Offensive Security Certified Professional (OSCP)

• Accessing the internal VPN Lab Network
• Offensive Security Student Form
• Introduction to Penetration Testing
• MegaCorpone.com and Sandbox.local Domains
• PWK VPN Labs
• Reverts
• Control Panel
• Client Machines
• Kali Virtual Machine
• Reporting
• PWK Report

• Botting Up Kali Linux
• Kali Menu
• Kali Linux Support Forum
• Kali Linux Bug Tracker
• Linux Filesystem
• Linux Commands
• Finding Files in Kali Linux
• Handling the Kali Linux Services
• HTTP Service
• SSH Service
• Installing, Searching, and Removing the Tools
• Apt update and upgrade
• Apt – cache search and apt show
• apt remove – purge
• dpkg

Section 3.1: Bash Environment

• Environment Variables
• Bash History Tricks
• Tab Completion

Section 3.2: Piping and Redirection

• Redirecting to the new file
• Redirecting to the Existing File
• Redirecting from the File
• Redirecting STDERR
• Piping

Section 3.3: Text Searching and Manipulation

• sed
• grep
• awk
• cut

Section 3.4: Editing Files from a command file

• Vi
• nano

Section 3.5: Comparing Files

• diff
• comm
• vimdiff

Section 3.6: Handling Processes

• Background Process
• Process Control: kill and ps
• Jobs Control: jobs and fg

Section 3.7: File Monitoring and Command Monitoring

• Watch
• Tail

Section 3.8: Downloading the files

• curl
• axel
• wget

Section 3.9: Customizing Bash Environment

• Customizing Bash History
• Persistent  Bash Customization
• Alias

Section 4.1: Netcat

• Connecting to the TCP/UDP Port
• Listening on the TCP/UDP Port
• Transferring the Files with Netcat
• Remote Administration with Netcat

Section 4.2: Socat

• Differentiate Netcat and Socat
• Socat Reverse Shells
• Socat File Transfers
• Socat Encrypted Bind Shells

Section 4.3: Powercat and PowerShell

• PowerShell Reverse Shells
• PowerShell File Transfers
• PowerShell Bind Shells
• Introduction to Powercat
• Powercat Reverse Shells
• Powercat File Transfers
• Powercat Bind Shells
• Powercat Stand-Alone Payloads

Section 4.4: Wireshark

• Wireshark Fundamentals
• Starting Wireshark
• Display Filters
• Capture Filters
• Following TCP Streams

Section 4.5: TCPdump

• Filtering the Traffic
• Advanced Header Filtering

• Variables
• Arguments
• If, If-Else, Else Statements
• Reading User Input
• Boolean Logical Operations
• For Loops
• While Loops
• Functions

• Website Recon
• Google Hacking
• Whois Enumeration
• Recon-ng
• Netcraft
• Open-Source Code
• Security Headers Scanner
• Shodan
• SSL Server Test
• Pastebin
• Email Harvesting
• User Information Gathering
• Password Dumps
• Email Harvesting
• Site-Specific Tools
• Social Media Tools
• Stack Overflow
• OSINT Framework
• Maltego

Section 7.1: DNS Enumeration

• Interaction with the DNS Server
• Forward Lookup Brute Force
• Automating Lookups
• Reverse Lookup Brute Force
• Relevant Tools in Kali Linux
• DNS Zone Transfers

Section 7.2: Port Scanning

• UDP/TCP Scanning
• Port Scanning with the Nmap
• Masscan

Section 7.3: SMB Enumeration

• Scanning for NetBIOS Service
• Nmap SMB NSE Scripts

Section 7.4: NFS Enumeration

• Scanning for the NFS Shares
• Nmap NFS NSE Scripts

Section 7.5: SMTP Enumeration

Section 7.6: SNMP Enumeration

• SNMP MIB Tree
• Scanning for the SNMP
• Windows SNMP Enumeration

Section 8.1: Introduction to Vulnerability Scanning

• How Vulnerability Scanners Work
•  Manual vs. Automated Scanning
• Internal Scanning vs. Internet Scanning
• Unauthenticated vs. Authenticated Scanning

