OSWE, OSEP, OSED
- Web security tools and methodologies
- Source code analysis
- Persistent cross-site scripting
- Session hijacking
- .NET deserialization
- Remote code execution
- Blind SQL injections
- Data exfiltration
- Bypassing file upload restrictions and file extension filters
- PHP type juggling with loose comparisons
- PostgreSQL Extension and User Defined Functions
- Bypassing REGEX restrictions
- Magic hashes
- Bypassing character restrictions
- UDF reverse shells
- PostgreSQL large objects
- DOM-based cross site scripting (black box)
- Server side template injection
- Weak random token generation
- XML External Entity Injection
- RCE via database Functions
- OS Command Injection via WebSockets (BlackBox)
- https://github.com/timip/OSWE
- https://github.com/noraj/AWAE-OSWE
- https://github.com/wetw0rk/AWAE-PREP
- https://github.com/kajalNair/OSWE-Prep
- https://github.com/s0j0hn/AWAE-OSWE-Prep
- https://github.com/deletehead/awae_oswe_prep
- https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/
- https://rayhan0x01.github.io/web/2021/04/12/awae-web-300-oswe-guide-2021.html
- https://drive.google.com/file/d/1bASc-SLmuD0tXmd88h0QclRSpUu_rvnF/view?usp=sharing
- https://www.helviojunior.com.br/it/oswe-uma-historia-de-insucessos/
- https://0xklaue.medium.com/attacking-the-web-the-offensive-security-way-b38bea609318
- https://medium.com/greenwolf-security/an-awae-oswe-review-2020-update-6d6ec7a80c1f
- https://securitygrind.com/the-oswe-in-review/
- https://forum.hackthebox.eu/discussion/2646/oswe-exam-review-2020-notes-gifts-inside
- https://infosecwriteups.com/awae-oswe-review-from-a-non-developer-perspective-2c2842cfbd4d
- https://hub.schellman.com/blog/oswe-review-and-exam-preparation-guide
- https://www.linkedin.com/pulse/awaeoswe-2020-expected-review-elias-dimopoulos/
- https://www.youtube.com/watch?v=ElZ7fFE9Gr4
- https://alex-labs.com/my-awae-review-becoming-an-oswe/
- https://niebardzo.github.io/2021-01-12-oswe-review/
- https://stacktrac3.co/oswe-review-awae-course/
- https://blog.kuhi.to/offsec-awae-oswe-review
- https://donavan.sg/blog/index.php/2020/03/14/the-awae-oswe-journey-a-review/
- https://kojenov.com/2020-04-08-oswe-review/
- https://www.reddit.com/r/OSWE/comments/bsods2/i_just_passed_the_oswe_exam_amaa_about_the_exam/
- https://mystiko.sh/?p=555
- https://nethemba.com/why-i-no-longer-endorse-offensive-security/
- https://www.youtube.com/watch?v=w4jdrs_rfuk
- https://securityforeveryone.com/blog/web-300-course-and-oswe-review
- https://www.youtube.com/watch?v=F46tQww_IvE
- https://www.youtube.com/watch?v=NMGsnPSm8iw&list=PLidcsTyj9JXKTnpphkJ310PVVGF-GuZA0
- https://www.youtube.com/watch?v=S1YUmKGL33w
- https://www.youtube.com/watch?v=t-zVC-CxYjw&list=PLL5n_4gj5JCw1aRrlVbdMCAugNz-ia3Wh
- https://github.com/svdwi/OSWE-Labs
- https://www.vesiluoma.com/offensive-security-web-expert-oswe-advanced-web-attacks-and-exploitation/
- https://medium.com/@fasthm00/the-state-of-oswe-c68150210fe4
- https://alex-labs.com/my-awae-review-becoming-an-oswe/
- https://github.com/jangelesg/AWAE-OSWE
- Operating System and Programming Theory
- Client Side Code Execution With Office
- Client Side Code Execution With Jscript
- Process Injection and Migration
- Introduction to Antivirus Evasion
- Advanced Antivirus Evasion
- Application Whitelisting
- Bypassing Network Filters
- Linux Post-Exploitation
- Kiosk Breakouts
- Windows Credentials
- Windows Lateral Movement
- Linux Lateral Movement
- Microsoft SQL Attacks
- Active Directory Exploitation
- Combining the Pieces
- Trying Harder: The Labs
- https://github.com/chvancooten/OSEP-Code-Snippets
- https://github.com/nullg0re/Experienced-Pentester-OSEP
- https://github.com/r0r0x-xx/OSEP-Pre
- https://github.com/deletehead/pen_300_osep_prep
- https://github.com/J3rryBl4nks/OSEP-Thoughts
- https://github.com/chvancooten/OSEP-Code-Snippets/blob/main/README.md
- https://github.com/aldanabae/Osep
- https://drive.google.com/file/d/1znezUNtghkcFhwfKMZmeyNrtdbwBXRsz/view?usp=sharing
- https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations
- https://nullg0re.com/?p=113
- https://www.schellman.com/blog/osep-and-pen-300-course-review
- https://cinzinga.com/OSEP-PEN-300-Review/
- https://www.youtube.com/watch?v=iUPyiJbN4l4
- https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/
- https://www.reddit.com/r/osep/comments/ldhc20/osep_review/
- https://www.reddit.com/r/oscp/comments/jj0sr9/offensive_security_experienced_penetration_tester/
- https://www.purpl3f0xsecur1ty.tech/2021/03/18/osep.html
- https://makosecblog.com/miscellaneous/osep-course-review/
- https://www.youtube.com/watch?v=iUPyiJbN4l4&t=1s
- https://www.youtube.com/watch?v=15sv5eZ0oCM
- https://www.youtube.com/watch?v=0n3Li63PwnQ
- https://www.youtube.com/watch?v=BWNzB1wIEQc
- https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
- https://www.exploit-db.com/evasion-techniques-breaching-defenses
- https://noraj.github.io/OSCP-Exam-Report-Template-Markdown/
- WinDbg tutorial
- Stack buffer overflows
- Exploiting SEH overflows
- Intro to IDA Pro
- Overcoming space restrictions: Egghunters
- Shellcode from scratch
- Reverse-engineering bugs
- Stack overflows and DEP/ASLR bypass
- Format string specifier attacks
- Custom ROP chains and ROP payload decoders
- https://github.com/snoopysecurity/OSCE-Prep
- https://github.com/epi052/osed-scripts
- https://www.exploit-db.com/windows-user-mode-exploit-development
- https://github.com/r0r0x-xx/OSED-Pre
- https://github.com/sradley/osed
- https://github.com/Nero22k/Exploit_Development
- https://www.youtube.com/watch?v=7PMw9GIb8Zs
- https://www.youtube.com/watch?v=FH1KptfPLKo
- https://www.youtube.com/watch?v=sOMmzUuwtmc
- https://blog.exploitlab.net/
- https://azeria-labs.com/heap-exploit-development-part-1/
- http://zeroknights.com/getting-started-exploit-lab/
- https://drive.google.com/file/d/1poocO7AOMyBQBtDXvoaZ2dgkq3Zf1Wlb/view?usp=sharing
- https://drive.google.com/file/d/1qPPs8DHbeJ6YIIjbsC-ZPMajUeSfXw6N/view?usp=sharing
- https://drive.google.com/file/d/1RdkhmTIvD6H4uTNxWL4FCKISgVUbaupL/view?usp=sharing
- https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
- https://github.com/wtsxDev/Exploit-Development/blob/master/README.md
- https://github.com/corelan/CorelanTraining
- https://github.com/subat0mik/Journey_to_OSCE
- https://github.com/nanotechz9l/Corelan-Exploit-tutorial-part-1-Stack-Based-Overflows/blob/master/3%20eip_crash.rb
- https://github.com/snoopysecurity/OSCE-Prep
- https://github.com/bigb0sss/OSCE
- https://github.com/epi052/OSCE-exam-practice
- https://github.com/mdisec/osce-preparation
- https://github.com/mohitkhemchandani/OSCE_BIBLE
- https://github.com/FULLSHADE/OSCE
- https://github.com/areyou1or0/OSCE-Exploit-Development
- https://github.com/securityELI/CTP-OSCE
- https://drive.google.com/file/d/1MH9Tv-YTUVrqgLT3qJDBl8Ww09UyF2Xc/view?usp=sharing
- https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1
- https://connormcgarr.github.io/browser1/
- https://kalitut.com/exploit-development-resources/
- https://github.com/0xZ0F/Z0FCourse_ExploitDevelopment
- https://github.com/dest-3/OSED_Resources/
- https://resources.infosecinstitute.com/topic/python-for-exploit-development-common-vulnerabilities-and-exploits/
- https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept/
- https://samsclass.info/127/127_WWC_2014.shtml
- https://stackoverflow.com/questions/42615124/exploit-development-in-python-3
- https://cd6629.gitbook.io/ctfwriteups/converting-metasploit-modules-to-python
- https://subscription.packtpub.com/book/networking_and_servers/9781785282324/8
- https://www.cybrary.it/video/exploit-development-part-5/
- https://www.youtube.com/watch?v=aWHL9hIKTCA
- https://www.youtube.com/watch?v=62mWZ1xd8eM
- https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/
- https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/
- https://animal0day.blogspot.com/2018/11/reviews-for-oscp-osce-osee-and-corelan.html
- https://addaxsoft.com/blog/offensive-security-advanced-windows-exploitation-awe-osee-review/
- https://jhalon.github.io/OSCE-Review/
- https://www.youtube.com/watch?v=NAe6f1_XG6Q
- https://github.com/CyberSecurityUP/Buffer-Overflow-Labs
- https://github.com/ihack4falafel/OSCE
- https://github.com/nathunandwani/ctp-osce
- https://github.com/firmianay/Life-long-Learner/blob/master/SEED-labs/buffer-overflow-vulnerability-lab.md
- https://github.com/wadejason/Buffer-Overflow-Vulnerability-Lab
- https://github.com/Jeffery-Liu/Buffer-Overflow-Vulnerability-Lab
- https://github.com/mutianxu/SEED-LAB-Bufferoverflow_attack
XMind - Evaluation Version