What is the OSCP?

• https://www.offensive-security.com/pwk-oscp/
  • Earned upon completion of:
  • Self-paced PEN-200 course
  • 23.75 hours simulated penetration test
  • You will learn:
    • How to think like an attacker
    • Tools and methods used by attackers

Major Changes

What Skills Should I Have for the OSCP?

• Most people want to learn how to hack in as little time as possible
• I mean it sincerely when I say this:
  • There are no shortcuts, no secrets
  • No one is gatekeeping
  • Accept that it's going to take time and work
  • Learn the key skills now before you form bad habits
• You will thank yourself later when:
  • You know how the attacks work at multiple layers
  • You know how to detect attacks at multiple layers

Required Skill Areas

• Operating Systems
• Networking
• Web
• Programming

How They Apply to the OSCP

Free Training Resources

I am maintaining a list of free training resources on these topics at this page, and will continue to add to it as I come across more quality links.

Free IT and Cybersecurity Resources

I will try to keep this list continuously updated with training and informational resources for different areas that could benefit students and professionals of cybersecurity and IT

0xBEN0xBEN

Should I Get Other Certs First?

People have asked me about getting certifications such as the A+, Network+, and Security+ in preparation for the OSCP. And the true answer to that question is, "It depends."

Certifications can be expensive and time-consuming and there are often costs to keep them current.

Weighing the Pros and Cons

I've been in this position before. The idea of certifications is appealing, because they give you structure on what to study from start to finish.

However, certifications can be expensive and time-consuming, so I would narrow it down to this if you're trying to decide on whether to pay for a certification or not:

Search for the certification on some job sites like LinkedIn or Indeed.

• Is there high demand for the certification?
• Are the jobs in the results something you'd consider applying to?
  • If yes:
    • Then, it may be worth obtaining the certification
  • If no:
    • Then, you could study the certification materials and skip the exam

Curiosity: The Most Important Attribute

This is the single biggest requirement to becoming a successful hacker. You need to have the mentality of:

• What if ________ ?
• What would happen if I ________ ?
• I wonder what caused ________ to happen.
• I don't know what ________ is. Let me research it.

To the curious, nothing is inconsequential. Hackers want to understand how things work, how things are controlled, and how those control systems can be manipulated in unintended ways.

Learn to Break the Rules (Ethically)

Imagine you are looking at an application. You see an input box. The input box says that you may only enter alphanumeric characters. Your curiosity should kick in here. What would happen if you input a special character or an emoji? What would happen if you input 1,000 "A" characters?

Learn to Love Research

Your first instinct – when you encounter something you don't know – should be to do some research on Google, Reddit, or other areas of the Internet. There's a good chance someone on the Internet has already asked about it or written about it.

Google Dorks

Google's search has operators that can be used to return very specific results when performing a search.

Google Search Operators: 40 Commands to Know in 2022 (Improve Research, Competitive Analysis, and SEO)

Google search operators make searching for things online so much better. Once you’ve mastered just a few of these special commands, you’ll wonder how you

KinstaMatteo Duò

Google Hacking Database

This is a list of Google Dorks used by the community to find vulnerabilities or misconfigurations.

Offensive Security’s Exploit Database Archive

The GHDB is an index of search queries (we call them dorks) used to find publicly available information, intended for pentesters and security researchers.

Exploit Database

Learning How to Hack

Put briefly, two things will make you a better hacker:

• Experience
• Time

This is true for any profession or hobby, really. The more experience you gain related to a particular subject matter, the better at it you will you become.

If you're just starting out, be patient and accept that for you to get better at hacking and security research is just a matter of gaining experience over time.

