Was checking

• https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html
• https://www.peerlyst.com/posts/offensive-security-certified-professional-oscp-study-guide-peerlyst-resources-chiheb-chebbi?utm_source=twitter&utm_medium=social&utm_content=peerlyst_post&utm_campaign=peerlyst_shared_post
• https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
• https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html
• https://dann.com.br/oscp-offensive-security-certification-pwk-course-review/
• https://guide.offsecnewbie.com/cherrytree-oscp-template
• https://gist.github.com/natesubra/5117959c660296e12d3ac5df491da395
• http://0xc0ffee.io/blog/OSCP-Goldmine

Main

• Exam Guide: https://support.offensive-security.com/oscp-exam-guide/
• Exam Day Prep: https://www.vortex.id.au/2017/05/oscp-exam-preparation-exam-day-report-day/
• Exam requirements (also contains reporting requirements): https://support.offensive-security.com/#!oscp-exam-guide.md
• PWK support page: https://support.offensive-security.com/#!pwk-support.md
• https://guide.offsecnewbie.com/
• TJNulls_Preparation_Guide: https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html
• https://scriptdotsh.com/index.php/2018/04/17/31-days-of-oscp-experience/
• https://backdoorshell.gitbooks.io/oscp-useful-links/

Focused Cheetsheets

• Cheatsheets: https://ired.team/ / https://github.com/jmfrouin/Offensive-Security-OSCP-Cheatsheets
• OSCP-Cheatsheet-God: https://github.com/sumas/OSCP-Cheatsheet-God
• http://pwnwiki.io
• https://jivoi.github.io/2015/07/01/pentest-tips-and-tricks/

Guides

• Module Prep Guide: https://tulpasecurity.files.wordpress.com/2016/09/tulpa-pwk-prep-guide1.pdf
• A comprehensive guide/material for anyone looking to get into infosec or take the OSCP exam: https://github.com/RustyShackleford221/OSCP-Prep
• https://localhost.exposed/path-to-oscp/
• https://pentesterlab.com/bootcamp
• https://www.cybrary.it/course/advanced-penetration-testing/
• https://danielmiessler.com/study/tcpdump/
• https://github.com/moshekaplan/pentesting_notes
• https://0xdf.gitlab.io/tags.html#oscp
• https://github.com/areyou1or0/OSCP
• https://www.xservus.com/pwndefend/hacking-101/

Sources

• https://jhalon.github.io/OSCP-Review/
• https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob
• https://awansec.com/oscp-review.html
• https://teckk2.github.io/category/OSCP.html
• https://webcache.googleusercontent.com/search?q=cache:-QYejCxK0agJ:https://www.netsecfocus.com/oscp/review/2019/01/29/An_Adventure_to_Try_Harder_Tjnulls_OSCP_Journey.html+&cd=1&hl=en&ct=clnk&gl=lk
• https://web.archive.org/web/20181212154847/https://github.com/mantvydasb/Offensive-Security-OSCP-Cheatsheets
• https://areyou1or0.blogspot.com/2019/01/finally-oscp-may-force-be-with-you.html
• https://jordanpotti.com/oscp/

Sources with more tips:

https://h4ck.co/oscp-journey-exam-lab-prep-tips/

Note to Check

• https://github.com/areyou1or0/OSCP
• https://github.com/nairuzabulhul/RoadMap
• https://gist.github.com/cokebottle/3e0916522dc09086ee45e5a93d664f16
• https://www.exploit-db.com/papers/12902

Resources

• Pentest Monkey - Post Exploitation Without a TTY: http://pentestmonkey.net/blog/post-exploitation-without-a-tty
• Phineas Fisher Hacks Catalan Police Union Website: https://www.youtube.com/watch?v=oI_ZhFCS3AQ#t=25m53s
• Phineas Fisher - Hackingteam Writeup: http://pastebin.com/raw/0SNSvyjJ
• Windows / Linux Local Privilege Escalation Workshop: https://github.com/sagishahar/lpeworkshop

Cheatsheets

• Transferring Files from Linux to Windows (post-exploitation): https://blog.ropnop.com/transferring-files-from-kali-to-windows/
• Linux: Basic Linux Privilege Escalation - https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
• Windows post exploration commands: http://www.handgrep.se/repository/cheatsheets/postexploitation/WindowsPost-Exploitation.pdf
• https://github.com/tkal/The-Security-Handbook
• https://github.com/absolomb/Pentesting/blob/master/guides/LinuxPrivEsc.md
• http://packetlife.net/library/cheat-sheets/
• http://ired.team/offensive-security-experiments/offensive-security-cheetsheets
• https://github.com/jmfrouin/Offensive-Security-OSCP-Cheatsheets
• https://www.matteomalvica.com/pentesting/
• https://github.com/OlivierLaflamme/Cheatsheet-God
• VIM: https://vim.rtorr.com/
• Netcat: https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf
• Nmap: https://highon.coffee/blog/nmap-cheat-sheet/
• Notepad++: http://www.cheat-sheets.org/saved-copy/Notepad++_Cheat_Sheet.pdf
• Bash: https://www.isical.ac.in/~pdslab/2016/lectures/bash_cheat_sheet.pdf
• Reverse Shell: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
• Google: https://www.sans.org/security-resources/GoogleCheatSheet.pdf
• Python: https://www.tunnelsup.com/python-cheat-sheet/
• Metasploit: https://www.tunnelsup.com/metasploit-cheat-sheet/

