OSCP : Complete Guide Part-1
Hi everyone, so I’m sharing some resources & tools information which will be helpful in your OSCP journey.
If you have a career in Information Security and are intrigued by defensive and offensive techniques, consider becoming an Offensive Security Certified Professional (OSCP). The OSCP certification is designed to demonstrate the skills and knowledge necessary to be a penetration tester
What is an OSCP certification?
OSCP is an ethical hacking certification offered by Offensive Security (OffSec). Holding this certification validates a professional’s knowledge of penetration testing methodologies using tools inherent in the Kali Linux distribution. Kali is an open-source, Debian-based Linux distribution that enables security and IT professionals to assess the security of their systems.
Holding an OSCP certification indicates the holder has acquired essential skills required to work in any of the following roles, among others:
. Security analyst
. Computer forensics analyst
. Security specialist
. Penetration Tester
. Security Engineer
. Security Code Auditor
. Malware Analyst
. Security Consultant
Resources & Tools : -
1. Basics
Swaks — https://github.com/jetmore/swaks
CyberChef — https://gchq.github.io/CyberChef/
2. Information Gathering
Nmap — https://github.com/nmap/nmap
pspy — https://github.com/DominicBreuker/pspy
enum4linux — https://github.com/CiscoCXSecurity/enum4linux
BloodHound — https://github.com/BloodHoundAD/BloodHound
BloodHound Python — https://github.com/fox-it/BloodHound.py
3. Vulnerability Analysis
Sparta — https://github.com/SECFORCE/sparta
nikto — https://github.com/sullo/nikto
4. Web Application Analysis
PayloadsAllTheThings — https://github.com/swisskyrepo/PayloadsAllTheThings
ysoserial — https://github.com/frohoff/ysoserial
JSON Web Tokens — https://jwt.io/
httpx — https://github.com/projectdiscovery/httpx
Gobuster — https://github.com/OJ/gobuster
ffuf — https://github.com/ffuf/ffuf
Wfuzz — https://github.com/xmendez/wfuzz
WPScan — https://github.com/wpscanteam/wpscan
5. Password Attacks
Hydra — https://github.com/vanhauser-thc/thc-hydra
Patator — https://github.com/lanjelot/patator
Kerbrute — https://github.com/ropnop/kerbrute
CrackMapExec — https://github.com/byt3bl33d3r/CrackMapExec SprayingToolkit — https://github.com/byt3bl33d3r/SprayingToolkit
John — https://github.com/openwall/john
hashcat — https://hashcat.net/hashcat
LaZagne — https://github.com/AlessandroZ/LaZagne
mimikatz — https://github.com/gentilkiwi/mimikatz
pypykatz — https://github.com/skelsec/pypykatz
RsaCtfTool — https://github.com/Ganapati/RsaCtfTool
Default Credentials Cheat Sheet — https://github.com/ihebski/DefaultCreds-cheat-sheet
6. Reverse Engineering
dnSpy — https://github.com/dnSpy/dnSpy
AvalonialLSpy — https://github.com/icsharpcode/AvaloniaILSpy
ghidra — https://github.com/NationalSecurityAgency/ghidra
pwndbg — https://github.com/pwndbg/pwndbg
cutter — https://github.com/rizinorg/cutter
Radare2 — https://github.com/radareorg/radare2
GEF — https://github.com/hugsy/gef
peda — https://github.com/longld/peda
JD-GUI — https://github.com/java-decompiler/jd-gui
7. Exploitation Tools
lsassy — https://github.com/Hackndo/lsassy
Rubeus — https://github.com/GhostPack/Rubeus
printspoofer — https://github.com/dievus/printspoofer
pth-toolkit — https://github.com/byt3bl33d3r/pth-toolkit
Evil-WinRM — https://github.com/Hackplayers/evil-winrm
Metasploit — https://github.com/rapid7/metasploit-framework SharpCollection — https://github.com/Flangvik/SharpCollection PowerSharpPack — https://github.com/S3cur3Th1sSh1t/PowerSharpPack
all these are collected from various resources & git repo’s, I will share more in Part -2 of this series
Hope this will help you :)
Thanks