Section 8.2: Vulnerability Scanning with Nessus

• Nessus Installation
• Specifying Targets
• Configuring Scan Definitions
• Unauthenticated and Authenticated Scanning with Nessus
• Scanning with Individual Nessus Plugins

Section 8.3: Vulnerability Scanning with Nmap

Section 9.1: Web Application Enumeration

• Inspection URLs
• Inspecting Page Content
• Inspecting the SiteMaps
• Locating the Administration Consoles

section 9.2: Web Application Assessment Tools

• Burp Suite
• Nikto
• DIRB

Section 9.3: Web-Based Vulnerabilities

• Exploiting the Admin Consoles
• File Inclusion Vulnerabilities
• Cross-Site Scripting
• Directory Traversal Vulnerabilities
• SQL Injection

Section 10.1: x Architecture

• Program Memory
• CPU Registers

Section 10.2: Buffer Overflows

• Sample Vulnerable Code
• Immunity Debugger
• Navigating Code
• Overflowing the Buffer

Section 11.1: Discovering the Vulnerability

• Fuzzing HTTP Protocol
• Win Buffer Overflow Exploitation

Section 112: DEP, ASLR, and CFG

• Replicating the Crash
• Controlling EIP
• Discovering Space for Our Shellcode
• Checking for the Bad Characters
• Redirecting the Execution Flow
• Finding the Return Address
• Generating Shellcode with Metasploit
• Getting the Shell
• Enhancing the Exploit

• DEP, ASLR, and Canaries
• Controlling EIP
• Replicating the Crash
• Checking for the Bad Characters
• Discovering Space for the Shellcode
• Finding the Return Address
• Getting the Shell

Section 13.1: Client Information Gathering

• Passive Client Information Gathering
• Active Client Information Gathering

Section 13.2: Leveraging the HTML Applications

• HTA Attack in Action
• Exploring the HTML Application

Section 13.3: Exploring Microsoft Office

• Microsoft Office Installation
• Object Embedding and Linking
• Microsoft Word Macro
• Evading the Protected View

• Searching Online Exploit Resources
• Searching Offline Exploit Resources

Section 15.1: Fixing the Memory Corruption Exploits

• Introduction and Considerations
• Importing and Reviewing the Exploits
• Cross-Compiling the Exploit Code
• Modifying the Socket Information
• Modifying the Return Address and Payload
• Modifying the Overflow Buffer

Section 15.2: Fixing the Web Exploits

• Introduction and Considerations
• Choosing the Vulnerability
• Modifying the Connectivity Information
• Troubleshooting “index out of range” error

Section 16.1: Preparations and Considerations

• Dangers of Transmitting the Attack Tools
• Installing the Pure – FTPd
• Non-Interactive Shell

Section 16.2: Transferring the Files the Windows Hosts

• Non-Interactive FTP Download
• Windows Downloads using the Scripting Language
• Windows Downloads with exe2hex and PowerShell
• Windows Uploads using the Windows Scripting Languages
• Uploading Files with TFTP

Section 17.1: Define Antivirus Software

Section 17.2: Methods of Identifying the Malicious Code

• Signature-Based Detection
• Behavioral and Heuristic-Based Detection

Section 17.3: Eluding the Antivirus Detection

• On-Disk Evasion
• In-Memory Evasion
• AV Evasion

Section 18.1: Information Gathering

• Manual Enumeration
• Automated Enumeration

Section 18.2: Examples for Windows Privilege Escalation

• Windows Privileges and Integrity Levels
• User Account Control
• User Account Control Bypass
• Insecure File Permissions
• Leveraging the Unquoted Service Paths

