└── README.md


/README.md:
--------------------------------------------------------------------------------
  1 | # OSCE PREP
  2 | 
  3 | This repository contains a list of freely available resources that can be used as a pre-requisite before enrolling in Offensive Security's [Cracking the Perimeter (CTP)](https://www.offensive-security.com/information-security-training/cracking-the-perimeter/) course and [OSCE](https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/) certification.
  4 | 
  5 | 
  6 | The following table shows notes, courses, challenges, and tutorials that can taken in preparation for the OSCE. **It should be noted that the content within multiple sources do overlap each other so not all of these resources are needed**.
  7 | 
  8 | ### Web Application Security
  9 | 
 10 | | Order | Name | Type | Link |
 11 | |--- | ----- | ----- | --- |
 12 | | 1 | PayloadsAllTheThings Directory Traversal CheatSheet | CheatSheet | https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal |
 13 | | 2 | PayloadsAllTheThings XSS CheatSheet | CheatSheet | https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection |
 14 | | 3 | XSS Payloads | Payloads | http://www.xss-payloads.com/ |
 15 | | 4 | XSS to Domain Admin | Webinar | https://www.elearnsecurity.com/resources/webinar_video/xss-to-domain-admin/ |
 16 | | 5 | LFI to RCE Exploit with Perl Script | Paper | https://www.exploit-db.com/papers/12992 |
 17 | | 6 | Using XSS to bypass CSRF protection | Paper | https://www.exploit-db.com/docs/13534 |
 18 | | 7 | Local File Inclusion (LFI) | Paper | https://www.exploit-db.com/docs/english/40992-web-app-penetration-testing---local-file-inclusion-(lfi).pdf |
 19 | 
 20 | 
 21 | 
 22 | ### Anti Detection
 23 | 
 24 | | Order | Name | Type | Link |
 25 | |--- | ----- | ----- | --- |
 26 | | 1 | Backdooring PE Files - Part 1 | Blog | http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-1.html |
 27 | | 2 | Backdooring PE Files - Part 2 | Blog | http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-2.html |
 28 | | 3 | Backdooring Windows EXEs for Fun and Profit | Blog | http://ly0n.me/2015/07/09/backdooring-windows-exes-for-fun-and-profit-part-1/ |
 29 | | 4 | Art of Anti Detection – 1 | Paper | https://www.exploit-db.com/docs/40900.pdf |
 30 | | 5 | Art of Anti Detection – 2 | Paper | https://www.exploit-db.com/docs/41129.pdf |
 31 | | 6 | Art of Anti Detection – 2 | Paper | https://www.exploit-db.com/docs/41129.pdf |
 32 | | 7 | Art of Anti Detection – 1 Blog | Blog | https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/ |
 33 | | 8 | Art of Anti Detection – 2 Blog | Blog | https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/  |
 34 | | 9 | Art of Anti Detection – 3 Blog | Blog | https://pentest.blog/art-of-anti-detection-3-shellcode-alchemy/  |
 35 | | 10 | Art of Anti Detection – 4 Blog | Blog | https://pentest.blog/art-of-anti-detection-4-self-defense/   |
 36 | 
 37 | 
 38 | ### Assembly Language
 39 | 
 40 | | Order | Name | Type | Link |
 41 | |--- | ----- | ----- | --- |
 42 | | 1 | Skullsecurity Assembly Language Wiki | Blog | https://wiki.skullsecurity.org/index.php?title=Assembly |
 43 | | 2 | Sensepost A Crash Course in x86 Assembly for Reverse Engineers | Paper | https://sensepost.com/blogstatic/2014/01/SensePost_crash_course_in_x86_assembly-.pdf |
 44 | | 3 | SecurityTube Windows Assembly Language Megaprimer | Videos | http://www.securitytube.net/groups?operation=view&groupId=6 |
 45 | 
 46 | 
 47 | 
 48 | 
 49 | 
 50 | ### Fuzzing
 51 | 
 52 | | Order | Name | Type | Link |
 53 | |--- | ----- | ----- | --- |
 54 | | 1 | Introduction to Network Protocol Fuzzing & Buffer Overflow Exploitation | Blog | https://blog.own.sh/introduction-to-network-protocol-fuzzing-buffer-overflow-exploitation/	 |
