• Stars
    star
    518
  • Rank 85,414 (Top 2 %)
  • Language
  • License
    Apache License 2.0
  • Created over 2 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

My OSCP Pre-Preparation Phase. I'm not sure if I'll be able to afford the exam but what count's trying and learning things. I'm gonna give it a try. [Start Date: 21st March 2022]

visitor badge

Note: These are my notes for personal reference!

๐Ž๐’๐‚๐ ๐๐ซ๐ž-๐๐ซ๐ž๐ฉ๐š๐ซ๐š๐ญ๐ข๐จ๐ง ๐๐ฅ๐š๐ง ๐š๐ง๐ ๐๐จ๐ญ๐ž๐ฌ

  • 21st March 2022 : Start Date
  • 19th Sept 2022 : Expected End Date
  • 180 days : Goal

โ ๐“๐š๐›๐ฅ๐ž ๐จ๐Ÿ ๐‚๐จ๐ง๐ญ๐ž๐ง๐ญ๐ฌ

  • Resources:

๐๐ซ๐ž-๐ซ๐ž๐ช๐ฎ๐ข๐ฌ๐ข๐ญ๐ž๐ฌ

Update (16th Oct 2022): 

One of the above python course wasn't available anymore. But you can use waybackmachine to access it again.

A quick tip for any broken link that might exist here in this repository:
- Use Wayback machine
Thoughts:

`Learn python 3 the hard way` is the best book for python according to me!
Estimated Time: 24 hours

๐†๐ž๐ญ๐ญ๐ข๐ง๐  ๐‚๐จ๐ฆ๐Ÿ๐จ๐ซ๐ญ๐š๐›๐ฅ๐ž ๐ฐ๐ข๐ญ๐ก ๐Š๐š๐ฅ๐ข ๐‹๐ข๐ง๐ฎ๐ฑ

  • Should learn (imp):
- man
- apropos
- ls
- cd
- pwd
- mkdir
- rm
- which
- locate
- find
- ssh
- grep
- apt

Estimated Time: 8 hours

๐‚๐จ๐ฆ๐ฆ๐š๐ง๐ ๐‹๐ข๐ง๐ž ๐…๐ฎ๐ง

  • Should learn:
- Environment Variables in Bash
- grep
- awk
- cut
- sed
- comm
- diff
- vimdiff
- ping
- bg
- fg
- jobs
- kill
- ps
- wget
- curl
- axel
  • Text Editors you should be familiar with:
- nano
- vi(m)
Excepted time (without practice): 12 hours 