Section 18.3: Linux Privilege Escalation Examples

• Linux Privileges
• Insecure File Permissions: /etc/passwd case study
• Insecure File Permissions: Cron Case Study
• Kernel Vulnerabilities: CVE-7-2 Case Study

Section 19.1: Wordlists

• Standard Wordlists

Section 19.2: Brute Force Wordlists

Section 19.3: Common Network Service Attack Methods

• HTTP htaccess Attack with Medusa
• Remote Desktop Protocol Attack with the Crowbar
• HTTP POST Attack with THC-Hydra
• SSH Attack with THC – Hydra

Section 19.4: Leveraging the Password Hashes

• Retrieving the Password Hashes
• Password Cracking
• Passing the Hash in Windows

Section 20.1: Port Forwarding

• RINETO

Section 20.2: SSH Tunneling

• SSH Local Port Forwarding
• SSH Remote Port Forwarding
• SSH Dynamic Port Forwarding

Section 20.3: PLINK.exe

Section 20.4: NETSH

Section 20.5: HTTPTunnel-ing Through the Deep Packet Inspection

Section 21.1: Active Directory Theory

Section 21.2: Active Directory Enumeration

• Conventional Approach
• A Modern Approach
• Resolving Nested Groups
• Currently Logged on the users
• Enumeration using the Service Principal Names

Section 21.3: Active Directory Authentication

• Kerberos Authentication
• NTLM Authentication
• Service Account Attacks
• Cached Credential Storage and Retrieval
• Slow and Low Password Guessing

Section 21.4: Active Directory Lateral Movement

• Pass the Hash
• Overpass the Hash
• Distributed Component Object Model
• Pass the Ticket

Section 21.5: Active Directory Persistence

• Domain Control Synchronization
• Golden tickets

Section 22.1: Metasploit Setup and User Interface

• Getting Familiarised with MSF Syntax
• Metasploit Database Access
• Auxiliary Modules

Section 22.2: Exploit Modules

• SyncBreeze Enterprise

Section 22.3: Metasploit Payloads

• Non-Staged vs Staged Payloads
• Experimenting the Meterpreter
• Meterpreter Payloads
• Executable Payloads
• Client-Side Attacks
•  Metasploit Exploit Multi Handler
• Advanced Features and Transports

Section 22.4: Building Own MSF Module

Section 22.5: Post-Exploitation with Metasploit

• Core Post-Exploitation Features
• Post-Exploitation Modules
• Migrating Processes
• Pivoting with the Metasploit Framework

Section 22.6: Metasploit Automation

Section 23.1: Installation, Usage, and Setup

• PowerShell Empire Syntax
• Stagers and Listeners
• Empire Agent

Section 23.2: PowerShell Modules

• Situational Awareness
• Credential and Privilege Escalation
• Lateral Movement

Section 23.3: Switching Between Empire and Metasploit

Section 24.1: Public Network Enumeration

Section 24.2: Targeting the Web Application

• SQL Injection Exploitation
• Web Application Enumeration
• Cracking the Password
• Enumerating Admin Interface
• Obtaining the Shell
• Post-Exploitation Enumeration
• Creating the Stable Pivot Point

Section 24.3: Targeting Database

• Enumeration
• Trying to Exploit the Database

Section 24.4: Depper Enumeration of Application Server

• More Deeper Post Exploitation
• Searching for the DB Credentials
• Privilege Escalation

Section 24.5: Targeting Database Again

• Exploitation
• Post-Exploitation Enumeration
• Creating the Stable Reverse Tunnel

Section 24.6: Targeting the Poultry

• Exploitation (or just logging in)
• Enumeration
• Post-Exploitation Enumeration
• Unquoted Search Path Exploitation

Section 24.7: Internal Network Enumeration

• Reviewing the Results

Section 24.8: Targeting Jenkins Server

• Exploiting Jenkins
• Application Enumeration
• Privilege Escalation
• Post Exploitation Enumeration

Section 24.9: Targeting Domain Controller

• Exploiting Domain Controller