How to Learn Real Hacking

• There is no one path to becoming a hacker or security professional
• The highly respected LiveOverflow talks about his journey
  HTML > VBS > Webdev > PHP > CSS > JS > MySQL > SQLi > Android Dev > Google Wave > Computer Science > Linux > HackerSpace > Arduino > CTFs

How the Best Hackers Learn Their Craft

• A Carnegie Mellon professor discusses how to grow your hacking skills
• DELIBERATE practice, autodidacticism (self-initiated learning), creativity
• Don’t shut down when you don’t understand (Google keywords in the problem)
• CTFs are critical to skill growth (HackTheBox, TryHackMe, etc)

Pentesting Methodology

• It is important to follow proven methodologies when conducting a penetration test, even when doing CTFs
• The Penetration Testing Execution Standard (PTES) and Penetration Testing Framework (PTF) detail the core steps of a penetration test

Applying it to CTFs

Getting Hands-On Experience

Knowledge without practice is useless. Practice without knowledge is dangerous.

– Confucius

Key Point for the OSCP

OSCP-Like Boxes List

This is a huge list of targets that will give you a similar experience to something you'd see in the OSCP (not identical). You'll see targets in these categories:

• Vulnhub (homelab, self-hosted)
• Proving Grounds (hosted)
• HackTheBox (hosted)

NetSecFocus Trophy Room - Google Drive

Google Drive

Hosted Services

Pros

• Lab and environment are already set up for you
• Just bring your Kali VM and get to work
• Some services also offer a pre-made Kali attack box for convenience

Cons

• Most will require a fee to use extended features
• If you use the provided attack box, you're going to miss out on valuable experience setting up and maintaining your Kali VM

Some Providers

• HackTheBox
• TryHackMe
• Offensive Security Proving Grounds
• Root-Me
• Virtual Hacking Labs
• 247CTF
• picoCTF

Home Lab

Guides I've Written

How to Start Your Home Lab

How to Start Your Home Lab

In this post, I cover the perks of running a home lab, scouting for equipment, and home lab design.

0xBEN0xBEN

• One of the single greatest way to develop core IT skills
• Systems/Network administration and break-fix are easily some of the best ways to learn the attack surface of IT systems

Building a Security Lab in VirtualBox

Building a Security Lab in VirtualBox

In this project, we we will take a look at an in-detail process of setting up an entry-level cybersecurity lab using VirtualBox

0xBEN0xBEN

• VirtualBox is a free and open-source type 2 hypervisor
• If you're new to virtualization, this is the best place to start
• This guide is great for beginners and you'll get plenty of hands on experience with systems and networking

Building a Security Lab in Proxmox

Proxmox VE 8: Converting a Laptop into a Bare Metal Server

In this project, we will take a look at an in-detail process of setting up a Proxmox home lab on a bare metal server.

0xBEN0xBEN

• Proxmox is a free and open-source type 1 hypervisor
• The Proxmox guide is going to require separate server hardware
• Proxmox has far more advanced capabilities than VirtualBox or VMware Workstation and would be a great logical next step once you've gotten comfortable with something like VirtualBox

Developing an Attack Methodology

First Things First

Building Momentum

Developing an attack methodology is usually the most difficult part for beginners, as it can be overwhelming when you're staring at your first nmap scan and trying to figure out what to pick at first.

The key is to get some momentum by starting with the low-hanging fruit. Just start analyzing ports. Look at the service banners in the nmap output and try to figure out what's running on a specific port. Some examples of "easier" services to get started with are:

• File Servers
  • Protocols
    • FTP
    • SMB
  • Why they're good starters
    • Can sometimes allow anonymous authentication
    • Are great places to enumerate more information for later
• HTTP
  • Why it's a good starter
    • Easy to assess, just open your web browser
    • Use a tool like gobuster to spider the web server
    • Other directories and files may offer additional avenues

My CTF Methodology

CTFs are there to teach you about computer vulnerabilities and train you to think like an attacker, like a person trying to bypass control systems.

My CTF Methodology

In this post, I examine the steps I take to approach a typical CTF in the form of a vulnerable target, and elaborate on steps at each phase.