๐๐ซ๐š๐œ๐ญ๐ข๐œ๐š๐ฅ ๐“๐จ๐จ๐ฅ๐ฌ

  • Official Syllabus Tools
- Netcat
- Socat
- Powershell
- Powercat
- Wireshark
- Tcpdump
  • Enumeration
AutoRecon โ€” https://github.com/Tib3rius/AutoRecon
nmapAutomator โ€” https://github.com/21y4d/nmapAutomator
Reconbot โ€” https://github.com/Apathly/Reconbot
Raccoon โ€” https://github.com/evyatarmeged/Raccoon
RustScan โ€” https://github.com/RustScan/RustScan
BashScan โ€” https://github.com/astryzia/BashScan
  • Web Related
Dirsearch โ€” https://github.com/maurosoria/dirsearch
GoBuster โ€” https://github.com/OJ/gobuster
Recursive GoBuster โ€” https://github.com/epi052/recursive-gobuster
wfuzz โ€” https://github.com/xmendez/wfuzz
goWAPT โ€” https://github.com/dzonerzy/goWAPT
ffuf โ€” https://github.com/ffuf/ffuf
Nikto โ€” https://github.com/sullo/nikto
dirb โ€” https://tools.kali.org/web-applications/dirb
dirbuster โ€” https://tools.kali.org/web-applications/dirbuster
feroxbuster โ€” https://github.com/epi052/feroxbuster
FinalRecon โ€” https://github.com/thewhiteh4t/FinalRecon
  • Network tools:
Impacket (SMB, psexec, etc) โ€” https://github.com/SecureAuthCorp/impacket
  • File Transfers:
updog โ€” https://github.com/sc0tfree/updog
  • Wordlists:
SecLists โ€” https://github.com/danielmiessler/SecLists
  • Payload Generators:
Reverse Shell Generator โ€” https://github.com/cwinfosec/revshellgen
Windows Reverse Shell Generator โ€” https://github.com/thosearetheguise/rev
MSFVenom Payload Creator โ€” https://github.com/g0tmi1k/msfpc
  • Php reverse shell:
Windows PHP Reverse Shell โ€” https://github.com/Dhayalanb/windows-php-reverse-shell
PenTestMonkey Unix PHP Reverse Shell โ€” http://pentestmonkey.net/tools/web-shells/php-reverse-shell
  • Terminal Related:
tmux โ€” https://tmuxcheatsheet.com/ (cheat sheet)
tmux-logging โ€” https://github.com/tmux-plugins/tmux-logging
Oh My Tmux โ€” https://github.com/devzspy/.tmux
screen โ€” https://gist.github.com/jctosta/af918e1618682638aa82 (cheat sheet)
Terminator โ€” http://www.linuxandubuntu.com/home/terminator-a-linux-terminal-emulator-with-multiple-terminals-in-one-window
vim-windir โ€” https://github.com/jtpereyda/vim-windir
  • Exploits:
Exploit-DB โ€” https://www.exploit-db.com/
Windows Kernel Exploits โ€” https://github.com/SecWiki/windows-kernel-exploits
AutoNSE โ€” https://github.com/m4ll0k/AutoNSE
Linux Kernel Exploits โ€” https://github.com/lucyoa/kernel-exploits
  • Password Brute Forcer:
BruteX โ€” https://github.com/1N3/BruteX
Hashcat โ€” https://hashcat.net/hashcat/
John the Ripper โ€” https://www.openwall.com/john/
  • Post Exploitation / Privilege Escalation
LinEnum โ€” https://github.com/rebootuser/LinEnum
linprivchecker โ€”https://www.securitysift.com/download/linuxprivchecker.py
Powerless โ€” https://github.com/M4ximuss/Powerless
PowerUp โ€” https://github.com/HarmJ0y/PowerUp
Linux Exploit Suggester โ€” https://github.com/mzet-/linux-exploit-suggester
Windows Exploit Suggester โ€” https://github.com/bitsadmin/wesng
Windows Privilege Escalation Awesome Scripts (WinPEAS) โ€” https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS
CHECK THE VERSION NUMBER!!! Linux Privilege Escalation Awesome Script (LinPEAS) โ€” https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
GTFOBins (Bypass local restrictions) โ€” https://gtfobins.github.io/
Get GTFOBins โ€” https://github.com/CristinaSolana/ggtfobins
sudo_killer โ€” https://github.com/TH3xACE/SUDO_KILLER
WADComs โ€” https://wadcoms.github.io/
LOLBAS โ€” https://lolbas-project.github.io/
  • Buffer Overflow Practice
Vulnserver for Windows โ€” https://github.com/stephenbradshaw/vulnserver
Vulnserver for Linux โ€” https://github.com/ins1gn1a/VulnServer-Linux
Tib3rius TryHackMe BOF โ€” https://tryhackme.com/jr/bufferoverflowprep
  • Privilege Escalation Practice
Local Privilege Escalation Workshop โ€” https://github.com/sagishahar/lpeworkshop
Linux Privilege Escalation โ€” https://www.udemy.com/course/linux-privilege-escalation/
Windows Privilege Escalation โ€” https://www.udemy.com/course/windows-privilege-escalation/
Expected Tools Overview: 12 hours

๐๐š๐ฌ๐ก ๐’๐œ๐ซ๐ข๐ฉ๐ญ๐ข๐ง๐ 

Expected Time: 4 hours

๐๐š๐ฌ๐ฌ๐ข๐ฏ๐ž ๐ˆ๐ง๐Ÿ๐จ๐ซ๐ฆ๐š๐ญ๐ข๐จ๐ง ๐†๐š๐ญ๐ก๐ž๐ซ๐ข๐ง๐ 

- Website Recon
- Whois Enumeration
- Google hacking : https://www.exploit-db.com/google-hacking-database
- Netcraft
- Recon-ng : https://github.com/lanmaster53/recon-ng
- Open source code
- Shodan
- Security Headers Scanner
- SSL Server Test
- Pastebin
- User information Gathering
- Email Harvesting
- Stack Overflow
- OSINT Framework
- Maltego
Expected time: 30 mins

