Giter VIP home page Giter VIP logo

rednv / pen300 Goto Github PK

View Code? Open in Web Editor NEW

This project forked from bravery9/pen300

0.0 0.0 0.0 266.88 MB

Repository for doing pen300 exercises

Shell 2.90% JavaScript 0.56% C++ 12.68% Python 0.57% C 1.07% PHP 2.62% Go 0.01% C# 0.40% Assembly 0.35% Rust 0.01% PowerShell 77.06% CSS 0.19% Makefile 0.80% HTML 0.33% Batchfile 0.03% EJS 0.16% Less 0.13% SCSS 0.13% Visual Basic .NET 0.01% VBScript 0.01%

pen300's Introduction

pen300

A repo for pen300 prep.

DISCLAIMER: THIS REPO CONTAINS CODE THAT MAYBE FLAGGED AS MALWARE BY WINDOWS DEFENDER. PEN300 is about malware evasion techniques. what else did you expect? :) ITS BETTER TO ADD EXCLUSIONS FOR THIS FOLDER BEFORE OPENING THE REPO IF YOU KNOW WHAT YOU ARE DOING.

Repository for doing pen300 exercises. Need to start with book.

Will add multiple folders for various blogs/ resources.

Look inside book folder for more info.

Also what about this tweet

https://twitter.com/C5pider/status/1555256779553906694

ON reddit about OSEP

https://www.reddit.com/r/osep/comments/uwv0k1/failed_with_2_flags_but_im_hopeful/

Cant go over specifics regarding any vulnerabilities but I do have tips that should increase your chances of success, keeping this as spoiler free as possible per the academic policy:

Automate as much of your tooling as possible. This includes things like building stagers, standing up your c2, generating certificates, network enumeration (ideally supporting socks), etc. The lab environment is hard enough so try to minimize as much repetitive tasks as possible. You live or die based on your tooling.

If you cant bypass AV, you might want to wait before taking the exam. You will more than likely fail. Make sure you practice AV evasion and make good, vetted stagers. Once you're sure your stuff passes AV, then you're ready to attempt the exam.

Don't expect the scenario to match the challenges at all. I cannot stress this enough. While the challenges are good practice, you're setting yourself up for failure if you use that as your only means of preparation. Regarding this point, the exam felt like a bait and switch when compared to the course material.

Regarding environments that are similar to the scenarios, I would suggest cybernetics, or the offensive security proving grounds network exercises.

Test your tooling on multiple different kinds of windows devices. Just because your tool works on Windows XX does not mean it will work on Windows Server XXXX.

Make sure you're very familiar with Lolbas, which are lightly mentioned but not covered too in depth in the course: https://lolbas-project.github.io/

Bearing point 3 in mind, enumerate like crazy. I can't stress this point enough.

Be very familiar with testing remote code in a blind context. Remember, anything that produces network traffic like ping, curl, Active X components, powershell iwr, etc. are your friend.

Don't make assumptions about what endpoint protections are being used on a given machine. Enumerate as much as you can, blindly if you have to

pen300's People

Contributors

fanbyprinciple avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.