OSCE³ Study Guide 
OSWE
Content
- Web security tools and methodologies
- Source code analysis
- Persistent cross-site scripting
- Session hijacking
- .NET deserialization
- Remote code execution
- Blind SQL injections
- Data exfiltration
- Bypassing file upload restrictions and file extension filters
- PHP type juggling with loose comparisons
- PostgreSQL Extension and User Defined Functions
- Bypassing REGEX restrictions
- Magic hashes
- Bypassing character restrictions
- UDF reverse shells
- PostgreSQL large objects
- DOM-based cross site scripting (black box)
- Server side template injection
- Weak random token generation
- XML External Entity Injection
- RCE via database Functions
- OS Command Injection via WebSockets (BlackBox)
Study Materials
- timip-GitHub- Reference guide
- noraj-GitHub - Reference guide
- wetw0rk-Github - Reference guide
- kajalNair-Github - Reference guide
- s0j0hn-Github - Reference guide
- deletehead-Github - Reference guide
- z-r0crypt - Reference guide
- rayhan0x01 - Reference guide
- Nathan-Rague - Reference guide
- Joas Content - Reference guide
- Lawlez-Github - Reference guide
Vulnerabilities (https://github.com/AzyzChayeb)
- XXE Injection
- CSRF
- Cross-Site Scripting Exploitation
- Cross-Site Scripting (XSS)
- Unrestricted File Upload
- Open Redirect
- Remote File Inclusion (RFI)
- HTML Injection
- Path Traversal
- Broken Authentication & Session Management
- OS Command Injection
- Multiple Ways to Banner Grabbing
- Local File Inclusion (LFI)
- Netcat for Pentester
- WPScan:WordPress Pentesting Framework
- WordPress Pentest Lab Setup in Multiple Ways
- Multiple Ways to Crack WordPress login
- Web Application Pentest Lab Setup on AWS
- Web Application Lab Setup on Windows
- Web Application Pentest Lab setup Using Docker
- Web Shells Penetration Testing
- SMTP Log Poisoning
- HTTP Authentication
- Understanding the HTTP Protocol
- Broken Authentication & Session Management
- Apache Log Poisoning through LFI
- Beginner’s Guide to SQL Injection (Part 1)
- Boolean Based
- How to Bypass SQL Injection Filter
- Form Based SQL Injection
- Dumping Database using Outfile
- IDOR
Reviews
- OSWE Review - Portuguese Content
- 0xklaue
- greenwolf security
- Cristian R
- 21y4d - Exam Reviews
- Marcin Szydlowski
- Nathan Rague
- Elias Dimopoulos
- OSWE Review - Tips & Tricks - OSWE Review - Tips & Tricks
- Alex-labs
- niebardzo Github - Exam Review
- Marcus Aurelius
- yakuhito
- donavan.sg
- Alexei Kojenov
- (OSWE)-Journey & Review - Offensive Security Web Expert (OSWE) - Journey & Review
- Patryk Bogusz
- svdwi GitHub - OSWE Labs POC
- Werebug.com - OSWE and OSEP
- jvesiluoma
- ApexPredator
- Thomas Peterson
- NOH4TS
- Alex
- RCESecurity
Extra Content
- OSWE labs - OSWE labs and exam's review/guide
- HTB Machine
- Deserialization
- B1twis3
- jangelesg GitHub
- rootshooter
OSEP
Content
- Operating System and Programming Theory
- Client Side Code Execution With Office
- Client Side Code Execution With Jscript
- Process Injection and Migration
- Introduction to Antivirus Evasion
- Advanced Antivirus Evasion
- Application Whitelisting
- Bypassing Network Filters
- Linux Post-Exploitation
- Kiosk Breakouts
- Windows Credentials
- Windows Lateral Movement
- Linux Lateral Movement
- Microsoft SQL Attacks
- Active Directory Exploitation
- Combining the Pieces
- Trying Harder: The Labs
Study Materials
- https://github.com/chvancooten/OSEP-Code-Snippets
- https://github.com/nullg0re/Experienced-Pentester-OSEP
- https://github.com/r0r0x-xx/OSEP-Pre
- https://github.com/deletehead/pen_300_osep_prep
- https://github.com/J3rryBl4nks/OSEP-Thoughts
- https://github.com/chvancooten/OSEP-Code-Snippets/blob/main/README.md
- https://github.com/aldanabae/Osep
- https://drive.google.com/file/d/1znezUNtghkcFhwfKMZmeyNrtdbwBXRsz/view?usp=sharing
- https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations
Reviews
- https://nullg0re.com/?p=113
- https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
- https://www.youtube.com/watch?v=fA3pkNcGpH0&ab_channel=HackSouth
- https://www.schellman.com/blog/osep-and-pen-300-course-review
- https://cinzinga.com/OSEP-PEN-300-Review/
- https://www.youtube.com/watch?v=iUPyiJbN4l4
- https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/
- https://www.reddit.com/r/osep/comments/ldhc20/osep_review/
- https://www.reddit.com/r/oscp/comments/jj0sr9/offensive_security_experienced_penetration_tester/
- https://www.purpl3f0xsecur1ty.tech/2021/03/18/osep.html
- https://makosecblog.com/miscellaneous/osep-course-review/
- https://www.youtube.com/watch?v=iUPyiJbN4l4&t=1s
- https://www.youtube.com/watch?v=15sv5eZ0oCM
- https://www.youtube.com/watch?v=0n3Li63PwnQ
- https://www.youtube.com/watch?v=BWNzB1wIEQ
- https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
- https://casvancooten.com/posts/2021/03/getting-the-osep-certification-evasion-techniques-and-breaching-defenses-pen-300-course-review/
- https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/
- https://makosecblog.com/miscellaneous/osep-course-review/
- https://davidlebr1.gitbook.io/infosec/blog/osep-review
- https://www.offensive-security.com/offsec/pen300-approach-review/
- https://www.linkedin.com/pulse/osep-study-guide-2022-jo%C3%A3o-paulo-de-andrade-filho/
- https://www.youtube.com/watch?v=R1apMwbVuDs
- https://www.youtube.com/watch?v=iUPyiJbN4l4
- https://corneacristian.medium.com/tips-for-offensive-security-experienced-penetration-tester-osep-certification-92f3801428c3
Labs
- https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
- https://www.exploit-db.com/evasion-techniques-breaching-defenses
- https://noraj.github.io/OSCP-Exam-Report-Template-Markdown/
- https://help.offensive-security.com/hc/en-us/articles/360049781352-OSEP-Exam-FAQ
- https://www.cybereagle.io/blog/osep-review/
- https://pentestlab.blog/category/red-team/defense-evasion/
- https://pentestlab.blog/tag/antivirus-evasion/
- https://pentestlaboratories.com/2021/01/18/process-herpaderping-windows-defender-evasion/
- https://www.youtube.com/watch?v=dS0GcSA7kEw&ab_channel=PentesterAcademyTV
- https://www.youtube.com/watch?v=cqxOS9uQL_c&ab_channel=PacktVideo
- https://www.youtube.com/watch?v=ZaJpDeLvo6I&ab_channel=PentesterAcademyTV
- https://github.com/In3x0rabl3/OSEP
OSED
Content
- WinDbg tutorial
- Stack buffer overflows
- Exploiting SEH overflows
- Intro to IDA Pro
- Overcoming space restrictions: Egghunters
- Shellcode from scratch
- Reverse-engineering bugs
- Stack overflows and DEP/ASLR bypass
- Format string specifier attacks
- Custom ROP chains and ROP payload decoders
Study Materials
- https://github.com/snoopysecurity/OSCE-Prep
- https://github.com/epi052/osed-scripts
- https://www.exploit-db.com/windows-user-mode-exploit-development
- https://github.com/r0r0x-xx/OSED-Pre
- https://github.com/sradley/osed
- https://github.com/Nero22k/Exploit_Development
- https://www.youtube.com/watch?v=7PMw9GIb8Zs
- https://www.youtube.com/watch?v=FH1KptfPLKo
- https://www.youtube.com/watch?v=sOMmzUuwtmc
- https://blog.exploitlab.net/
- https://azeria-labs.com/heap-exploit-development-part-1/
- http://zeroknights.com/getting-started-exploit-lab/
- https://drive.google.com/file/d/1poocO7AOMyBQBtDXvoaZ2dgkq3Zf1Wlb/view?usp=sharing
- https://drive.google.com/file/d/1qPPs8DHbeJ6YIIjbsC-ZPMajUeSfXw6N/view?usp=sharing
- https://drive.google.com/file/d/1RdkhmTIvD6H4uTNxWL4FCKISgVUbaupL/view?usp=sharing
- https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
- https://github.com/wtsxDev/Exploit-Development/blob/master/README.md
- https://github.com/corelan/CorelanTraining
- https://github.com/subat0mik/Journey_to_OSCE
- https://github.com/nanotechz9l/Corelan-Exploit-tutorial-part-1-Stack-Based-Overflows/blob/master/3%20eip_crash.rb
