0xdevroute/OSCE-Complete-Guide

OSWE, OSEP, OSED

OSCE³ Study Guide

OSWE

Content

• Web security tools and methodologies
• Source code analysis
• Persistent cross-site scripting
• Session hijacking
• .NET deserialization
• Remote code execution
• Blind SQL injections
• Data exfiltration
• Bypassing file upload restrictions and file extension filters
• PHP type juggling with loose comparisons
• PostgreSQL Extension and User Defined Functions
• Bypassing REGEX restrictions
• Magic hashes
• Bypassing character restrictions
• UDF reverse shells
• PostgreSQL large objects
• DOM-based cross site scripting (black box)
• Server side template injection
• Weak random token generation
• XML External Entity Injection
• RCE via database Functions
• OS Command Injection via WebSockets (BlackBox)

Study Materials

1. timip-GitHub- Reference guide
2. noraj-GitHub - Reference guide
3. wetw0rk-Github - Reference guide
4. kajalNair-Github - Reference guide
5. s0j0hn-Github - Reference guide
6. deletehead-Github - Reference guide
7. z-r0crypt - Reference guide
8. rayhan0x01 - Reference guide
9. Nathan-Rague - Reference guide
10. Joas Content - Reference guide
11. Lawlez-Github - Reference guide

Vulnerabilities (https://github.com/AzyzChayeb)

1. XXE Injection
2. CSRF
3. Cross-Site Scripting Exploitation
4. Cross-Site Scripting (XSS)
5. Unrestricted File Upload
6. Open Redirect
7. Remote File Inclusion (RFI)
8. HTML Injection
9. Path Traversal
10. Broken Authentication & Session Management
11. OS Command Injection
12. Multiple Ways to Banner Grabbing
13. Local File Inclusion (LFI)
14. Netcat for Pentester
15. WPScan:WordPress Pentesting Framework
16. WordPress Pentest Lab Setup in Multiple Ways
17. Multiple Ways to Crack WordPress login
18. Web Application Pentest Lab Setup on AWS
19. Web Application Lab Setup on Windows
20. Web Application Pentest Lab setup Using Docker
21. Web Shells Penetration Testing
22. SMTP Log Poisoning
23. HTTP Authentication
24. Understanding the HTTP Protocol
25. Broken Authentication & Session Management
26. Apache Log Poisoning through LFI
27. Beginner’s Guide to SQL Injection (Part 1)
28. Boolean Based
29. How to Bypass SQL Injection Filter
30. Form Based SQL Injection
31. Dumping Database using Outfile
32. IDOR

Reviews

1. OSWE Review - Portuguese Content
2. 0xklaue
3. greenwolf security
4. Cristian R
5. 21y4d - Exam Reviews
6. Marcin Szydlowski
7. Nathan Rague
8. Elias Dimopoulos
9. OSWE Review - Tips & Tricks - OSWE Review - Tips & Tricks
10. Alex-labs
11. niebardzo Github - Exam Review
12. Marcus Aurelius
13. yakuhito
14. donavan.sg
15. Alexei Kojenov
16. (OSWE)-Journey & Review - Offensive Security Web Expert (OSWE) - Journey & Review
17. Patryk Bogusz
18. svdwi GitHub - OSWE Labs POC
19. Werebug.com - OSWE and OSEP
20. jvesiluoma

Extra Content

1. OSWE labs - OSWE labs and exam's review/guide
2. HTB Machine
3. Deserialization
4. B1twis3
5. jangelesg GitHub

OSEP

Content

• Operating System and Programming Theory
• Client Side Code Execution With Office
• Client Side Code Execution With Jscript
• Process Injection and Migration
• Introduction to Antivirus Evasion
• Advanced Antivirus Evasion
• Application Whitelisting
• Bypassing Network Filters
• Linux Post-Exploitation
• Kiosk Breakouts
• Windows Credentials
• Windows Lateral Movement
• Linux Lateral Movement
• Microsoft SQL Attacks
• Active Directory Exploitation
• Combining the Pieces
• Trying Harder: The Labs

