OSCE³ and OSEE Study Guide Awesome

OSWE

Content

  • Web security tools and methodologies
  • Source code analysis
  • Persistent cross-site scripting
  • Session hijacking
  • .NET deserialization
  • Remote code execution
  • Blind SQL injections
  • Data exfiltration
  • Bypassing file upload restrictions and file extension filters
  • PHP type juggling with loose comparisons
  • PostgreSQL Extension and User Defined Functions
  • Bypassing REGEX restrictions
  • Magic hashes
  • Bypassing character restrictions
  • UDF reverse shells
  • PostgreSQL large objects
  • DOM-based cross site scripting (black box)
  • Server side template injection
  • Weak random token generation
  • XML External Entity Injection
  • RCE via database Functions
  • OS Command Injection via WebSockets (BlackBox)

Study Materials

  1. timip-GitHub- Reference guide
  2. noraj-GitHub - Reference guide
  3. wetw0rk-Github - Reference guide
  4. kajalNair-Github - Reference guide
  5. s0j0hn-Github - Reference guide
  6. deletehead-Github - Reference guide
  7. z-r0crypt - Reference guide
  8. rayhan0x01 - Reference guide
  9. Nathan-Rague - Reference guide
  10. Joas Content - Reference guide
  11. Lawlez-Github - Reference guide
  1. XXE Injection
  2. CSRF
  3. Cross-Site Scripting Exploitation
  4. Cross-Site Scripting (XSS)
  5. Unrestricted File Upload
  6. Open Redirect
  7. Remote File Inclusion (RFI)
  8. HTML Injection
  9. Path Traversal
  10. Broken Authentication & Session Management
  11. OS Command Injection
  12. Multiple Ways to Banner Grabbing
  13. Local File Inclusion (LFI)
  14. Netcat for Pentester
  15. WPScan:WordPress Pentesting Framework
  16. WordPress Pentest Lab Setup in Multiple Ways
  17. Multiple Ways to Crack WordPress login
  18. Web Application Pentest Lab Setup on AWS
  19. Web Application Lab Setup on Windows
  20. Web Application Pentest Lab setup Using Docker
  21. Web Shells Penetration Testing
  22. SMTP Log Poisoning
  23. HTTP Authentication
  24. Understanding the HTTP Protocol
  25. Broken Authentication & Session Management
  26. Apache Log Poisoning through LFI
  27. Beginner’s Guide to SQL Injection (Part 1)
  28. Boolean Based
  29. How to Bypass SQL Injection Filter
  30. Form Based SQL Injection
  31. Dumping Database using Outfile
  32. IDOR

Reviews

  1. OSWE Review - Portuguese Content
  2. 0xklaue
  3. greenwolf security
  4. Cristian R
  5. 21y4d - Exam Reviews
  6. Marcin Szydlowski
  7. Nathan Rague
  8. Elias Dimopoulos
  9. OSWE Review - Tips & Tricks - OSWE Review - Tips & Tricks
  10. Alex-labs
  11. niebardzo Github - Exam Review
  12. Marcus Aurelius
  13. yakuhito
  14. donavan.sg
  15. Alexei Kojenov
  16. (OSWE)-Journey & Review - Offensive Security Web Expert (OSWE) - Journey & Review
  17. Patryk Bogusz
  18. svdwi GitHub - OSWE Labs POC
  19. Werebug.com - OSWE and OSEP
  20. jvesiluoma
  21. ApexPredator
  22. Thomas Peterson
  23. NOH4TS
  24. Alex
  25. RCESecurity
  26. Dhakal
  27. Karol Mazurek
  28. 4PFSec
  29. Cobalt.io

Extra Content

  1. OSWE labs - OSWE labs and exam's review/guide
  2. HTB Machine
  3. Deserialization
  4. B1twis3
  5. jangelesg GitHub
  6. rootshooter
  7. svdwi

OSEP

Content

  • Operating System and Programming Theory
  • Client Side Code Execution With Office
  • Client Side Code Execution With Jscript
  • Process Injection and Migration
  • Introduction to Antivirus Evasion
  • Advanced Antivirus Evasion
  • Application Whitelisting
  • Bypassing Network Filters
  • Linux Post-Exploitation
  • Kiosk Breakouts
  • Windows Credentials
  • Windows Lateral Movement
  • Linux Lateral Movement
  • Microsoft SQL Attacks
  • Active Directory Exploitation
  • Combining the Pieces
  • Trying Harder: The Labs

Study Materials

Reviews

Labs

OSED

Content

  • WinDbg tutorial
  • Stack buffer overflows
  • Exploiting SEH overflows
  • Intro to IDA Pro
  • Overcoming space restrictions: Egghunters
  • Shellcode from scratch
  • Reverse-engineering bugs
  • Stack overflows and DEP/ASLR bypass
  • Format string specifier attacks
  • Custom ROP chains and ROP payload decoders

Study Materials

Reviews

Labs

OSEE

Content

  • Bypass and evasion of user mode security mitigations such as DEP, ASLR, CFG, ACG and CET
  • Advanced heap manipulations to obtain code execution along with guest-to-host and sandbox escapes
  • Disarming WDEG mitigations and creating version independence for weaponization
  • 64-Bit Windows Kernel Driver reverse engineering and vulnerability discovery
  • Bypass of kernel mode security mitigations such as kASLR, NX, SMEP, SMAP, kCFG and HVCI

Study Materials

Reviews

Labs

Our Social Network