0xBEN0xBEN

Notes: Your Key to Success

Taking good notes is your key to success with hacking. Not only from a learning perspective where you're documenting what you're learning, but you also need to take thorough notes while you're assessing a target, so you can keep track of important details and screenshots.

If you ask online, you’re going to get bombarded with all kinds of opinions on the best app. Everyone has their favorite, so find what works best for you!

Note-Taking Products

Local Notes + Sync

• Obsidian + GitHub or other sync solution
• Trillium + Sync Server
• Joplin + Dropbox
• Microsoft Word + OneDrive

Web-Based Notes Platforms

• Notion
• GitBook
• Microsoft OneNote
• Google Docs
• SimpleNote
• BookStack (Self-Hosted)
• Wiki.js (Self-Hosted)

Note-Taking Methodology

Keep your educational notes succinct and searchable, so that the information you need is readily available at a moment’s notice. Your write-ups can be more verbose, since you may want to add more context.

Write-Ups

• Your write-ups for various challenges (Windows, Linux, Web, Binaries, etc.)
• Have a template that you can clone and fill out as you move through the challenge
• Consider having a scratch pad where you can copy/paste before the final draft
• Keep these notes in their own category
• Some concepts may transfer to educational notes

Learning

• Short, concise summaries
• Memorable trivia
• Commands
• Code snippets
• Diagrams – https://draw.io (free)
• Etc.

Roadmap to OSCP

This assumes you're a complete beginner, so you can start at whichever step in the roadmap suits your skill level:

Core Skills Checklist

This is not an exhaustive list of everything you need to know, but it should be a good basis of determining your proficiency.

Hands-On Practice

Develop Your Attack Methodology

TryHackMe

HackTheBox Academy

Active Directory

• Get comfortable with the Active Directory exploit chain
• Active Directory is just an extension of Windows fundamentals
  • You'll need your Windows methodologies
  • And, you'll need to understand the core function of Active Directory

Dealing with Impostor Syndrome

When it comes to computer security – and really any other profession – you are always going to encounter people that make you second-guess yourself. It’s important to stay focused on your journey and stay motivated.

• Remember, when you see someone very skilled:
  • You're seeing a person at a snapshot in time
  • You're not seeing how long it took them to get to this point
• Some people just learn faster than others (and that's OK)
• The only comparison to make is your current self versus your past self
  • Do I sometimes feel inadequate when comparing myself with others? Yes!
  • Have I made progress more quickly than I thought I would? Also, yes!
• There's a lot to learn and there will always be new things to learn
• Be kind to yourself and remember to give yourself time to relax too

More Pages to Check Out

Penetration Tester Job Role Path | HTB Academy

The Penetration Tester Job Role Path is for newcomers to information security who aspire to become professional penetration testers. This path covers core se…

HTB Academy LogoHTB Academy

Introduction · Total OSCP Guide

sushant747

The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0

Table of Contents: Overview Dedication A Word of Warning! Section 1: General Course Information Section 2: Getting Comfortable with Kali Linux Section 3: Linux Command Line Kung-Fu Section 4: Essential Tools in Kali Section 5: Getting Started with Bash Scripting Section 6: Passive Reconnaissance Section 7: Active Reconnaissance Section 8: Vulnerability Scanning Section 9: Web Application Attacks Section 10: Buffer Overflows for Windows and Linux Section 11: Client-Side Attacks Section 12: Working with Public Exploits Section 13: Transferring Files to your target Section 14: Antivirus Bypassing Section 15: Privilege Escalation Section 16: Password Cracking Section 17: Port Redirection and Pivoting Section 18: Active Directory Attacks Section 19: Metasploit Framework Section 20: PowerShell Empire Extra Resources Setting up your Pentesting Environment Wargames/Hands-on Challenges Capture the Flag Competitions (CTFs)/Cyber Competitions Bug Bounty Programs Vulnerable Machines Tips to participate in the Proctored OSCP exam Other Resources Conclusion

NetSec Focustjnull