Study Materials

• https://github.com/chvancooten/OSEP-Code-Snippets
• https://github.com/nullg0re/Experienced-Pentester-OSEP
• https://github.com/r0r0x-xx/OSEP-Pre
• https://github.com/deletehead/pen_300_osep_prep
• https://github.com/J3rryBl4nks/OSEP-Thoughts
• https://github.com/chvancooten/OSEP-Code-Snippets/blob/main/README.md
• https://github.com/aldanabae/Osep
• https://drive.google.com/file/d/1znezUNtghkcFhwfKMZmeyNrtdbwBXRsz/view?usp=sharing
• https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations

Reviews

• https://nullg0re.com/?p=113
• https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
• https://www.youtube.com/watch?v=fA3pkNcGpH0&ab_channel=HackSouth
• https://www.schellman.com/blog/osep-and-pen-300-course-review
• https://cinzinga.com/OSEP-PEN-300-Review/
• https://www.youtube.com/watch?v=iUPyiJbN4l4
• https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/
• https://www.reddit.com/r/osep/comments/ldhc20/osep_review/
• https://www.reddit.com/r/oscp/comments/jj0sr9/offensive_security_experienced_penetration_tester/
• https://www.purpl3f0xsecur1ty.tech/2021/03/18/osep.html
• https://makosecblog.com/miscellaneous/osep-course-review/
• https://www.youtube.com/watch?v=iUPyiJbN4l4&t=1s
• https://www.youtube.com/watch?v=15sv5eZ0oCM
• https://www.youtube.com/watch?v=0n3Li63PwnQ
• https://www.youtube.com/watch?v=BWNzB1wIEQ
• https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
• https://casvancooten.com/posts/2021/03/getting-the-osep-certification-evasion-techniques-and-breaching-defenses-pen-300-course-review/
• https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/
• https://makosecblog.com/miscellaneous/osep-course-review/
• https://davidlebr1.gitbook.io/infosec/blog/osep-review
• https://www.offensive-security.com/offsec/pen300-approach-review/

Labs

• https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
• https://www.exploit-db.com/evasion-techniques-breaching-defenses
• https://noraj.github.io/OSCP-Exam-Report-Template-Markdown/
• https://help.offensive-security.com/hc/en-us/articles/360049781352-OSEP-Exam-FAQ
• https://www.cybereagle.io/blog/osep-review/
• https://pentestlab.blog/category/red-team/defense-evasion/
• https://pentestlab.blog/tag/antivirus-evasion/
• https://pentestlaboratories.com/2021/01/18/process-herpaderping-windows-defender-evasion/
• https://www.youtube.com/watch?v=dS0GcSA7kEw&ab_channel=PentesterAcademyTV
• https://www.youtube.com/watch?v=cqxOS9uQL_c&ab_channel=PacktVideo
• https://www.youtube.com/watch?v=ZaJpDeLvo6I&ab_channel=PentesterAcademyTV

OSED

Content

• WinDbg tutorial
• Stack buffer overflows
• Exploiting SEH overflows
• Intro to IDA Pro
• Overcoming space restrictions: Egghunters
• Shellcode from scratch
• Reverse-engineering bugs
• Stack overflows and DEP/ASLR bypass
• Format string specifier attacks
• Custom ROP chains and ROP payload decoders