๐€๐œ๐ญ๐ข๐ฏ๐ž ๐ˆ๐ง๐Ÿ๐จ๐ซ๐ฆ๐š๐ญ๐ข๐จ๐ง ๐†๐š๐ญ๐ก๐ž๐ซ๐ข๐ง๐ 

- DNS Enumeration
  - Forward Lookup
  - Reverse Lookup
  - DNS Zone Transfers
  - Tools:
    - DNSrecon
    - DNSenum
- Port Scanning
  - TCP Scanning
  - UDP Scanning
  - Nmap: 
    - https://nmap.org/book/toc.html
    - https://www.amazon.com/Nmap-Network-Scanning-Official-Discovery/dp/0979958717
    - https://blog.zsec.uk/nmap-rtfm/
  - Masscan
- SMB Enumeration
- NFS Enumeration
- SMTP Enumeration
- SNMP Enumeration
Expected Time: 12 hours

๐•๐ฎ๐ฅ๐ง๐ž๐ซ๐š๐›๐ข๐ฅ๐ข๐ญ๐ฒ ๐’๐œ๐š๐ง๐ง๐ข๐ง๐ 

- Vulnerability Scanning using Nessus
- Vulnerability Scanning using Nmap
Expected Time: 4 hours

๐–๐ž๐› ๐€๐ฉ๐ฉ๐ฅ๐ข๐œ๐š๐ญ๐ข๐จ๐ง ๐€๐ญ๐ญ๐š๐œ๐ค๐ฌ

  • Web Tools:
- DIRB: http://dirb.sourceforge.net/
- Dirsearch: https://github.com/maurosoria/dirsearch
- Dirbuster: https://tools.kali.org/web-applications/dirbuster
- Gobuster: https://github.com/OJ/gobuster
- Wfuzz: https://github.com/xmendez/wfuzz
- ffuf: https://github.com/ffuf/ffuf
- Burpsuite
- Nikto
- HTTPIe https://httpie.io/
  • Practice:
Expected Time: 30 days

๐๐ฎ๐Ÿ๐Ÿ๐ž๐ซ ๐Ž๐ฏ๐ž๐ซ๐Ÿ๐ฅ๐จ๐ฐ

  • Blogs:
  • Practice:
1. https://tryhackme.com/room/oscpbufferoverflowprep
2. protostar on vulnhub
3. vulnserver
4. Brainpan on vulnhub
5. warFTP
6. miniserv
7. https://overthewire.org/wargames/behemoth/
8. https://overthewire.org/wargames/narnia/
9. Brainpan 1: https://www.vulnhub.com/entry/brainpan-1,51/
10. Pinkyโ€™s Palace version 1: https://www.vulnhub.com/entry/pinkys-palace-v1,225/
11. Stack Overflows for Beginners: https://www.vulnhub.com/entry/stack-overflows-for-beginners-101,290/
12. SmashTheTux: https://www.vulnhub.com/entry/smashthetux-101,138/
13. Pandoraโ€™s Box: https://www.vulnhub.com/entry/pandoras-box-1,111/

  • Windows Binaries (Recommend that you run these on Windows 7/XP 32 bit):
Vulnserver: https://samsclass.info/127/proj/vuln-server.htm
Minishare 1.4.1: https://www.exploit-db.com/exploits/636
Savant Web Server 3.1: https://www.exploit-db.com/exploits/10434
Freefloat FTP Server 1.0: https://www.exploit-db.com/exploits/40673
Core FTP Server 1.2: https://www.exploit-db.com/exploits/39480
WarFTP 1.65: https://www.exploit-db.com/exploits/3570
VUPlayer 2.4.9: https://www.exploit-db.com/exploits/40018
  • Linux Binaries
Linux Buffer Overflow: https://samsclass.info/127/proj/lbuf1.htm
  • Videos:
  • Github:
1. https://github.com/justinsteven/dostackbufferoverflowgood
2. https://github.com/3isenHeiM/OSCP-BoF
3. https://github.com/gh0x0st/Buffer_Overflow
4. https://github.com/sradley/overflow (You should not use it in the exam)
5. https://github.com/onecloudemoji/BOF-Template (Buffer overflow template)
6. https://github.com/V1n1v131r4/OSCP-Buffer-Overflow
  • Other Resources:
Whitepaper Introduction to Immunity Debugger: https://www.sans.org/reading-room/whitepapers/malicious/basic-reverse-engineering-immunity-debugger-36982
Do Stack Buffer Overflow Good: https://github.com/justinsteven/dostackbufferoverflowgood
Buffer Overflows for Dummies: https://www.sans.org/reading-room/whitepapers/threats/buffer-overflows-dummies-481
Vortex Stack Buffer Overflow Practice: https://www.vortex.id.au/2017/05/pwkoscp-stack-buffer-overflow-practice/
Smashing the Stack For Fun and Profit: http://www-inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf
Buffer Overflow Guide: https://github.com/johnjhacking/Buffer-Overflow-Guide
Stack based Linux Buffer Overflow: https://www.exploit-db.com/docs/english/28475-linux-stack-based-buffer-overflows.pdf
Expected time (without practice): 8 hours

๐‚๐ฅ๐ข๐ž๐ง๐ญ-๐ฌ๐ข๐๐ž ๐€๐ญ๐ญ๐š๐œ๐ค๐ฌ

https://www.offensive-security.com/metasploit-unleashed/client-side-attacks/
Expected Time: (not sure)

๐‹๐จ๐œ๐š๐ญ๐ข๐ง๐  ๐๐ฎ๐›๐ฅ๐ข๐œ ๐„๐ฑ๐ฉ๐ฅ๐จ๐ข๐ญ๐ฌ

  • Places to Find Exploits:
  • Tools for finding exploits:
Searchsploit: a command line search tool for Exploit-DB
Nmap NSE Script
The Browser Exploitation Framework (BeEF)


Manual for searchsploit: https://www.exploit-db.com/searchsploit
Expected Time: 1 hour

๐€๐ง๐ญ๐ข๐ฏ๐ข๐ซ๐ฎ๐ฌ ๐„๐ฏ๐š๐ฌ๐ข๐จ๐ง

  • Book
Antivirus Bypass Techniques: Learn Practical Techniques and Tactics to Combat, Bypass, and Evade Antivirus Software 

Link: https://g.co/kgs/WzEjAH
  • Tools to play with Anti-Virus evasion:
Veil-Framework: https://github.com/Veil-Framework/Veil
Shellter: https://www.shellterproject.com/
Unicorn https://github.com/trustedsec/unicorn
UniByAV: https://github.com/Mr-Un1k0d3r/UniByAv
  • Tools to play with for Obfuscation:
PowerShell:

Invoke-Obfuscation: https://github.com/danielbohannon/Invoke-Obfuscation
Chimera: https://github.com/tokyoneon/Chimera
Python:

Pyarmor: https://pypi.org/project/pyarmor/
PyObfx: https://github.com/PyObfx/PyObfx
C#:

ConfuserEx: https://github.com/yck1509/ConfuserEx
  • Testing Payloads Publicly. (Keep in mind that submitting your samples to online scanners may be distributed to other AV engines):
Nodistribute: https://nodistribute.com/
Virustotal: https://www.virustotal.com/gui/home
Hybrid-Analysis: https://www.hybrid-analysis.com/
Any-Run: https://app.any.run
Reverse.it: https://reverse.it
Anti-Virus Evasion Tool: https://github.com/govolution/avet
DefenderCheck: https://github.com/matterpreter/DefenderCheck
ThreatCheck: https://github.com/rasta-mouse/ThreatCheck
Expected: 12 hours

๐๐ซ๐ข๐ฏ๐ข๐ฅ๐ž๐ ๐ž ๐„๐ฌ๐œ๐š๐ฅ๐š๐ญ๐ข๐จ๐ง

  • Blogs:
  • Practice:
  • Videos/Courses
  • Github:
1. https://github.com/sagishahar/lpeworkshop
2. https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Methodology%20and%20Resources
3. https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
4. https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md
5. https://github.com/netbiosX/Checklists/blob/master/Windows-Privilege-Escalation.md
6. https://github.com/abatchy17/WindowsExploits
7. https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc
8. https://github.com/rasta-mouse/Sherlock
9. https://github.com/AonCyberLabs/Windows-Exploit-Suggester

