/OSCE-Prep

A list of freely available resources that can be used as a prerequisite before taking OSCE.

OSCE PREP

This repository contains a list of freely available resources that can be used as a pre-requisite before enrolling in Offensive Security's Cracking the Perimeter (CTP) course and OSCE certification.

The following table shows notes, courses, challenges, and tutorials that can taken in preparation for the OSCE. It should be noted that the content within multiple sources do overlap each other so not all of these resources are needed.

Web Application Security

Order Name Type Link
1 PayloadsAllTheThings Directory Traversal CheatSheet CheatSheet https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal
2 PayloadsAllTheThings XSS CheatSheet CheatSheet https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection
3 XSS Payloads Payloads http://www.xss-payloads.com/
4 XSS to Domain Admin Webinar https://www.elearnsecurity.com/resources/webinar_video/xss-to-domain-admin/
5 LFI to RCE Exploit with Perl Script Paper https://www.exploit-db.com/papers/12992
6 Using XSS to bypass CSRF protection Paper https://www.exploit-db.com/docs/13534
7 Local File Inclusion (LFI) Paper https://www.exploit-db.com/docs/english/40992-web-app-penetration-testing---local-file-inclusion-(lfi).pdf

Anti Detection

Order Name Type Link
1 Backdooring PE Files - Part 1 Blog http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-1.html
2 Backdooring PE Files - Part 2 Blog http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-2.html
3 Backdooring Windows EXEs for Fun and Profit Blog http://ly0n.me/2015/07/09/backdooring-windows-exes-for-fun-and-profit-part-1/
4 Art of Anti Detection – 1 Paper https://www.exploit-db.com/docs/40900.pdf
5 Art of Anti Detection – 2 Paper https://www.exploit-db.com/docs/41129.pdf
6 Art of Anti Detection – 2 Paper https://www.exploit-db.com/docs/41129.pdf
7 Art of Anti Detection – 1 Blog Blog https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/
8 Art of Anti Detection – 2 Blog Blog https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/
9 Art of Anti Detection – 3 Blog Blog https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/
10 Art of Anti Detection – 4 Blog Blog https://pentest.blog/art-of-anti-detection-4-self-defense/

Assembly Language

Order Name Type Link
1 Skullsecurity Assembly Language Wiki Blog https://wiki.skullsecurity.org/index.php?title=Assembly
2 Sensepost A Crash Course in x86 Assembly for Reverse Engineers Paper https://sensepost.com/blogstatic/2014/01/SensePost_crash_course_in_x86_assembly-.pdf
3 SecurityTube Windows Assembly Language Megaprimer Videos http://www.securitytube.net/groups?operation=view&groupId=6

Fuzzing

Order Name Type Link
1 Introduction to Network Protocol Fuzzing & Buffer Overflow Exploitation Blog https://blog.own.sh/introduction-to-network-protocol-fuzzing-buffer-overflow-exploitation/
2 HowTo: ExploitDev Fuzzing Blog https://hansesecure.de/2018/03/howto-exploitdev-fuzzing/
3 [VulnServer] Exploiting TRUN Command via Vanilla EIP Overwrite Blog https://captmeelo.com/exploitdev/osceprep/2018/06/27/vulnserver-trun.html
4 CTP/OSCE Prep – Boofuzzing Vulnserver for EIP Overwrite Blog https://h0mbre.github.io/Boofuzz_to_EIP_Overwrite/#
5 Boofuzz – A helpful guide (OSCE – CTP) Blog https://zeroaptitude.com/zerodetail/fuzzing-with-boofuzz/

Exploit Development

Order Name Type Link
1 DEFCON 16: BackTrack Foo - From bug to 0day Presentation https://www.youtube.com/watch?v=gHISpAZiAm0
2 Corelan Exploit Writing Tutorial part 1: Stack Based Overflows Blog http://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
3 Corelan Exploit Writing Tutorial part 2: Stack Based Overflows Blog http://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/
4 Corelan Exploit Writing Tutorial part 3: SEH Based Exploits Blog http://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/
5 Corelan Exploit Writing Tutorial part 3b: SEH Based Exploits Blog http://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/
6 Corelan Exploit Writing Tutorial part 4: From Exploit to Metasploit Blog http://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/
7 Corelan Exploit Writing Tutorial part 5: How debugger modules & plugins can speed up basic exploit development Blog http://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/
8 Corelan Exploit Writing Tutorial part 6: Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR Blog http://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/
9 Corelan Exploit Writing Tutorial part 7: Unicode from 0x00410041 to calc Blog http://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/
10 Corelan Exploit Writing Tutorial part 8: Win32 Egg Hunting Blog http://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/
11 Corelan Exploit Writing Tutorial part 9: Introduction to Win32 shellcoding Blog http://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/
12 Mona py : The Exploit Writer's Swiss Army Knife Presentation https://www.youtube.com/watch?v=y2zrEAwmdws
13 Eliminating the bad characters in your Exploit Presentation https://www.youtube.com/watch?v=IOjl3tU1Ht8
14 Understanding Windows Shellcode Paper http://www.hick.org/code/skape/papers/win32-shellcode.pdf
15 Safely Searching Process Virtual Address Space Paper http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf

Practical

Order Name Type Link
1 Vulnserver Lab https://github.com/stephenbradshaw/vulnserver
2 Fuzzysecurity Part 1: Introduction to Exploit Development Tutorial http://www.fuzzysecurity.com/tutorials/expDev/1.html
3 Fuzzysecurity Part 2: Saved Return Pointer Overflows Tutorial http://www.fuzzysecurity.com/tutorials/expDev/2.html
4 Fuzzysecurity Part 3: Part 3: Structured Exception Handler (SEH) Tutorial http://www.fuzzysecurity.com/tutorials/expDev/3.html
5 Fuzzysecurity Part 4: Egg Hunters Tutorial http://www.fuzzysecurity.com/tutorials/expDev/4.html
6 Fuzzysecurity Part 5: Unicode 0x00410041 Tutorial http://www.fuzzysecurity.com/tutorials/expDev/5.html
7 Fuzzysecurity Part Part 6: Writing W32 shellcode Tutorial http://www.fuzzysecurity.com/tutorials/expDev/6.html
8 SecuritySift Windows Exploit Development – Part 1: The Basics Tutorial https://www.securitysift.com/windows-exploit-development-part-1-basics/
9 SecuritySift Windows Exploit Development – Part 2: StackOverflow Tutorial https://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/
10 SecuritySift Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules Tutorial https://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/
11 SecuritySift Windows Exploit Development – Part 4: Locating Shellcode Jumps) Tutorial https://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/
12 SecuritySift Windows Exploit Development – Part 5: Locating Shellcode Egghunting Tutorial https://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/
13 SecuritySift Windows Exploit Development – Part 6: SHE Exploits Tutorial https://www.securitysift.com/windows-exploit-development-part-6-seh-exploits/
14 SecuritySift Windows Exploit Development – Part 7: Unicode Buffer Overflows Tutorial https://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows/

Network Security

Order Name Type Link
1 Cisco SNMP configuration attack with a GRE tunnel Blog https://www.symantec.com/connect/articles/cisco-snmp-configuration-attack-gre-tunnel
2 Bypassing Cisco SNMP access lists using Spoofed SNMP Requests Blog http://new.remote-exploit.org/index.php/SNMP_Spoof
3 Bypassing Router’s Access Control List (ACL) Blog https://securityshards.wordpress.com/2016/02/05/bypassing-routers-access-control-list-acl/

Misc/Extra

Order Name Type Link
1 Mona.py The Manual Cheatsheet https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/r
2 Windows Reverse Shell Shellcode I log http://sh3llc0d3r.com/windows-reverse-shell-shellcode-i/
3 hellcoding for Linux and Windows Tutorial Blog http://www.vividmachines.com/shellcode/shellcode.html#ws
4 peCloak.py – An Experiment in AV Evasion Tool https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/
5 EggSandwich – An Egghunter with Integrity Tool https://www.securitysift.com/eggsandwich-egghunter-integrity/
6 Live Demo from Backtrack to the MAX 1/5 Tool https://www.youtube.com/watch?v=kwq5VQj3Ils
7 Live Demo from Backtrack to the MAX 2/5 Tool https://www.youtube.com/watch?v=ykfHy2lX88c
8 Live Demo from Backtrack to the MAX 3/5 Tool https://www.youtube.com/watch?v=IWf7UM7qX0M
9 Live Demo from Backtrack to the MAX 4/5 Tool https://www.youtube.com/watch?v=azepnwdVfyU
10 Live Demo from Backtrack to the MAX 5/5 Tool https://www.youtube.com/watch?v=6gmAoW1mtYg
11 CTP/OSCE Scripts Repository https://github.com/h0mbre/CTP-OSCE
12 OSCE-exam-practice Repository https://github.com/epi052/OSCE-exam-practice
13 Vulnserver: Fuzzing and Exploits Repository https://github.com/ricardojoserf/vulnserver-exploits