snoopysecurity/OSCE-Prep snoopysecurity/OSCE-Prep

  • Stars
    star
    211
  • Rank 180,013 (Top 4 %)
  • Language
  • Created over 4 years ago
  • Updated over 3 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
snoopysecurity/OSCE-Prep
github

snoopysecurity

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A list of freely available resources that can be used as a prerequisite before taking OSCE.

OSCE PREP

This repository contains a list of freely available resources that can be used as a pre-requisite before enrolling in Offensive Security's Cracking the Perimeter (CTP) course and OSCE certification.

The following table shows notes, courses, challenges, and tutorials that can taken in preparation for the OSCE. It should be noted that the content within multiple sources do overlap each other so not all of these resources are needed.

Web Application Security

Order Name Type Link
1 PayloadsAllTheThings Directory Traversal CheatSheet CheatSheet https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal
2 PayloadsAllTheThings XSS CheatSheet CheatSheet https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection
3 XSS Payloads Payloads http://www.xss-payloads.com/
4 XSS to Domain Admin Webinar https://www.elearnsecurity.com/resources/webinar_video/xss-to-domain-admin/
5 LFI to RCE Exploit with Perl Script Paper https://www.exploit-db.com/papers/12992
6 Using XSS to bypass CSRF protection Paper https://www.exploit-db.com/docs/13534
7 Local File Inclusion (LFI) Paper https://www.exploit-db.com/docs/english/40992-web-app-penetration-testing---local-file-inclusion-(lfi).pdf

Anti Detection

Order Name Type Link
1 Backdooring PE Files - Part 1 Blog http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-1.html
2 Backdooring PE Files - Part 2 Blog http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-2.html
3 Backdooring Windows EXEs for Fun and Profit Blog http://ly0n.me/2015/07/09/backdooring-windows-exes-for-fun-and-profit-part-1/
4 Art of Anti Detection โ€“ 1 Paper https://www.exploit-db.com/docs/40900.pdf
5 Art of Anti Detection โ€“ 2 Paper https://www.exploit-db.com/docs/41129.pdf
6 Art of Anti Detection โ€“ 2 Paper https://www.exploit-db.com/docs/41129.pdf
7 Art of Anti Detection โ€“ 1 Blog Blog https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/
8 Art of Anti Detection โ€“ 2 Blog Blog https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/
9 Art of Anti Detection โ€“ 3 Blog Blog https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/
10 Art of Anti Detection โ€“ 4 Blog Blog https://pentest.blog/art-of-anti-detection-4-self-defense/

Assembly Language

Order Name Type Link
1 Skullsecurity Assembly Language Wiki Blog https://wiki.skullsecurity.org/index.php?title=Assembly
2 Sensepost A Crash Course in x86 Assembly for Reverse Engineers Paper https://sensepost.com/blogstatic/2014/01/SensePost_crash_course_in_x86_assembly-.pdf
3 SecurityTube Windows Assembly Language Megaprimer Videos http://www.securitytube.net/groups?operation=view&groupId=6

Fuzzing

Order Name Type Link
1 Introduction to Network Protocol Fuzzing & Buffer Overflow Exploitation Blog https://blog.own.sh/introduction-to-network-protocol-fuzzing-buffer-overflow-exploitation/
2 HowTo: ExploitDev Fuzzing Blog https://hansesecure.de/2018/03/howto-exploitdev-fuzzing/
3 [VulnServer] Exploiting TRUN Command via Vanilla EIP Overwrite Blog https://captmeelo.com/exploitdev/osceprep/2018/06/27/vulnserver-trun.html
4 CTP/OSCE Prep โ€“ Boofuzzing Vulnserver for EIP Overwrite Blog https://h0mbre.github.io/Boofuzz_to_EIP_Overwrite/#
5 Boofuzz โ€“ A helpful guide (OSCE โ€“ CTP) Blog https://zeroaptitude.com/zerodetail/fuzzing-with-boofuzz/

Exploit Development

Order Name Type Link
1 DEFCON 16: BackTrack Foo - From bug to 0day Presentation https://www.youtube.com/watch?v=gHISpAZiAm0
2 Corelan Exploit Writing Tutorial part 1: Stack Based Overflows Blog http://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
3 Corelan Exploit Writing Tutorial part 2: Stack Based Overflows Blog http://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
4 Corelan Exploit Writing Tutorial part 3: SEH Based Exploits Blog http://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
5 Corelan Exploit Writing Tutorial part 3b: SEH Based Exploits Blog http://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
6 Corelan Exploit Writing Tutorial part 4: From Exploit to Metasploit Blog http://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
7 Corelan Exploit Writing Tutorial part 5: How debugger modules & plugins can speed up basic exploit development Blog http://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/
8 Corelan Exploit Writing Tutorial part 6: Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR Blog http://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
9 Corelan Exploit Writing Tutorial part 7: Unicode from 0x00410041 to calc Blog http://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
10 Corelan Exploit Writing Tutorial part 8: Win32 Egg Hunting Blog http://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
11 Corelan Exploit Writing Tutorial part 9: Introduction to Win32 shellcoding Blog http://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
12 Mona py : The Exploit Writer's Swiss Army Knife Presentation https://www.youtube.com/watch?v=y2zrEAwmdws
13 Eliminating the bad characters in your Exploit Presentation https://www.youtube.com/watch?v=IOjl3tU1Ht8
14 Understanding Windows Shellcode Paper http://www.hick.org/code/skape/papers/win32-shellcode.pdf
15 Safely Searching Process Virtual Address Space Paper http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf

Practical

Order Name Type Link
1 Vulnserver Lab https://github.com/stephenbradshaw/vulnserver
2 Fuzzysecurity Part 1: Introduction to Exploit Development Tutorial http://www.fuzzysecurity.com/tutorials/expDev/1.html
3 Fuzzysecurity Part 2: Saved Return Pointer Overflows Tutorial http://www.fuzzysecurity.com/tutorials/expDev/2.html
4 Fuzzysecurity Part 3: Part 3: Structured Exception Handler (SEH) Tutorial http://www.fuzzysecurity.com/tutorials/expDev/3.html
5 Fuzzysecurity Part 4: Egg Hunters Tutorial http://www.fuzzysecurity.com/tutorials/expDev/4.html
6 Fuzzysecurity Part 5: Unicode 0x00410041 Tutorial http://www.fuzzysecurity.com/tutorials/expDev/5.html
7 Fuzzysecurity Part Part 6: Writing W32 shellcode Tutorial http://www.fuzzysecurity.com/tutorials/expDev/6.html
8 SecuritySift Windows Exploit Development โ€“ Part 1: The Basics Tutorial https://www.securitysift.com/windows-exploit-development-part-1-basics/
9 SecuritySift Windows Exploit Development โ€“ Part 2: StackOverflow Tutorial https://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/
10 SecuritySift Windows Exploit Development โ€“ Part 3: Changing Offsets and Rebased Modules Tutorial https://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/
11 SecuritySift Windows Exploit Development โ€“ Part 4: Locating Shellcode Jumps) Tutorial https://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/
12 SecuritySift Windows Exploit Development โ€“ Part 5: Locating Shellcode Egghunting Tutorial https://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/
13 SecuritySift Windows Exploit Development โ€“ Part 6: SHE Exploits Tutorial https://www.securitysift.com/windows-exploit-development-part-6-seh-exploits/
14 SecuritySift Windows Exploit Development โ€“ Part 7: Unicode Buffer Overflows Tutorial https://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows/

Network Security

Order Name Type Link
1 Cisco SNMP configuration attack with a GRE tunnel Blog https://www.symantec.com/connect/articles/cisco-snmp-configuration-attack-gre-tunnel
2 Bypassing Cisco SNMP access lists using Spoofed SNMP Requests Blog http://new.remote-exploit.org/index.php/SNMP_Spoof
3 Bypassing Routerโ€™s Access Control List (ACL) Blog https://securityshards.wordpress.com/2016/02/05/bypassing-routers-access-control-list-acl/

Misc/Extra

Order Name Type Link
1 Mona.py The Manual Cheatsheet https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/r
2 Windows Reverse Shell Shellcode I log http://sh3llc0d3r.com/windows-reverse-shell-shellcode-i/
3 hellcoding for Linux and Windows Tutorial Blog http://www.vividmachines.com/shellcode/shellcode.html#ws
4 peCloak.py โ€“ An Experiment in AV Evasion Tool https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/
5 EggSandwich โ€“ An Egghunter with Integrity Tool https://www.securitysift.com/eggsandwich-egghunter-integrity/
6 Live Demo from Backtrack to the MAX 1/5 Tool https://www.youtube.com/watch?v=kwq5VQj3Ils
7 Live Demo from Backtrack to the MAX 2/5 Tool https://www.youtube.com/watch?v=ykfHy2lX88c
8 Live Demo from Backtrack to the MAX 3/5 Tool https://www.youtube.com/watch?v=IWf7UM7qX0M
9 Live Demo from Backtrack to the MAX 4/5 Tool https://www.youtube.com/watch?v=azepnwdVfyU
10 Live Demo from Backtrack to the MAX 5/5 Tool https://www.youtube.com/watch?v=6gmAoW1mtYg
11 CTP/OSCE Scripts Repository https://github.com/h0mbre/CTP-OSCE
12 OSCE-exam-practice Repository https://github.com/epi052/OSCE-exam-practice
13 Vulnserver: Fuzzing and Exploits Repository https://github.com/ricardojoserf/vulnserver-exploits

More Repositories

1

awesome-burp-extensions

A curated list of amazingly awesome Burp Extensions
2,526
star
2

Vulnerable-Code-Snippets

A small collection of vulnerable code snippets
PHP
475
star
3

dvws

Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities. NOTE: This project is out of date, please use https://github.com/snoopysecurity/dvws-node
PHP
441
star
4

dvws-node

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.
JavaScript
346
star
5

Setup-AD-Security-Lab

Scripts to create a Active Directory Lab with security misconfigurations and vulnerabilities.
PowerShell
45
star
6

Public

Archive - Repository contains old publicly released presentations, tools, Proof of Concepts and other junk.
PowerShell
24
star
7

OSWE-Prep

Useful tips and resources for preparing for the AWAE exam.
15
star
8

fuzzpayloads

Collection of fuzzing payloads and corpus from all around added as sub modules
9
star
9

Noopener-Burp-Extension

Find Target="_blank" values within web pages that are set without 'noopener' and 'noreferrer' attributes
Python
3
star
10

snoopysecurity.github.io

Personal Blog
HTML
3
star