  • Others
- https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS
- https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/
- https://www.vulnhub.com/entry/linsecurity-1,244/
- https://www.netsecfocus.com/oscp/2021/05/06/The_Journey_to_Try_Harder-_TJnull-s_Preparation_Guide_for_PEN-200_PWK_OSCP_2.0.html#section-10-buffer-overflows-for-windows-and-linux
- http://pwnwiki.io/#!privesc/windows/index.md
- https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
- https://github.com/N7WEra/SharpAllTheThings
- https://github.com/411Hall/JAWS/commits?author=411Hall
- https://github.com/bitsadmin/wesng
- https://github.com/rasta-mouse/Sherlock
- https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS
- https://github.com/rasta-mouse/Watson
- https://github.com/GhostPack/Seatbelt
- https://github.com/gladiatx0r/Powerless
- https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
- https://github.com/breenmachine/RottenPotatoNG
- https://github.com/ohpe/juicy-potato
- https://rahmatnurfauzi.medium.com/windows-privilege-escalation-scripts-techniques-30fa37bd194
- https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
- https://github.com/jondonas/linux-exploit-suggester-2
Expected: 12 hours

๐๐š๐ฌ๐ฌ๐ฐ๐จ๐ซ๐ ๐€๐ญ๐ญ๐š๐œ๐ค๐ฌ

  • Offline tools for password cracking
Hashcat: https://hashcat.net/hashcat/ Sample Hashes to test with Hashcat: https://hashcat.net/wiki/doku.php?id=example_hashes
John the Ripper: https://www.openwall.com/john/
Metasploit Unleashed using John the Ripper with Hashdump: https://www.offensive-security.com/metasploit-unleashed/john-ripper/
  • Online Tools for password cracking
THC Hydra: https://github.com/vanhauser-thc/thc-hydra
Crowbar: https://github.com/galkan/crowbar
  • Wordlist Generator
Cewl: https://digi.ninja/projects/cewl.php
Crunch: https://tools.kali.org/password-attacks/crunch
Cupp (In Kali Linux): https://github.com/Mebus/cupp
  • Tools to check the hash type:
Hash-Identifier: https://github.com/psypanda/hashID

  • Tools to dump for hashes:
Mimikatz: https://github.com/gentilkiwi/mimikatz
Mimipenguin: https://github.com/huntergregal/mimipenguin
Pypykatz: https://github.com/skelsec/pypykatz
  • Wordlists:
In Kali: /usr/share/wordlists
Seclists: apt-get install seclists You can find all of his password lists here: https://github.com/danielmiessler/SecLists/tree/master/Passwords
Xajkep Wordlists: https://github.com/xajkep/wordlists
  • Online Password Crackers:
https://hashkiller.io/
https://www.cmd5.org/
https://www.onlinehashcrack.com/
https://gpuhash.me/
https://crackstation.net/
https://passwordrecovery.io/
https://md5decrypt.net/en/
https://hashes.com/en/decrypt/hash
http://cracker.offensive-security.com/
  • Others
Introduction to Password Cracking: https://alexandreborgesbrazil.files.wordpress.com/2013/08/introduction_to_password_cracking_part_1.pdf
Pwning Wordpress Passwords: https://medium.com/bugbountywriteup/pwning-wordpress-passwords-2caf12216956
Expected: 12 hours

๐๐จ๐ซ๐ญ ๐‘๐ž๐๐ข๐ซ๐ž๐œ๐ญ๐ข๐จ๐ง ๐š๐ง๐ ๐“๐ฎ๐ง๐ง๐ž๐ฅ๐ข๐ง๐ 

  • Blogs
  • Tools
Proxychains: https://github.com/haad/proxychains
Proxychains-ng: https://github.com/rofl0r/proxychains-ng
SSHuttle (Totally Recommend learning this): https://github.com/sshuttle/sshuttle
SSHuttle Documentation: https://sshuttle.readthedocs.io/en/stable/
Chisel https://github.com/jpillora/chisel
Ligolo: https://github.com/sysdream/ligolo
  • Online Tunneling Services
Ngrok: https://ngrok.com/
Twilo: https://www.twilio.com/
  • Practice
Wintermute: https://www.vulnhub.com/entry/wintermute-1,239/
Expected: 12 hours

