Offensive Security Certified Professional (OSCP)

image
image
image
image
image
image
AWS

Offensive Security Certified Professional (OSCP)

Offensive Security Penetration Tester (OSCP)

Module-1 Introduction to OSCP course

• Review the contents included in the course.
• Establish a Kali VM for offensive purposes.
• Grasp the various learning elements integrated into PEN200.
• Gain a broad understanding of the topics addressed in each PEN200 Learning Module.

Module-2 Report Writing

• Understanding Note-Taking
• Select the appropriate note-taking software or application.
• Recognize the significance of capturing screenshots.
• Utilize software or applications for capturing screenshots.
• Identify the structure of pentesting documentation.
• Recognize the intent behind a technical report.
• Develop an Executive Summary.
• Develop a Technical Summary.
• Explain technical discoveries and offer recommendations.

Module-3 The Penetration Testing Lifecycle

• Reconnaissance (Information Gathering)
• Port Scanning and Vulnerability Scanning
• Exploiting Vulnerability
• Post Exploitation

Module-4 Information Gathering

• Recognise the importance of information gathering for each stage.
• Recognise the differences between information gathering that is both passive and active.
• Learn what Open Source Intelligence (OSINT) is.
• Learn about DNS and Web Server passive information collection.
• Learn how to perform port scanning using Nmap and Rustscan.
• Run the DNS, SMB, SMTP, and SNMP enumeration.

Module-5 Vulnerability Scanning

• Learn the fundamentals of the vulnerability scanning procedure.
• Discover the various kinds of vulnerability scans.
• Recognise the factors involved in a vulnerability scan.
• Installing Nessus.
• Set up and carry out a vulnerability scan.
• Recognise and utilise the findings of a Nessus vulnerability scan.
• Gain a rudimentary understanding of the Nmap Scripting Engine (NSE).

Module-6 Introduction to Web Applications

• Gain familiarity with the OWASP Top 10 and prevalent web vulnerabilities.
• Perform standard enumeration methods on web applications.
• Understand the theory behind Web Proxies.
• Familiarize yourself with the functionality of Burp Suite proxy in web application testing.
• Learn techniques for enumerating and examining Headers, Cookies, and Source Code.

Module-7 Cross-Site Scripting

• Comprehend various types of Cross-Site Scripting vulnerabilities.
• Execute Privilege Escalation using Cross-Site Scripting.
• Explore and exploit fundamental Cross-Site Scripting vulnerabilities.

Module-8 Directory Traversal

• Grasp the concept of Directory Traversal.
• Differentiate between absolute and relative paths.
• Acquire knowledge on exploiting directory traversal vulnerabilities.
• Implement encoding for handling special characters.

Module-9 File Inclusion Vulnerability

• Understand the distinction between File Inclusion and Directory Traversal vulnerabilities.
• Master the utilization of Local File Inclusion (LFI) for executing code.
• Learn the process of conducting Remote File Inclusion (RFI) attacks.
• Explore the application of PHP Wrappers in these scenarios.

Module-10 File Upload Vulnerability

• Grasp the concept of File Upload Vulnerabilities.
• Acquire skills to detect File Upload vulnerabilities.
• Explore various methods and approaches to exploit File Upload vulnerabilities.

Module-11 Command Injection vulnerability

• Gain knowledge about command injection within web applications.
• Apply operating system commands for performing OS command injection.
• Comprehend the process of utilizing command injection to acquire system access.

Module-12 SQL Injection Vulnerability

• Review fundamental SQL theory and explore various types of databases.
• Identify SQL injection vulnerabilities manually.
• Familiarize yourself with Error-based SQL injection payloads.
• Grasp the concept of UNION-based SQL injection payloads.
• Understand Blind SQL injection payloads.
• Exploit MSSQL databases using xp_cmdshell.
• Automate SQL Injection using SQLmap.

Module-13 Attacks on Client-Side

• Collect data for client-side attack preparation.
• Comprehend diverse types of Microsoft Office client-side attacks.
• Utilize Microsoft Word Macros for attacks.
• Plan an attack using Windows library files.
• Exploit Windows shortcuts to execute code.

Module-14 Searching for Public Exploits (Online)

• Grasp the dangers associated with running untrusted exploits.
• Acknowledge the significance of scrutinizing exploit code prior to execution.
• Access multiple online repositories for exploits.
• Differentiate between various online repositories hosting exploits.
• Employ Google search operators to locate public exploits.

Module-15 Searching for Public Exploits (Offline)

• Utilize multiple exploit frameworks for exploration.
• Employ SearchSploit to search for exploits.
• Apply Nmap NSE Scripts for discovery.
• Exploit a vulnerable machine using public exploits thoroughly.
• Identify suitable exploits for a specific target system.
• Execute a public exploit to attain a restricted shell on the targeted host.