 55 | | 2 | HowTo: ExploitDev Fuzzing | Blog | https://hansesecure.de/2018/03/howto-exploitdev-fuzzing/	 |
 56 | | 3 | [VulnServer] Exploiting TRUN Command via Vanilla EIP Overwrite | Blog | https://captmeelo.com/exploitdev/osceprep/2018/06/27/vulnserver-trun.html	 |
 57 | | 4 | CTP/OSCE Prep – Boofuzzing Vulnserver for EIP Overwrite | Blog | https://h0mbre.github.io/Boofuzz_to_EIP_Overwrite/#	 |
 58 | | 5 | Boofuzz – A helpful guide (OSCE – CTP) | Blog | https://zeroaptitude.com/zerodetail/fuzzing-with-boofuzz/	|
 59 | 
 60 | 
 61 | 
 62 | ### Exploit Development
 63 | | Order | Name | Type | Link |
 64 | |--- | ----- | ----- | --- |
 65 | | 1 | DEFCON 16: BackTrack Foo - From bug to 0day | Presentation | https://www.youtube.com/watch?v=gHISpAZiAm0 | 
 66 | | 2 | Corelan Exploit Writing Tutorial part 1: Stack Based Overflows | Blog | http://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/ | 
 67 | | 3 | Corelan Exploit Writing Tutorial part 2: Stack Based Overflows | Blog |  http://www.corelan.be/index.php/2009/07/23/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-2/ | 
 68 | | 4 | Corelan Exploit Writing Tutorial part 3: SEH Based Exploits | Blog| http://www.corelan.be/index.php/2009/07/25/writing-buffer-overflow-exploits-a-quick-and-basic-tutorial-part-3-seh/ | 
 69 | | 5 | Corelan Exploit Writing Tutorial part 3b: SEH Based Exploits | Blog | http://www.corelan.be/index.php/2009/07/28/seh-based-exploit-writing-tutorial-continued-just-another-example-part-3b/ | 
 70 | | 6 | Corelan Exploit Writing Tutorial part 4: From Exploit to Metasploit | Blog | http://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ | 
 71 | | 7 | Corelan Exploit Writing Tutorial part 5: How debugger modules & plugins can speed up basic exploit development | Blog  | http://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/ | 
 72 | | 8 | Corelan Exploit Writing Tutorial part 6: Bypassing Stack Cookies, SafeSeh, SEHOP, HW DEP and ASLR | Blog  | http://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/ | 
 73 | | 9 | Corelan Exploit Writing Tutorial part 7: Unicode from 0x00410041 to calc | Blog | http://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/ | 
 74 | | 10 | Corelan Exploit Writing Tutorial part 8: Win32 Egg Hunting | Blog  | http://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/ | 
 75 | | 11 | Corelan Exploit Writing Tutorial part 9: Introduction to Win32 shellcoding | Blog | http://www.corelan.be/index.php/2010/02/25/exploit-writing-tutorial-part-9-introduction-to-win32-shellcoding/ | 
 76 | | 12 | Mona py : The Exploit Writer's Swiss Army Knife | Presentation | https://www.youtube.com/watch?v=y2zrEAwmdws | 
 77 | | 13 | Eliminating the bad characters in your Exploit | Presentation | https://www.youtube.com/watch?v=IOjl3tU1Ht8 | 
 78 | | 14 | Understanding Windows Shellcode | Paper | http://www.hick.org/code/skape/papers/win32-shellcode.pdf |
 79 | | 15 | Safely Searching Process Virtual Address Space | Paper | http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf |
 80 | 
 81 | ### Practical
 82 | | Order | Name | Type | Link |
 83 | |--- | ----- | ----- | --- |
 84 | | 1 | Vulnserver | Lab | https://github.com/stephenbradshaw/vulnserver | 
 85 | | 2 | Fuzzysecurity Part 1: Introduction to Exploit Development | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/1.html | 
 86 | | 3 | Fuzzysecurity Part 2: Saved Return Pointer Overflows | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/2.html | 
 87 | | 4 | Fuzzysecurity Part 3: Part 3: Structured Exception Handler (SEH) | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/3.html | 
 88 | | 5 | Fuzzysecurity Part 4: Egg Hunters | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/4.html | 
 89 | | 6 | Fuzzysecurity Part 5: Unicode 0x00410041 | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/5.html | 
 90 | | 7 | Fuzzysecurity Part Part 6: Writing W32 shellcode | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/6.html | 
 91 | | 8 | SecuritySift Windows Exploit Development – Part 1: The Basics | Tutorial | https://www.securitysift.com/windows-exploit-development-part-1-basics/
 92 | | 9 | SecuritySift Windows Exploit Development – Part 2: StackOverflow | Tutorial | https://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/
 93 | | 10 | SecuritySift Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules | Tutorial | https://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/
 94 | | 11 | SecuritySift Windows Exploit Development – Part 4: Locating Shellcode Jumps) | Tutorial | https://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/
 95 | | 12 | SecuritySift Windows Exploit Development – Part 5: Locating Shellcode Egghunting | Tutorial | https://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/
 96 | | 13 | SecuritySift Windows Exploit Development – Part 6: SHE Exploits | Tutorial | https://www.securitysift.com/windows-exploit-development-part-6-seh-exploits/
 97 | | 14 | SecuritySift Windows Exploit Development – Part 7: Unicode Buffer Overflows | Tutorial  | https://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows/
 98 | 
 99 | ### Network Security
100 | | Order | Name | Type | Link |
101 | |--- | ----- | ----- | --- |
102 | | 1 | Cisco SNMP configuration attack with a GRE tunnel | Blog | https://www.symantec.com/connect/articles/cisco-snmp-configuration-attack-gre-tunnel | 
103 | | 2 | Bypassing Cisco SNMP access lists using Spoofed SNMP Requests| Blog | http://new.remote-exploit.org/index.php/SNMP_Spoof | 
104 | | 3 | Bypassing Router’s Access Control List (ACL) | Blog | https://securityshards.wordpress.com/2016/02/05/bypassing-routers-access-control-list-acl/ | 
105 | 
106 | 
107 | 
108 | 
109 | ### Misc/Extra
110 | | Order | Name | Type | Link |
111 | |--- | ----- | ----- | --- |
112 | | 1 | Mona.py The Manual | Cheatsheet | https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/r | 
113 | | 2 | Windows Reverse Shell Shellcode I | log | http://sh3llc0d3r.com/windows-reverse-shell-shellcode-i/ |
114 | | 3 | hellcoding for Linux and Windows Tutorial | Blog |http://www.vividmachines.com/shellcode/shellcode.html#ws |
115 | | 4 | peCloak.py – An Experiment in AV Evasion | Tool | https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/ |
116 | | 5 | EggSandwich – An Egghunter with Integrity | Tool | https://www.securitysift.com/eggsandwich-egghunter-integrity/ |
117 | | 6 | Live Demo from Backtrack to the MAX 1/5 | Tool | https://www.youtube.com/watch?v=kwq5VQj3Ils |
118 | | 7 | Live Demo from Backtrack to the MAX 2/5 | Tool | https://www.youtube.com/watch?v=ykfHy2lX88c |
119 | | 8 | Live Demo from Backtrack to the MAX 3/5 | Tool | https://www.youtube.com/watch?v=IWf7UM7qX0M |
120 | | 9 | Live Demo from Backtrack to the MAX 4/5 | Tool | https://www.youtube.com/watch?v=azepnwdVfyU |
121 | | 10 | Live Demo from Backtrack to the MAX 5/5 | Tool | https://www.youtube.com/watch?v=6gmAoW1mtYg |
122 | | 11 | CTP/OSCE Scripts | Repository | https://github.com/h0mbre/CTP-OSCE |
123 | | 12 | OSCE-exam-practice | Repository | https://github.com/epi052/OSCE-exam-practice |
124 | | 13 | Vulnserver: Fuzzing and Exploits | Repository | https://github.com/ricardojoserf/vulnserver-exploits |
125 | 
126 | 
127 | 


--------------------------------------------------------------------------------