Updated OSCP Prep

Here is my Updated OSCP Prep

Learn Python:

Pick 1 of 2 below
1. Codeacademy https://www.codecademy.com/learn/learn-python
2. https://learnpythonthehardway.org/

Apply Python to Pentesting
https://www.amazon.ca/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

Learn Pentesting:
Georgia Weidman Pen- Testing Course (Book and Video go together)
1.Video Course - https://www.cybrary.it/course/advanced-penetration-testing/
2. Book - https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Master Pentesting and Practice in Lab Environment

Pentesting Course with 30 Hands on Labs in a Virtual Lab (covers most if not all the OSCP Material)
https://www.virtualhackinglabs.com/?courses=penetration-testing



Master BufferOverflow with below resources



Learn BufferOverflow - Credit to - JUZ P3NT3$T Hashim Shaikh

Go over First:
0x0 Exploit Tutorial: Buffer Overflow – Vanilla EIP Overwrite
It explain buffer overflow in details.
Secondly use Exploit research Megaprimer
http://www.securitytube.net/groups?operation=view&groupId=7
Las setup lab and practiced buffer overflow. I wrote 2 of such buffer overflow exploit on my blog:
EchoServer (Strcpy) bufferoverflow Securitytube Exploit research Megaprimer
Minishare 1.4.1 Bufferoverflow

Buffer Overflow - Credit to A Detailed Guide on OSCP Preparation – From Newbie to OSCP » Checkmate
Buffer overflow is a very important concept you should practice. Because, if you are good at exploiting buffer overflows, you are sure to get the maximum point machine in the practical exam. But don’t worry if you know nothing about buffer overflows. The following steps will make you not only understand the concept of a buffer overflow, but you can also do it by yourself.1. A quick intro on buffer overflow.https://www.youtube.com/watch?v=1S0aBV-WaeoWhat is Buffer Overflow? (very clearly explained). After watching this video, you will get an idea on the concept behind buffer overflow. Also, will increase your urge on learning buffer overflow.2. Assembly language primer by Vivek Ramachandran. http://www.securitytube.net/groups?operation=view&groupId=5Don’t get bored after seeing Assembly language. Just go through the first 2 videos in this video series. That is enough for understanding the memory layout.3. Buffer Overflow Megaprimer by Vivek Ramachandran. http://www.securitytube.net/groups?operation=view&groupId=4.In-depth video of buffer overflow where its explained in a very detailed way.4. Exploit Research Megaprimer by Vivek Ramachandran. http://www.securitytube.net/groups?operation=view&groupId=7Real-time Exploitation of buffer overflow which will be very interesting, where exploitation is explained in stepwise clearly. You can even try it yourself as mentioned in the video for your practice. It’s enough to go through first 5 videos. SEH Based buffer overflow is not required for OSCP.If you follow the above steps, you will be able to do exploitation with buffer overflow by yourself 100%.Many people shy away from preparing for buffer overflows because it helps to exploit only one machine in the exam. But still, it’s a very important and interesting concept. I have seen many people failing because of improper preparation on buffer overflows. Moreover, OSCP is not the target. All the things you learn here is for the real world.

Comments

  • ITSpectreITSpectre Member Posts: 1,040 ■■■■□□□□□□
    thanks for this.... I will use this in my OSCP studies
    In the darkest hour, there is always a way out - Eve ME3 :cool:
    “The measure of an individual can be difficult to discern by actions alone.” – Thane Krios
  • LonerVampLonerVamp Member Posts: 518 ■■■■■■■■□□
    Don't overthink this too much. OSCP is considered entry level as far as pen testing goes. You don't need more than an understanding of general programming and some exposure to Python. You also don't need much exposure at all to Buffer Overflows.

    Security Engineer/Analyst/Geek, Red & Blue Teams
    OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
    2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs?
Sign In or Register to comment.