- https://github.com/snoopysecurity/OSCE-Prep
- https://github.com/bigb0sss/OSCE
- https://github.com/epi052/OSCE-exam-practice
- https://github.com/mdisec/osce-preparation
- https://github.com/mohitkhemchandani/OSCE_BIBLE
- https://github.com/FULLSHADE/OSCE
- https://github.com/areyou1or0/OSCE-Exploit-Development
- https://github.com/securityELI/CTP-OSCE
- https://drive.google.com/file/d/1MH9Tv-YTUVrqgLT3qJDBl8Ww09UyF2Xc/view?usp=sharing
- https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1
- https://connormcgarr.github.io/browser1/
- https://kalitut.com/exploit-development-resources/
- https://github.com/0xZ0F/Z0FCourse_ExploitDevelopment
- https://github.com/dest-3/OSED_Resources/
- https://resources.infosecinstitute.com/topic/python-for-exploit-development-common-vulnerabilities-and-exploits/
- https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept/
- https://samsclass.info/127/127_WWC_2014.shtml
- https://stackoverflow.com/questions/42615124/exploit-development-in-python-3
- https://cd6629.gitbook.io/ctfwriteups/converting-metasploit-modules-to-python
- https://subscription.packtpub.com/book/networking_and_servers/9781785282324/8
- https://www.cybrary.it/video/exploit-development-part-5/
- https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-an
- https://help.offensive-security.com/hc/en-us/articles/360052977212-OSED-Exam-Guide
- https://github.com/epi052/osed-scripts
- https://www.youtube.com/watch?v=0n3Li63PwnQ
- https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/
- https://pythonrepo.com/repo/epi052-osed-scripts
- https://github.com/dhn/OSEE
- https://pythonrepo.com/repo/epi052-osed-scripts
- https://github.com/nop-tech/OSED
- https://www.ired.team/offensive-security/code-injection-process-injection/binary-exploitation/rop-chaining-return-oriented-programming
- https://infosecwriteups.com/rop-chains-on-arm-3f087a95381e
- https://www.youtube.com/watch?v=8zRoMAkGYQE
- https://resources.infosecinstitute.com/topic/return-oriented-programming-rop-attacks/
Reviews
- https://www.youtube.com/watch?v=aWHL9hIKTCA
- https://www.youtube.com/watch?v=62mWZ1xd8eM
- https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/
- https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/
- https://animal0day.blogspot.com/2018/11/reviews-for-oscp-osce-osee-and-corelan.html
- https://addaxsoft.com/blog/offensive-security-advanced-windows-exploitation-awe-osee-review/
- https://jhalon.github.io/OSCE-Review/
- https://www.youtube.com/watch?v=NAe6f1_XG6Q
- https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-and
- https://blog.kuhi.to/offsec-exp301-osed-review
- https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/
- https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-and/
- https://www.youtube.com/watch?v=NAe6f1_XG6Q
Labs
- https://github.com/CyberSecurityUP/Buffer-Overflow-Labs
- https://github.com/ihack4falafel/OSCE
- https://github.com/nathunandwani/ctp-osce
- https://github.com/firmianay/Life-long-Learner/blob/master/SEED-labs/buffer-overflow-vulnerability-lab.md
- https://github.com/wadejason/Buffer-Overflow-Vulnerability-Lab
- https://github.com/Jeffery-Liu/Buffer-Overflow-Vulnerability-Lab
- https://github.com/mutianxu/SEED-LAB-Bufferoverflow_attack
- https://my.ine.com/CyberSecurity/courses/54819bbb/windows-exploit-development
- https://connormcgarr.github.io/browser1/
- https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1
- https://pentestmag.com/product/exploit-development-windows-w38/
- https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/#:~:text=Stack%20buffer%20overflow%20is%20a,of%20the%20intended%20data%20structure.
- https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/
- https://www.exploit-db.com/exploits/42928
- https://www.exploit-db.com/exploits/10434
- https://ocw.cs.pub.ro/courses/cns/labs/lab-08