Study Materials

• https://github.com/snoopysecurity/OSCE-Prep
• https://github.com/epi052/osed-scripts
• https://www.exploit-db.com/windows-user-mode-exploit-development
• https://github.com/r0r0x-xx/OSED-Pre
• https://github.com/sradley/osed
• https://github.com/Nero22k/Exploit_Development
• https://www.youtube.com/watch?v=7PMw9GIb8Zs
• https://www.youtube.com/watch?v=FH1KptfPLKo
• https://www.youtube.com/watch?v=sOMmzUuwtmc
• https://blog.exploitlab.net/
• https://azeria-labs.com/heap-exploit-development-part-1/
• http://zeroknights.com/getting-started-exploit-lab/
• https://drive.google.com/file/d/1poocO7AOMyBQBtDXvoaZ2dgkq3Zf1Wlb/view?usp=sharing
• https://drive.google.com/file/d/1qPPs8DHbeJ6YIIjbsC-ZPMajUeSfXw6N/view?usp=sharing
• https://drive.google.com/file/d/1RdkhmTIvD6H4uTNxWL4FCKISgVUbaupL/view?usp=sharing
• https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
• https://github.com/wtsxDev/Exploit-Development/blob/master/README.md
• https://github.com/corelan/CorelanTraining
• https://github.com/subat0mik/Journey_to_OSCE
• https://github.com/nanotechz9l/Corelan-Exploit-tutorial-part-1-Stack-Based-Overflows/blob/master/3%20eip_crash.rb
• https://github.com/snoopysecurity/OSCE-Prep
• https://github.com/bigb0sss/OSCE
• https://github.com/epi052/OSCE-exam-practice
• https://github.com/mdisec/osce-preparation
• https://github.com/mohitkhemchandani/OSCE_BIBLE
• https://github.com/FULLSHADE/OSCE
• https://github.com/areyou1or0/OSCE-Exploit-Development
• https://github.com/securityELI/CTP-OSCE
• https://drive.google.com/file/d/1MH9Tv-YTUVrqgLT3qJDBl8Ww09UyF2Xc/view?usp=sharing
• https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1
• https://connormcgarr.github.io/browser1/
• https://kalitut.com/exploit-development-resources/
• https://github.com/0xZ0F/Z0FCourse_ExploitDevelopment
• https://github.com/dest-3/OSED_Resources/
• https://resources.infosecinstitute.com/topic/python-for-exploit-development-common-vulnerabilities-and-exploits/
• https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept/
• https://samsclass.info/127/127_WWC_2014.shtml
• https://stackoverflow.com/questions/42615124/exploit-development-in-python-3
• https://cd6629.gitbook.io/ctfwriteups/converting-metasploit-modules-to-python
• https://subscription.packtpub.com/book/networking_and_servers/9781785282324/8
• https://www.cybrary.it/video/exploit-development-part-5/
• https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-an
• https://help.offensive-security.com/hc/en-us/articles/360052977212-OSED-Exam-Guide
• https://github.com/epi052/osed-scripts
• https://www.youtube.com/watch?v=0n3Li63PwnQ
• https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/
• https://pythonrepo.com/repo/epi052-osed-scripts
• https://github.com/dhn/OSEE
• https://pythonrepo.com/repo/epi052-osed-scripts

Reviews

• https://www.youtube.com/watch?v=aWHL9hIKTCA
• https://www.youtube.com/watch?v=62mWZ1xd8eM
• https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/
• https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/
• https://animal0day.blogspot.com/2018/11/reviews-for-oscp-osce-osee-and-corelan.html
• https://addaxsoft.com/blog/offensive-security-advanced-windows-exploitation-awe-osee-review/
• https://jhalon.github.io/OSCE-Review/
• https://www.youtube.com/watch?v=NAe6f1_XG6Q
• https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-and
• https://blog.kuhi.to/offsec-exp301-osed-review

Labs

• https://github.com/CyberSecurityUP/Buffer-Overflow-Labs
• https://github.com/ihack4falafel/OSCE
• https://github.com/nathunandwani/ctp-osce
• https://github.com/firmianay/Life-long-Learner/blob/master/SEED-labs/buffer-overflow-vulnerability-lab.md
• https://github.com/wadejason/Buffer-Overflow-Vulnerability-Lab
• https://github.com/Jeffery-Liu/Buffer-Overflow-Vulnerability-Lab
• https://github.com/mutianxu/SEED-LAB-Bufferoverflow_attack
• https://my.ine.com/CyberSecurity/courses/54819bbb/windows-exploit-development
• https://connormcgarr.github.io/browser1/
• https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1
• https://pentestmag.com/product/exploit-development-windows-w38/
• https://steflan-security.com/complete-guide-to-stack-buffer-overflow-oscp/#:~:text=Stack%20buffer%20overflow%20is%20a,of%20the%20intended%20data%20structure.
• https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/

Our Social Network

Joas Antonio - Linkedin

CyberSceurityUP- GitHub

C0d3Cr4zy - Twitter

Filipi Pires - Linkedin

Filipi Pires - GitHub

Filipi Pires - Twitter

XMind - Evaluation Version