OSCP course layout

2017, Dec 07    

OSCP Course Layout

  • Penetration Testing: What You Should Know
    • About Kali Linux
    • About Penetration Testing
    • Legal
    • The megacorpone.com Domain
    • Offensive Security Labs
  • Getting Comfortable with Kali Linux
    • Finding Your Way Around Kali
    • Managing Kali Linux Services
    • The Bash Environment
    • Intro to Bash Scripting
  • The EssentiaTools
    • Netcat
    • Ncat
    • Wireshark
    • Tcpdump
  • Passive Information Gathering
    • Open Web Information Gathering
    • Email Harvesting
    • Additional Resources
    • ReconLng
  • Active Information Gathering
    • DNS Enumeration
    • Port Scanning
    • SMB Enumeration
    • SMTP Enumeration
    • SNMP Enumeration
  • Vulnerability Scanning
    • Vulnerability Scanning with Nmap
    • The OpenVAS Vulnerability Scanner
  • Buffer Overflows
    • Fuzzing
  • Win32 Buffer Overflow Exploitation
    • Replicating the Crash
    • Controlling EIP
    • Locating Space for Your Shellcode
    • Checking for Bad Characters
    • Redirecting the Execution Flow
    • Generating Shellcode with Metasploit
    • Getting a Shell
    • Improving the Exploit
  • Linux Buffer Overflow Exploitation
    • Setting Up the Environment
    • Crashing Crossfire
    • Controlling EIP
    • Finding Space for Our Shellcode
    • Improving Exploit Reliability
    • Discovering Bad Characters
    • Finding a Return Address
    • Getting a Shell
  • Working with Exploits
    • Searching for Exploits
    • Customizing and Fixing Exploits
  • File Transfers
    • A Word About Anti Virus Software
    • File Transfer Methods
  • Privilege Escalation
    • Privilege Escalation Exploits
    • Configuration Issues
  • Client Side Attacks
    • Know Your Target
    • MS12L037Internet Explorer 8 Fixed CoSpan ID
    • Java Signed Applet Attack
  • Web Application Attacks
    • Essential firefox AddLons
    • Cross Site Scripting (XSS)
    • File Inclusion Vulnerabilities
    • MySQL SQL Injection
    • Web Application Proxies
    • Automated SQL Injection Tools
  • Password Attacks
    • Preparing for Brute Force
    • Online Password Attacks
    • Password Hash Attacks
  • Port Redirection and Tunneling
    • Port Forwarding/Redirection
    • SSH Tunneling
    • Proxy chains
    • HTTP Tunneling
    • Traffic Encapsulation
  • The Metasploit Framework
    • Metasploit User Interfaces
    • Setting up Metasploit Framework on Kali
    • Exploring the Metasploit Framework
    • Auxiliary Modules
    • Exploit Modules
    • Metasploit Payloads
    • Building Your Own MSF Module
    • Post Exploitation with Metasploit
  • Bypassing Antivirus Software
    • Encoding Payloads with Metasploit
    • Crypting Known Malware with Software Protectors
    • Using Custom/Uncommon Tools and Payloads
    • Exercise
  • Assembling the Pieces: Penetration Test Breakdown
    • Phase 0 – Scenario Description
    • Phase 1 – Information Gathering
    • Phase 2 – Vulnerability Identification and Prioritization
    • Phase 3 – Research and Development
    • Phase 4 – Exploitation
    • Phase 5 – PostLExploitation