Module-16 How to fix exploits

• Grasp the fundamental theory behind high-level buffer overflow.
• Adapt and upgrade memory corruption exploits.
• Resolve and troubleshoot prevalent issues related to web application exploits.

Module-17 Antivirus Evasion

• Differentiate between known and unknown threats.
• Comprehend the key components of antivirus (AV) systems.
• Familiarize yourself with AV detection engines.
• Learn best practices for conducting antivirus evasion testing.
• Utilize automated tools for evading AV detection.
• Perform manual techniques to evade AV solutions.

Module-18 Password Attacks

• Conduct attacks on Network Service Logins such as SSH, RDP, and HTTP POST login forms.
• Grasp the basics of password cracking.
• Modify and adapt wordlists through mutation.
• Target the passphrase of SSH private keys for attacks.
• Obtain and crack NTLM hashes.
• Pass the NTLM hash attack.

Module-19 Windows Privilege Escalation

• Grasp Windows privileges and access control mechanisms.
• Scan for sensitive data on Windows systems.
• Identify sensitive information generated by PowerShell.
• Familiarize yourself with automated enumeration tools.
• Manipulate service binaries and Service DLLs for hijacking.
• Exploit unquoted service paths for abuse.
• Utilize Scheduled Tasks for elevating privileges.
• Understand various exploit types facilitating privilege escalation.
• Exploit privileges to execute code as privileged user accounts.

Module-20 Linux Privilege Escalation

• Grasp the concept of files and user privileges on Linux systems.
• Conduct manual enumeration for information gathering.
• Use automated enumeration techniques.
• Understand the significance of user history files.
• Exploit insecure cron jobs for privilege escalation.
• Exploit insecure file permissions to elevate privileges.
• Exploit SUID (Set User ID) programs and capabilities for privilege escalation.
• Bypass special sudo permissions for escalating privileges.
• Enumerate the system's kernel for known vulnerabilities and exploit them for privilege escalation.

Module-21 Port Redirection and SSH Tunneling

• Acquire knowledge about port forwarding.
• Comprehend the reasons and scenarios for implementing port forwarding.
• Utilize Socat for port forwarding purposes.
• Learn about SSH tunneling.
• Perform SSH local port forwarding and dynamic port forwarding.
• Execute SSH remote port forwarding and remote dynamic port forwarding.
• Understand port forwarding and tunneling using ssh.exe on Windows.
• Understand port forwarding and tunneling with Plink.
• Grasp port forwarding with Netsh.

Module-22 Advanced Tunneling

• Gain understanding of HTTP tunneling.
• Execute HTTP tunneling using Chisel.
• Acquire knowledge about DNS tunneling.
• Perform DNS tunneling using dnscat.

Module-23 The Metasploit Framework

• Configure and navigate Metasploit.
• Employ auxiliary modules and exploit modules.
• Differentiate between staged and non-staged payloads.
• Investigate the Meterpreter payload and generate executable payloads.
• Utilize fundamental Meterpreter post-exploitation functionalities.
• Implement post-exploitation modules.
• Conduct pivoting using Metasploit.
• Utilize resource scripts in Metasploit for automation.

Module-24 Active Directory Introduction and Enumeration

• Perform Active Directory enumeration using legacy Windows applications.
• Utilize PowerShell and .NET for further Active Directory enumeration.
• Enumerate Operating System permissions and currently logged-on users.
• Investigate Domain Shares within the network.
• Gather domain data using SharpHound.
• Analyze domain data by employing BloodHound for insights.

Module-25 Attacking Active Directory Authentication

• Grasp NTLM Authentication principles.
• Understand the concepts surrounding Kerberos Authentication.
• Familiarize yourself with cached Active Directory Credentials.
• Employ password attacks to acquire valid user credentials.
• Exploit enabled user account options for malicious purposes.
• Abuse the Kerberos Service Principal Name (SPN) authentication mechanism.
• Perform domain controller impersonation to retrieve domain user credentials.

Module-26 Lateral Movement in Active Directory

• Comprehend WMI, WinRS, and WinRM as lateral movement techniques.
• Exploit PsExec for lateral movement within a network.
• Gain knowledge about Pass The Hash and Overpass The Hash as lateral movement methods.
• Understand the primary purpose of persistence techniques in attacks.
• Utilize golden tickets for persistence attacks.
• Learn about shadow copies and their exploitation for achieving persistence.

Module-27 Assembling the Pieces

• Scan and list machines on a public network.
• Gather pertinent information for future attacks.
• Crack the passphrase of an SSH private key.
• Escalate privileges using sudo commands.
• Exploit developer artifacts to access sensitive data.
• Validate domain credentials from a non-domain-joined machine.
• Enumerate hosts, services, and sessions within a target network.
• Execute Kerberoasting attacks.
• Collect data for preparing client-side attacks.