๐€๐œ๐ญ๐ข๐ฏ๐ž ๐ƒ๐ข๐ซ๐ž๐œ๐ญ๐จ๐ซ๐ฒ ๐€๐ญ๐ญ๐š๐œ๐ค๐ฌ

  • Blogs
  • Github:
  • Practice:
- https://tryhackme.com/room/attacktivedirectory
- https://tryhackme.com/network/throwback
- Heist, Hutch, Vault on PG Play
- Tryhackme Holo, Throwback networks in addition to attacktive and post exploitation rooms
- Hackthebox: Forest, Sauna, dante, active, Arctic and Granny.
- CyberSecLabs
- Razorblack, Enterprise, VulnNet - Active on tryhackme
- wreath on tryhackme
- blackfield, intelligence, multimaster, cascade, heist...crap was that htb heist or pg heist or both, Reel, Sauna, Fuse, Sizzle, Mantis, and Resolute.
- https://drive.google.com/file/d/1RktnrenlhOMIqdPDAv-u60_yzW7K0KS0/view
- Rastalabs on HTB
  • Videos:
  • TJNull's suggestion:
Setting up Active Directory:

Note: Make sure when you are setting up the Active Directory Server that you assign a static IP address to it and also a workstation that you will be joining the server to for further testing. I recommend that you set up a Windows 10 Workstation if you plan to use Windows Server 2016/2019.

Microsoft Documentation to install Active Directory: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-servicesโ€“level-100-
Install Windows Active Directory on Windows Server 2019: https://computingforgeeks.com/how-to-install-active-directory-domain-services-in-windows-server/
Understanding Users Accounts in Active Directory: https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/active-directory-accounts
Three ways to create an Active Directory User: https://petri.com/3-ways-to-create-new-active-directory-users
Join a Workstation to the Domain: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/join-a-computer-to-a-domain
Tools to help you automate the installation for Active Directory:

ADLab: https://github.com/browninfosecguy/ADLab
Automated Lab: https://github.com/AutomatedLab/AutomatedLab
MSLab: https://github.com/microsoft/MSLab
Invoke-ADLabDeployer: https://github.com/outflanknl/Invoke-ADLabDeployer
Active Directory User Setup: https://github.com/bjiusc/Active-Directory-User-Setup-Script
Enumerating Active Directory:

Active Directory Enumeration with Powershell: https://www.exploit-db.com/docs/english/46990-active-directory-enumeration-with-powershell.pdf
Active Directory Exploitation Cheat Sheet: https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet#domain-enumeration
Powersploit: https://github.com/PowerShellMafia/PowerSploit
Understanding Authentication protocols that Active Directory Utilizes:

NTLM Authentication: https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview
Kerberos Authentication https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-authentication-overview
Cache and Stored Credentials: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v=ws.11)
Group Managed Service Accounts: https://adsecurity.org/?p=4367
Lateral Movement in Active Directory:

Paving the Way to DA: https://blog.zsec.uk/path2da-pt1
Part 2, 3
Pass the Hash with Machine Accounts: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/pass-the-hash-with-machine-accounts
Overpass the hash (Payload All the things): https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md#overpass-the-hash-pass-the-key
Red Team Adventures Overpass the Hash: https://riccardoancarani.github.io/2019-10-04-lateral-movement-megaprimer/#overpass-the-hash
Pass the Ticket (Silver Tickets): https://adsecurity.org/?p=2011
Lateral Movement with DCOM: https://www.ired.team/offensive-security/lateral-movement/t1175-distributed-component-object-model
Active Directory Persistence:

Cracking Kerberos TGS Tickets Using Kerberoast: https://adsecurity.org/?p=2293
Kerberoasting Without Mimikatz: https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/
Golden Tickets: https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/kerberos-golden-tickets
Pass the Ticket (Golden Tickets): https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Active%20Directory%20Attack.md#pass-the-ticket-golden-tickets
Understanding DCSync Attacks: https://attack.stealthbits.com/privilege-escalation-using-mimikatz-dcsync
Tools for Active Directory Lateral Movement and Persistence:

ADRecon: https://github.com/sense-of-security/ADRecon
Kerbrute: https://github.com/ropnop/kerbrute
Rubeus: https://github.com/GhostPack/Rubeus
Impacket: https://github.com/SecureAuthCorp/impacket
Other Resources:

Building an Active Directory with PowerShell: https://1337red.wordpress.com/building-and-attacking-an-active-directory-lab-with-powershell/
Lateral Movement for AD: https://riccardoancarani.github.io/2019-10-04-lateral-movement-megaprimer/#overpass-the-hash
Lateral Movement with CrackMapExec: https://www.hackingarticles.in/lateral-moment-on-active-directory-crackmapexec/
  • Others:
- https://wadcoms.github.io/
- https://www.xmind.net/m/5dypm8/
- Cybermentor's Practical Ethical Hacking Course - Active Directory Section
Expected: 48 hours

