Giter VIP home page Giter VIP logo

oscp-prep's Introduction

OSCP-Prep

I created this repo as a resource for people wanting to learn more about penetration testing. Whether you are looking at getting into the into the information security field, preparing for the Penetration Testing with Kali Linux course, studying for OSCP exam, or just needing a refresher. Here you will find information I’ve gathered from a number of resources on various topics. Please let me know if anything is incorrect, or if there is something you would like to see.

Formats: OneNote, Word, and PDF

Outline:

  1. Introduction - Fundamentals and basics of different topics like networking, databases, web applications, commands, etc.
  • Windows
  • Linux
  • Networking
  • Web Application Basics
  • Services and Ports
  • File Transfers
  • Python Fundamentals
  • C# Fundamentals
  • TCPdump
  • Powershell
  • Wireshark
  • Packet Crafting Tools
  • FTP
  • SQL
  • YouTube Playlist
  1. Databases
  • SQL
  • IIS
  • IIS Web Server
  • MySQL
  1. Kali Tools
  • IP Tables
  • Tools
  • Bettercap
  • Masscan
  • SQL Injection Tools
  • Mimikatz
  • Wordlists
  • SecLists
  • Arp-scan
  • Dmitry
  • Dnsmap
  • DNSRecon
  • Dnswalk
  • dotDotPwn
  • Enum4Linux
  • GoLismero
  • Ident-user-enum
  • Nikto
  • Nmap
  • Recon-ng
  • SMBMap
  • Smtp-user-enum
  • Snmp-check
  • Sparta
  • SSLyze
  • theHarvester
  • Unicornscan
  • Openvas
  • Oscanner
  • Armitage
  • BeEF
  • Exploitdb
  • Maltego
  • Metasploit
  • Dirb
  • DirBuster
  • Gobuster
  • W3af
  • WebSlayer
  • WhatWeb
  • WPScan
  • XSSer
  • Bettercap
  • Ncat
  • Weevely
  1. Penetration Testing Methodology
  • SANS Penetration Testing
  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Penetration Testing Methodologies and Standards(PTES)
  • NIST 800-15
  • OWASP Testing Guide
  • Pen Testing Framework
  1. Planning and Scope
  • Planning
  • Scope
  • Intel Gathering
  • Network Topology
  1. Recon, Scanning, Enumeration
  • Recon
    • DNS
    • Whois
    • Social Media
    • Web Search
    • GHDB / Google
    • Nslookup
    • Shodan
  • Recon-ng
  • Passive Scanning
  • Active Scanning
  • Enumeration, Enumeration, Enumeration!
  • Web Applications
  • SQL
  • Network
  • Services and Ports
  • Commands
  • SMB
  • FTP
  • SSH
  • SNMP
  • SMTP
  • Other
  • TCP Dump
  • Cheatsheets and Checklists
  • Firewalls and AV Evasion
  1. Exploitation
  • Introduction
  • Searching for Vulnerabilities
    • Searchsploit
    • Exploit-db
  • Vulnerabilities Analysis
  • Editing and Fixing Vulnerabilities
  • Fuzzing
  • Shells
  • Metasploit Framework
  • Exploit Format
  • Writing an Exploit
  • Other
  1. Post Exploitation
  • Introduction
  • Privilege Escalation
    • Windows
    • Linux
  • Transferring Files
  • Pivoting
  • Tunneling
  • Passing the Hash
  • Port Forwarding
  • Metasploit
  • Pilfer and Plunder
  1. Web Application
  • Introduction/Overview
    • Glossary of Terms
  • OWASP
  • Basics of Web Application Penetration Testing
  • Web Application Services
  • Tools
  • What to use and when
  • Burp Suite (And Extensions)
  • OWASP ZAP
  • XSS
  • SQL Injection
  • CSRF
  • Directory Indexing
  • Directory Traversal/Path Traversal
  • SQL Injection
  • Cookies and Manipulate Sessions
  • Security Misconfigurations
  • Redirects and Forwards
  • Bypassing Authorization
  • Sensitive Data Exposure
  • Token Generation and Manipulation
  • Hidden Form Fields
  • Code Injection
  • OS Command Injection
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • Log Analysis
  • HTTPonly Cookie
  • W3af
  • SQLMap Commands and Examples
  • SQL Injection Tools
  • More Attack Examples and How To
  • More Attacks
  1. Web Application Vulnerabilities
  • Buffer Overflow
  • CRLF Injection
  • Cross Site Scripting Flaw
  • CSV Injection
  • Deserialization of Untrusted Data
  • Directory Restriction Error
  • Heartbleed Bug
  • Improper Data Validation
  • Insecure Transport
  • Memory Leak
  • Missing Error Handling
  • Missing XML Validation
  • .NET Vulnerability Research
  • Password Plaintext Storage
  • PHP File Inclusion
  • PHP Objection Injection
  • Session Variable Overloading
  • Undefined Behavior
  • XML External Entity
  • Configuration Vulnerability
  • Error Handling Vulnerability
  • General Logic Vulnerability
  • Input Validation Vulnerability
  • Path Vulnerability
  • Session Management Vulnerability
  1. Report Preparation and Notes
  • Report Content
  • Information
  • Reporting Tools
    • Cherrytree
    • Dradis
    • agicTree
    • Metagoofil
  • Common Problems in Report Writing
  • Note Taking Tips and Tools
  • Templates
  1. Walkthroughs
  • Jerry
  • Nightmare
  • Waldo
  • Active
  • Hawk
  • Tartar Sauce
  • Bastard
  • Dropzone
  • Bounty
  • DevOops
  • Olympus
  • Sunday
  • Gemini Inc 2
  • Canape
  • Stratosphere
  • Celestial
  • Minon
  • Holiday
  • Silo
  • Bart
  • Valentine
  • Ariekei
  • Cronos
  • Beep
  • Legacy
  • Sense
  • Solid State
  • Apocalyst
  • Mirai
  • Blue
  • Lame
  • Blocky
  • Kioptrix
  • pWnOs
  • Xeres – Vulnhub
  • Fulcrum
  • Posion
  • Aragog
  • Tally
  • Grandpa/Grandma
  • Mr. Robot
  • TrOll – Vulnhub
  • Temple of Doom – Vulnhub
  • Bulldog – Vulnhub
  • Brainpan – Vulnhub
  • Lazy
  • OWASP Mantra Browser
  1. Tools
  • Reconnoitre
  • Bloodhound
  • Responder
  • VHostScan
  • Vanquish
  • Rapidscan
  • Rpivot
  • SILENTTRINITY
  • CyberChef
  • Nishang
  • DNSStuff
  • Veil Evasion
  1. Password Attacks
  • Password Cracking Tools
  • Other Password Tools
  • User and Password Lists
  1. Python Scripts
  • Useful scripts
  1. Resources
  • Blogs
  • Walkthroughs
  • Github Repositories
  • Subreddits
  • Useful Reddit Posts
  • Twitter
  • Books
  • Other
    • Tmux and Terminator

oscp-prep's People

Contributors

rustyshackleford221 avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.