Collections

• windows-kernel-exploits Windows: https://github.com/SecWiki/windows-kernel-exploits
• http://pwnwiki.io/#!privesc/windows/index.md
• https://github.com/netbiosX/Checklists
• https://github.com/enaqx/awesome-pentest
• https://xapax.gitbooks.io/security/content/
• NetSec Focus - Learning Resources: https://docs.google.com/spreadsheets/d/12bT8APhWsL-P8mBtWCYu4MLftwG1cPmIL25AEBtXDno/edit#gid=1556200786
• https://chryzsh.gitbooks.io/pentestbook
• https://github.com/vitalysim/Awesome-Hacking-Resources
• https://guif.re/
• https://github.com/danielmiessler/SecLists
• https://sqlwiki.netspi.com/?dbms=SQLServer

Practice Boxes

• https://h4cklife.org/2018/05/22/a-pre-exam-for-future-oscp-students/
  • https://drive.google.com/open?id=1p0U9yYSObcJty5REN88EQzPeDOFauIn0
  • https://www.secjuice.com/writeup-lazysysadmin-vulnhub/
• https://pentest.join.eset.com/dns-discovery

Networking References

• Networking Basics: TCP, UDP, TCP/IP and OSI Model - https://www.pluralsight.com/blog/it-ops/networking-basics-tcp-udp-tcpip-osi-models
• Common Ports & Protocols - https://pbs.twimg.com/media/DP7axHKUEAALlJB.jpg:large
• DNS Hacking - http://resources.infosecinstitute.com/dns-hacking/#gref
• Port Redirection / Tunneling - https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/
• http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html
• http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html

• Security+ Section 1: Network Security - https://www.professormesser.com/security-plus/sy0-401/sy0-401-course-index/
• Nmap Basics - https://nmap.org/bennieston-tutorial/
• Understanding Guide for Nmap Ping Scan (Firewall Bypass): https://www.hackingarticles.in/understanding-guide-nmap-ping-scan-firewall-bypass/

Linux References

• Learn Linux from the safety of your chair using a remote private linux machine with root access: https://linuxzoo.net/
• Linux Journey - https://linuxjourney.com/
• OverTheWire - Bandit - http://overthewire.org/wargames/bandit/
• Bash Scritping Tutorial - https://linuxconfig.org/bash-scripting-tutorial
• Null Byte - Linux Basics - https://null-byte.wonderhowto.com/how-to/linux-basics/

• Bash for Beginners - http://www.tldp.org/LDP/Bash-Beginners-Guide/html/
• Explainshell - http://www.explainshell.com/

Python References

• Codecademy - Python - https://www.codecademy.com/learn/learn-python
• Python 2.7.14 Documentation - https://docs.python.org/2/index.html
• Violent Python

Enumeration

• Enumeration: http://0daysecurity.com/penetration-testing/enumeration.html
• SMTP - https://pentestlab.blog/2012/11/20/smtp-user-enumeration/
• SNMP - http://carnal0wnage.attackresearch.com/2007/07/over-in-lso-chat-we-were-talking-about.html
• http://resources.infosecinstitute.com/what-is-enumeration/#gref
• https://www.sans.edu/cyber-research/security-laboratory/article/attacks-browsing
• Recon sript: https://github.com/bitsadmin/miscellaneous/blob/master/localrecon.cmd
• SMB: https://hackercool.com/2016/07/smb-enumeration-with-kali-linux-enum4linuxacccheck-smbmap/
• • Vanquish: https://github.com/frizb/Vanquish
• Reconnaissance with Recon-Ng, Part 1 (Getting Started): https://null-byte.wonderhowto.com/how-to/hack-like-pro-reconnaissance-with-recon-ng-part-1-getting-started-0169854/

Buffer Overflow

• https://github.com/justinsteven/dostackbufferoverflowgood
• https://www.sans.org/reading-room/whitepapers/threats/paper/481
• https://github.com/justinsteven/dostackbufferoverflowgood

• https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
• https://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/

• https://exploit-exercises.com/protostar/
• http://www.opensecuritytraining.info/IntroX86.html

Exploitation

• https://sploitfun.wordpress.com/2015/06/26/linux-x86-exploit-development-tutorial-series/
• https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells
• https://pen-testing.sans.org/blog/2013/05/06/netcat-without-e-no-problem
• https://highon.coffee/blog/reverse-shell-cheat-sheet/
• http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
• Passing the hash with remote Desktop - https://www.kali.org/penetration-testing/passing-hash-remote-desktop/
• Spawning a TTY (Interactive) Shell - https://netsec.ws/?p=337
• Creating Metasploit Payloads - https://netsec.ws/?p=331