๐“๐ก๐ž ๐Œ๐ž๐ญ๐š๐ฌ๐ฉ๐ฅ๐จ๐ข๐ญ ๐…๐ซ๐š๐ฆ๐ž๐ฐ๐จ๐ซ๐ค

  • MSFvenom Cheat Sheets:
http://security-geek.in/2016/09/07/msfvenom-cheat-sheet/
https://netsec.ws/?p=331
https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom
Expected: 4 hours

๐๐จ๐ฐ๐ž๐ซ๐ฌ๐ก๐ž๐ฅ๐ฅ ๐„๐ฆ๐ฉ๐ข๐ซ๐ž

Expected: 4 hours

๐“๐ซ๐ฒ๐ข๐ง๐  ๐‡๐š๐ซ๐๐ž๐ซ: ๐“๐ก๐ž ๐‹๐š๐›๐ฌ

๐’๐ญ๐ซ๐š๐ญ๐ž๐ ๐ฒ

  • Overview:
Phase I: Theory, Preparation and Note Taking
Phase II: Practice
Phase III: OSCP Labs & Origial Course Material
Phase IV: OSCP Exam
Thought Process:

So, Yeah! We have 180 days i.e. 175 remaining. I took a lot of time planning, it's ok tho. 
One shot, game khallas karna hai. Let's plan:

Let's divide OSCP into fundamental components that will require for us to crack OSCP:
1. Theory, theory and theory. In-depth Understanding of lot of topics.
2. Ability to apply knowledge practically.
3. Critical Thinking
4. High Pain threshold.
5. Consistency 
6. Note taking

Step by step dekha jaye toh, you should have basic understanding of almost everything beforehand so that you don't keep jumping back on phase I from phase II.
Do theory, make notes and refer to notes. Have everything at one place! That's it for today, hehe!

More Repositories

1

linux-commands-cheatsheet

All Useful Linux Commands (For OSCP & daily pen-testing usage)
191
star
2

advanced-sql-injection-for-awae

171
star
3

python-for-awae

Python for AWAE (Advanced Web Attacks and Exploitation)
Python
89
star
4

10000-h1-disclosed-reports

10,000 H1 Disclosed Reports
Python
77
star
5

oswe-awae-pre-preperation-plan-and-notes

My OSWE Pre-preperation (i.e. before acutally buying the course) phase plan and notes!
58
star
6

regex-notes

My Notes on Regular Expressions for AWAE/OSWE.
23
star
7

bash-scripting-for-hackers

Bash Scripting Cheatsheet for pen-testing!
Shell
21
star
8

discrete-mathematics

This Repository Contains My Notes for Discrete Mathematics (DM) - SPPU SE Computer Engineering
17
star
9

computer-graphics

This contains my notes for Computer Graphics (CG) - SPPU SE Comp
15
star
10

Rock-Paper-Scissors-Game

Rock paper scissors is a hand game usually played between two people, in which each player simultaneously forms one of three shapes with an outstretched hand. These shapes are "rock", "paper", and "scissors". This C++ Program [Mini Project] is aimed at automating one of the player called as Computerized Player and the taking rock, paper or scissor as an input from the used.
C++
15
star
11

payloads

A list of useful payloads and bypass for Web Application Security
Python
11
star
12

powershell-notes

My Powershell notes
9
star
13

xss

All About XSS
9
star
14

100-days-of-code

100 days of Code - A Practice to develop consistency
C++
8
star
15

shreyaschavhan

My Awesome Profile README.md
6
star
16

crash-alert.py

Python
4
star
17

pentest-tools-cheatsheet

OSCP tools cheatsheets
4
star
18

SE-Comp-SEM-III-Notes-For-Exam-2021

Notes
4
star
19

cybersecurity-basics

It's been years I have been into cybersecurity but there's always something that makes me feel like I lack the basics. Here's my attempt to clear the basics and improve myself in cybersecurity overall.
4
star
20

bugbountywriteups

This Repository will contain Bug Bounty Write-Up that I read on daily basis!
3
star
21

network-recon

My detailed notes on network recon & related tools
3
star
22

reflector

A simple python script to automate the process of finding reflected get parameters to simplify XSS finding process
Python
3
star
23

