Mimipenguin: https://github.com/huntergregal/mimipenguin
Pypykatz: https://github.com/skelsec/pypykatz
  • Wordlists:
In Kali: /usr/share/wordlists
Seclists: apt-get install seclists You can find all of his password lists here: https://github.com/danielmiessler/SecLists/tree/master/Passwords
Xajkep Wordlists: https://github.com/xajkep/wordlists
  • Online Password Crackers:
https://hashkiller.io/
https://www.cmd5.org/
https://www.onlinehashcrack.com/
https://gpuhash.me/
https://crackstation.net/
https://passwordrecovery.io/
https://md5decrypt.net/en/
https://hashes.com/en/decrypt/hash
http://cracker.offensive-security.com/
  • Others
Introduction to Password Cracking: https://alexandreborgesbrazil.files.wordpress.com/2013/08/introduction_to_password_cracking_part_1.pdf
Pwning Wordpress Passwords: https://medium.com/bugbountywriteup/pwning-wordpress-passwords-2caf12216956
Expected: 12 hours

๐๐จ๐ซ๐ญ ๐‘๐ž๐๐ข๐ซ๐ž๐œ๐ญ๐ข๐จ๐ง ๐š๐ง๐ ๐“๐ฎ๐ง๐ง๐ž๐ฅ๐ข๐ง๐ 

  • Blogs
  • Tools
Proxychains: https://github.com/haad/proxychains
Proxychains-ng: https://github.com/rofl0r/proxychains-ng
SSHuttle (Totally Recommend learning this): https://github.com/sshuttle/sshuttle
SSHuttle Documentation: https://sshuttle.readthedocs.io/en/stable/
Chisel https://github.com/jpillora/chisel
Ligolo: https://github.com/sysdream/ligolo
  • Online Tunneling Services
Ngrok: https://ngrok.com/
Twilo: https://www.twilio.com/
  • Practice
Wintermute: https://www.vulnhub.com/entry/wintermute-1,239/
Expected: 12 hours

๐€๐œ๐ญ๐ข๐ฏ๐ž ๐ƒ๐ข๐ซ๐ž๐œ๐ญ๐จ๐ซ๐ฒ ๐€๐ญ๐ญ๐š๐œ๐ค๐ฌ

  • Blogs
  • Github:
  • Practice:
- https://tryhackme.com/room/attacktivedirectory
- https://tryhackme.com/network/throwback
- Heist, Hutch, Vault on PG Play
- Tryhackme Holo, Throwback networks in addition to attacktive and post exploitation rooms
- Hackthebox: Forest, Sauna, dante, active, Arctic and Granny.
- CyberSecLabs
- Razorblack, Enterprise, VulnNet - Active on tryhackme
- wreath on tryhackme
- blackfield, intelligence, multimaster, cascade, heist...crap was that htb heist or pg heist or both, Reel, Sauna, Fuse, Sizzle, Mantis, and Resolute.
- https://drive.google.com/file/d/1RktnrenlhOMIqdPDAv-u60_yzW7K0KS0/view
- Rastalabs on HTB
  • Videos:
  • TJNull's suggestion:
Setting up Active Directory:

Note: Make sure when you are setting up the Active Directory Server that you assign a static IP address to it and also a workstation that you will be joining the server to for further testing. I recommend that you set up a Windows 10 Workstation if you plan to use Windows Server 2016/2019.

Microsoft Documentation to install Active Directory: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-servicesโ€“level-100-
Install Windows Active Directory on Windows Server 2019: https://computingforgeeks.com/how-to-install-active-directory-domain-services-in-windows-server/
Understanding Users Accounts in Active Directory: https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts
Three ways to create an Active Directory User: https://petri.com/3-ways-to-create-new-active-directory-users
Join a Workstation to the Domain: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/join-a-computer-to-a-domain
Tools to help you automate the installation for Active Directory:

ADLab: https://github.com/browninfosecguy/ADLab
Automated Lab: https://github.com/AutomatedLab/AutomatedLab
MSLab: https://github.com/microsoft/MSLab
Invoke-ADLabDeployer: https://github.com/outflanknl/Invoke-ADLabDeployer
Active Directory User Setup: https://github.com/bjiusc/Active-Directory-User-Setup-Script
Enumerating Active Directory:

Active Directory Enumeration with Powershell: https://www.exploit-db.com/docs/english/46990-active-directory-enumeration-with-powershell.pdf
Active Directory Exploitation Cheat Sheet: https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet#domain-enumeration
Powersploit: https://github.com/PowerShellMafia/PowerSploit
Understanding Authentication protocols that Active Directory Utilizes:

NTLM Authentication: https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview
Kerberos Authentication https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview
Cache and Stored Credentials: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v=ws.11)
Group Managed Service Accounts: https://adsecurity.org/?p=4367
Lateral Movement in Active Directory:

Paving the Way to DA: https://blog.zsec.uk/path2da-pt1
Part 2, 3
Pass the Hash with Machine Accounts: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/pass-the-hash-with-machine-accounts
Overpass the hash (Payload All the things): https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md#overpass-the-hash-pass-the-key
Red Team Adventures Overpass the Hash: https://riccardoancarani.github.io/2019-10-04-lateral-movement-megaprimer/#overpass-the-hash
Pass the Ticket (Silver Tickets): https://adsecurity.org/?p=2011
Lateral Movement with DCOM: https://www.ired.team/offensive-security/lateral-movement/t1175-distributed-component-object-model
Active Directory Persistence:

Cracking Kerberos TGS Tickets Using Kerberoast: https://adsecurity.org/?p=2293
Kerberoasting Without Mimikatz: https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/
Golden Tickets: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/kerberos-golden-tickets
Pass the Ticket (Golden Tickets): https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md#pass-the-ticket-golden-tickets
Understanding DCSync Attacks: https://attack.stealthbits.com/privilege-escalation-using-mimikatz-dcsync
Tools for Active Directory Lateral Movement and Persistence:

ADRecon: https://github.com/sense-of-security/ADRecon
Kerbrute: https://github.com/ropnop/kerbrute
Rubeus: https://github.com/GhostPack/Rubeus
Impacket: https://github.com/SecureAuthCorp/impacket
Other Resources:

Building an Active Directory with PowerShell: https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell/
Lateral Movement for AD: https://riccardoancarani.github.io/2019-10-04-lateral-movement-megaprimer/#overpass-the-hash
Lateral Movement with CrackMapExec: https://www.hackingarticles.in/lateral-moment-on-active-directory-crackmapexec/
  • Others:
- https://wadcoms.github.io/
- https://www.xmind.net/m/5dypm8/
- Cybermentor's Practical Ethical Hacking Course - Active Directory Section
Expected: 48 hours

๐“๐ก๐ž ๐Œ๐ž๐ญ๐š๐ฌ๐ฉ๐ฅ๐จ๐ข๐ญ ๐…๐ซ๐š๐ฆ๐ž๐ฐ๐จ๐ซ๐ค

  • MSFvenom Cheat Sheets:
http://security-geek.in/2016/09/07/msfvenom-cheat-sheet/
https://netsec.ws/?p=331
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom
Expected: 4 hours

๐๐จ๐ฐ๐ž๐ซ๐ฌ๐ก๐ž๐ฅ๐ฅ ๐„๐ฆ๐ฉ๐ข๐ซ๐ž

Expected: 4 hours

๐“๐ซ๐ฒ๐ข๐ง๐  ๐‡๐š๐ซ๐๐ž๐ซ: ๐“๐ก๐ž ๐‹๐š๐›๐ฌ

๐’๐ญ๐ซ๐š๐ญ๐ž๐ ๐ฒ

  • Overview:
Phase I: Theory, Preparation and Note Taking
Phase II: Practice
Phase III: OSCP Labs & Origial Course Material
Phase IV: OSCP Exam
Thought Process:

So, Yeah! We have 180 days i.e. 175 remaining. I took a lot of time planning, it's ok tho. 
One shot, game khallas karna hai. Let's plan:

Let's divide OSCP into fundamental components that will require for us to crack OSCP:
1. Theory, theory and theory. In-depth Understanding of lot of topics.
2. Ability to apply knowledge practically.
3. Critical Thinking
4. High Pain threshold.
5. Consistency 
6. Note taking

Step by step dekha jaye toh, you should have basic understanding of almost everything beforehand so that you don't keep jumping back on phase I from phase II.
Do theory, make notes and refer to notes. Have everything at one place! That's it for today, hehe!

About

My OSCP Pre-Preparation Phase. I'm not sure if I'll be able to afford the exam but what count's trying and learning things. I'm gonna give it a try. [Start Date: 21st March 2022]

Topics

Resources

License

Stars

Watchers

Forks