Windows exploitation

• https://github.com/GuardianRG/awesome-windows-exploitation - https://github.com/GuardianRG/awesome-windows-exploitation/blob/d84ec32638c7362bd21b4f66639ddc9c763e7cc7/README.md
• https://n0where.net/awesome-windows-exploitation-resources

Privilege Escalation - linux

• https://github.com/pentestmonkey/unix-privesc-check
• Linux: linuxprivchecker.py - http://www.securitysift.com/download/linuxprivchecker.py
• Linux: LinEnum - https://github.com/rebootuser/LinEnum
• http://resources.infosecinstitute.com/privilege-escalation-linux-live-examples/#gref

• Basic Linux Privilege Escalation (g0tmi1k)

• Linux/Unix privileges from a blackhats perspective

• Automated Unix Privilege Escalation Check (pentestmonkey)

Privilege Escalation - Windows

• https://github.com/pentestmonkey/windows-privesc-check
• Windows Privilege Escalation Methods for Pentesters: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
• Windows:Elevating privileges by exploiting weak folder permissions - http://www.greyhathacker.net/?p=738
• Windows: Windows-Exploit-Suggester - https://github.com/GDSSecurity/Windows-Exploit-Suggester
• Using Credentials to Own Windows Boxes - Part 1 (from Kali): https://blog.ropnop.com/using-credentials-to-own-windows-boxes/
• Using Credentials to Own Windows Boxes - Part 2 (PSExec and Services): https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-2-psexec-and-services/
• Using Credentials to Own Windows Boxes - Part 3 (WMI and WinRM): https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-3-wmi-and-winrm/-

• Windows: Privilege Escalation Fundamentals - http://www.fuzzysecurity.com/tutorials/16.html
• Practical Windows Privilege Escalation - https://www.youtube.com/watch?v=PC_iMqiuIRQ
• Automated Windows Privilege Escalation Check (pentestmonkey)
• Windows Privilege Escalation – a cheatsheet (Tim Arneaud)

Privilege Escalation - Common

• MySQL Root to System Root with UDF - https://www.adampalmer.me/iodigitalsec/2013/08/13/mysql-root-to-system-root-with-udf-for-windows-and-linux/

Client Side Attacks

• Metasploit Unleashed - https://www.offensive-security.com/metasploit-unleashed/client-side-attacks/

Web Attacks

• SQLI - https://www.exploit-db.com/papers/13045/
• OverTheWire: Natas - http://overthewire.org/wargames/natas/
• Learning LFI-RFI -1 - https://www.hackersonlineclub.com/lfi-rfi/
• Learning LFI-RFI -2 - https://0xzoidberg.wordpress.com/category/security/lfi-rfi/
• SQL Injection Cheat-sheet -1 - http://resources.infosecinstitute.com/backdoor-sql-injection/

• Local file inclusion - https://www.exploit-db.com/docs/english/40992-web-app-penetration-testing---local-file-inclusion-(lfi).pdf

Password Attacks

• https://alexandreborgesbrazil.files.wordpress.com/2013/08/introduction_to_password_cracking_part_1.pdf

Practice

• Root-me.org
• https://www.rebootuser.com/
• https://cmdchallenge.com/
• https://vim-adventures.com/
• https://lab.pentestit.ru/
• https://ctf365.com/
• https://pentesterlab.com/bootcamp
• https://exploit-exercises.com/mainsequence/
• http://overthewire.org/wargames/natas/

Books

• Penetration Testing: A Hands-On Introduction to Hacking
• The Hacker Playbook 3: Practical Guide To Penetration Testing
• The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws
• Black Hat Python: Python Programming for Hackers and Pentesters
• Hacking: The Art of Exploitation, 2^nd Edition

Shell

• https://highon.coffee/blog/reverse-shell-cheat-sheet/
• Spawning a TTY Shell: https://netsec.ws/?p=337
• ICMP Reverse Shell: https://resources.infosecinstitute.com/icmp-reverse-shell/#gref

Payloads

• Creating Metasploit Payloads: https://netsec.ws/?p=331

Sites

OSCP Exam Guide, PentestMonkey, Hash Cracking Sites, Privilege Escalation, Practical OSCP Tips/Tricks, Exploit-DB, Low Priv Enum Linux (g0tmi1k), Default Credentials (open-sez.me), RTFM online, 0daysecurity master enumeration, how to use vi (for the brave), GTFO bins (love these), LOL Bins

Corelan Buffer Overflow Exploit Part 1

Buffer Overflow Guide by Stefan Molls

File Transfer Guide, SQL Auth Bypass, SQL Injection Cheat Sheet, Metasploit Basics, LFI Cheat Sheet, Cold Fusion Cheat Sheet, All The Things Payloads, Ultimate Windows Priv Esc Methods, NFS Attacks, Michael LaSalvia: Path to the OSCP, Rumkin Cyphers, All the Exploit Papers, and OSCP Practical Tips.

Movie: Zero Days

Audio Books: Deep Work, The Art of Invisibility, Grit, Spam Nation, Red Team: How to think like the enemy, Ghost in the Wires, The Girl With the Dragon Tattoo, and Mastery.