Hostel-Management-System

The Objective of this mini project is to implement an electronic hostel management system that will streamline registration process, reduce administrative tasks and paper work so as to improve the registration cycle process flow. P.S. The main aim of this Mini Project was to understand and understand the basic concepts DSA [Data Structure and algorithm].
C++
3
star
24

smart-contract-security-notes

My Detailed Notes on Smart Contract Security
3
star
25

codechef

A place to share your solutions to codochef's competitive programming problems, data structure and algorithm, hackathon and much more!
C++
2
star
26

online-grocery-store

Modernized UI
PHP
2
star
27

endpoints-tested-goal-tracker

Endponts tested daily goal tracker static web application for personal use
HTML
2
star
28

mini-project-colorize-black-n-white-image-deep-learning

Repository for Deep Learning Mini Project that we created in our final year of college
Python
2
star
29

3-cpp-programs

Daily 3 C++ programs with The Three Musketeers!
C++
1
star
30

The-Sparks-Foundation

This Repository Contains Tasks that I completed while working as an Data Science Intern @ The Sparks Foundation
Jupyter Notebook
1
star
31

projects

I will upload my basic projects here!
C++
1
star
32

Hackerrank

A place to share your solutions to Hackerrank's competitive programming problems, data structure and algorithm, hackathon and much more!
C++
1
star
33

linux-commands

Keeping these things here so that it will be less difficult for me to search them AGAIN
1
star
34

sem-VII-insem

SPPU BE Comp Sem VII Insem Exam Notes
1
star
35

dump

Dumping files here to use it somewhere in README files/ anywhere else.
C++
1
star
36

sem-VIII-insem

1
star
37

distraction-counter

static web application to count distraction so that I can bring distractions into conciousness and remove them
JavaScript
1
star
38

analytical-pyschology

Notes on MBTI and cognitive analytical psychology
1
star
39

web3.0-solidity-based-security-wargames

B.E Computer Engineering Final Year Project - Web3.0/Solidity Based Wargames (inspired by ethernaut & damn vulnerable defi)
1
star
40

think-20-mins-a-day

Programming myself to program (think) quickly! The aim isn't to master anything, I just wanna challenge my brain to think effectively and solve problems.
Python
1
star
41

shreyaschavhan.github.io

HTML
1
star
42

do-not-forget

I keep forgetting repositories that I once created for my own benefits, I'll keep them here so that it'll remind me about them. (Gonna pin it to my profile!) This repo is public coz I can't pin a private repo and if I won't pin it, I won't be able to remember I had this repo in my arsenal.
1
star
43

lp5

Jupyter Notebook
1
star
44

python-for-pentesting

Footnotes; Black Hat Python by Justin Seitz
1
star
45

network-plus

Network+ Notes
1
star
46

Guess-Me-Game

This is a program that generates a random number and asks the player to guess it. If the player's guess is Higher than the actual number the program displays "Guess lower!". Similarly if the user's guess is too low, the program prints "Guess Higher!". When the user guesses the correct number, the program displays the number of guesses the player used to arrive at the number.
C
1
star
47

Bus-Reservation-System

This project is aimed at computerizing travelling company to manage data, so that all maintenance records of passengers, schedule and detail of each bus will become easy.
C++
1
star
48

Tetris-Game

Tetris is a tile-matching video game. In Tetris, players complete lines by moving differently shaped pieces (tetrominoes), which descend onto the playing field. The completed lines disappear and grant the player points, and the player can proceed to fill the vacated spaces. The game ends when the playing field is filled. The longer the player can delay this inevitable outcome, the higher their score will be. In multiplayer games, the players must last longer than their opponents, and in certain versions, players can inflict penalties on opponents by completing a significant number of lines. Some adaptations have provided variations to the game's theme, such as three-dimensional displays or a system for reserving pieces
C++
1
star
49

atomic-habit-reward-punishment-tracker

I made a reward punishment tracker for my personal use. I was reading atomic habits recently and this thought came into my mind. I'll set a goal (for example: pizza) and if I finish daily assigned tasks, for each task I'll add +1 and for every unfinished tasks/procrastination or bad habit - i'll deduct -1 from it.
HTML
1
star