Skip to content
/ OSCE-Prep Public

A list of freely available resources that can be used as a prerequisite before taking OSCE.

234 stars 63 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

snoopysecurity/OSCE-Prep

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 

Repository files navigation

OSCE PREP

This repository contains a list of freely available resources that can be used as a pre-requisite before enrolling in Offensive Security's Cracking the Perimeter (CTP) course and OSCE certification.

The following table shows notes, courses, challenges, and tutorials that can taken in preparation for the OSCE. It should be noted that the content within multiple sources do overlap each other so not all of these resources are needed.

Web Application Security

Order Name Type Link
1 PayloadsAllTheThings Directory Traversal CheatSheet CheatSheet https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal
2 PayloadsAllTheThings XSS CheatSheet CheatSheet https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection
3 XSS Payloads Payloads http://www.xss-payloads.com/
4 XSS to Domain Admin Webinar https://www.elearnsecurity.com/resources/webinar_video/xss-to-domain-admin/
5 LFI to RCE Exploit with Perl Script Paper https://www.exploit-db.com/papers/12992
6 Using XSS to bypass CSRF protection Paper https://www.exploit-db.com/docs/13534
7 Local File Inclusion (LFI) Paper https://www.exploit-db.com/docs/english/40992-web-app-penetration-testing---local-file-inclusion-(lfi).pdf

Anti Detection

Order Name Type Link
1 Backdooring PE Files - Part 1 Blog http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-1.html
2 Backdooring PE Files - Part 2 Blog http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-2.html
3 Backdooring Windows EXEs for Fun and Profit Blog http://ly0n.me/2015/07/09/backdooring-windows-exes-for-fun-and-profit-part-1/
4 Art of Anti Detection – 1 Paper https://www.exploit-db.com/docs/40900.pdf
5 Art of Anti Detection – 2 Paper https://www.exploit-db.com/docs/41129.pdf
6 Art of Anti Detection – 2 Paper https://www.exploit-db.com/docs/41129.pdf
7 Art of Anti Detection – 1 Blog Blog https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/
8 Art of Anti Detection – 2 Blog Blog https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/
9 Art of Anti Detection – 3 Blog Blog https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/
10 Art of Anti Detection – 4 Blog Blog https://pentest.blog/art-of-anti-detection-4-self-defense/

Assembly Language

Order Name Type Link
1 Skullsecurity Assembly Language Wiki Blog https://wiki.skullsecurity.org/index.php?title=Assembly
2 Sensepost A Crash Course in x86 Assembly for Reverse Engineers Paper https://sensepost.com/blogstatic/2014/01/SensePost_crash_course_in_x86_assembly-.pdf
3 SecurityTube Windows Assembly Language Megaprimer Videos http://www.securitytube.net/groups?operation=view&groupId=6

Fuzzing

Order Name Type Link
1 Introduction to Network Protocol Fuzzing & Buffer Overflow Exploitation Blog https://blog.own.sh/introduction-to-network-protocol-fuzzing-buffer-overflow-exploitation/
2 HowTo: ExploitDev Fuzzing Blog https://hansesecure.de/2018/03/howto-exploitdev-fuzzing/
3 [VulnServer] Exploiting TRUN Command via Vanilla EIP Overwrite Blog https://captmeelo.com/exploitdev/osceprep/2018/06/27/vulnserver-trun.html
4 CTP/OSCE Prep – Boofuzzing Vulnserver for EIP Overwrite Blog https://h0mbre.github.io/Boofuzz_to_EIP_Overwrite/#
5 Boofuzz – A helpful guide (OSCE – CTP) Blog https://zeroaptitude.com/zerodetail/fuzzing-with-boofuzz/

Exploit Development

Order Name Type Link
1 DEFCON 16: BackTrack Foo - From bug to 0day Presentation https://www.youtube.com/watch?v=gHISpAZiAm0
2 Corelan Exploit Writing Tutorial part 1: Stack Based Overflows Blog http://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
3 Corelan Exploit Writing Tutorial part 2: Stack Based Overflows Blog http://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
4 Corelan Exploit Writing Tutorial part 3: SEH Based Exploits Blog http://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
5 Corelan Exploit Writing Tutorial part 3b: SEH Based Exploits Blog http://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
6 Corelan Exploit Writing Tutorial part 4: From Exploit to Metasploit Blog http://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
7 Corelan Exploit Writing Tutorial part 5: How debugger modules & plugins can speed up basic exploit development Blog http://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/
8 Corelan Exploit Writing Tutorial part 6: Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR Blog http://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
9 Corelan Exploit Writing Tutorial part 7: Unicode from 0x00410041 to calc Blog http://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
10 Corelan Exploit Writing Tutorial part 8: Win32 Egg Hunting Blog http://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
11 Corelan Exploit Writing Tutorial part 9: Introduction to Win32 shellcoding Blog http://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
12 Mona py : The Exploit Writer's Swiss Army Knife Presentation https://www.youtube.com/watch?v=y2zrEAwmdws
13 Eliminating the bad characters in your Exploit Presentation https://www.youtube.com/watch?v=IOjl3tU1Ht8
14 Understanding Windows Shellcode Paper http://www.hick.org/code/skape/papers/win32-shellcode.pdf
15 Safely Searching Process Virtual Address Space Paper http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf

Practical

Order Name Type Link
1 Vulnserver Lab https://github.com/stephenbradshaw/vulnserver
2 Fuzzysecurity Part 1: Introduction to Exploit Development Tutorial http://www.fuzzysecurity.com/tutorials/expDev/1.html
3 Fuzzysecurity Part 2: Saved Return Pointer Overflows Tutorial http://www.fuzzysecurity.com/tutorials/expDev/2.html
4 Fuzzysecurity Part 3: Part 3: Structured Exception Handler (SEH) Tutorial http://www.fuzzysecurity.com/tutorials/expDev/3.html
5 Fuzzysecurity Part 4: Egg Hunters Tutorial http://www.fuzzysecurity.com/tutorials/expDev/4.html
6 Fuzzysecurity Part 5: Unicode 0x00410041 Tutorial http://www.fuzzysecurity.com/tutorials/expDev/5.html
7 Fuzzysecurity Part Part 6: Writing W32 shellcode Tutorial http://www.fuzzysecurity.com/tutorials/expDev/6.html
8 SecuritySift Windows Exploit Development – Part 1: The Basics Tutorial https://www.securitysift.com/windows-exploit-development-part-1-basics/
9 SecuritySift Windows Exploit Development – Part 2: StackOverflow Tutorial https://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/
10 SecuritySift Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules Tutorial https://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/
11 SecuritySift Windows Exploit Development – Part 4: Locating Shellcode Jumps) Tutorial https://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/
12 SecuritySift Windows Exploit Development – Part 5: Locating Shellcode Egghunting Tutorial https://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/
13 SecuritySift Windows Exploit Development – Part 6: SHE Exploits Tutorial https://www.securitysift.com/windows-exploit-development-part-6-seh-exploits/
14 SecuritySift Windows Exploit Development – Part 7: Unicode Buffer Overflows Tutorial https://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows/

Network Security

Order Name Type Link
1 Cisco SNMP configuration attack with a GRE tunnel Blog https://www.symantec.com/connect/articles/cisco-snmp-configuration-attack-gre-tunnel
2 Bypassing Cisco SNMP access lists using Spoofed SNMP Requests Blog http://new.remote-exploit.org/index.php/SNMP_Spoof
3 Bypassing Router’s Access Control List (ACL) Blog https://securityshards.wordpress.com/2016/02/05/bypassing-routers-access-control-list-acl/

Misc/Extra

Order Name Type Link
1 Mona.py The Manual Cheatsheet https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/r
2 Windows Reverse Shell Shellcode I log http://sh3llc0d3r.com/windows-reverse-shell-shellcode-i/
3 hellcoding for Linux and Windows Tutorial Blog http://www.vividmachines.com/shellcode/shellcode.html#ws
4 peCloak.py – An Experiment in AV Evasion Tool https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/
5 EggSandwich – An Egghunter with Integrity Tool https://www.securitysift.com/eggsandwich-egghunter-integrity/
6 Live Demo from Backtrack to the MAX 1/5 Tool https://www.youtube.com/watch?v=kwq5VQj3Ils
7 Live Demo from Backtrack to the MAX 2/5 Tool https://www.youtube.com/watch?v=ykfHy2lX88c
8 Live Demo from Backtrack to the MAX 3/5 Tool https://www.youtube.com/watch?v=IWf7UM7qX0M
9 Live Demo from Backtrack to the MAX 4/5 Tool https://www.youtube.com/watch?v=azepnwdVfyU
10 Live Demo from Backtrack to the MAX 5/5 Tool https://www.youtube.com/watch?v=6gmAoW1mtYg
11 CTP/OSCE Scripts Repository https://github.com/h0mbre/CTP-OSCE
12 OSCE-exam-practice Repository https://github.com/epi052/OSCE-exam-practice
13 Vulnserver: Fuzzing and Exploits Repository https://github.com/ricardojoserf/vulnserver-exploits

About

A list of freely available resources that can be used as a prerequisite before taking OSCE.

Resources

Readme
Activity

Stars

234 stars

Watchers

17 watching

Forks

63 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors