This repository contains a list of freely available resources that can be used as a pre-requisite before enrolling in Offensive Security's Cracking the Perimeter (CTP) course and OSCE certification.
The following table shows notes, courses, challenges, and tutorials that can taken in preparation for the OSCE. It should be noted that the content within multiple sources do overlap each other so not all of these resources are needed.
Order | Name | Type | Link |
---|---|---|---|
1 | PayloadsAllTheThings Directory Traversal CheatSheet | CheatSheet | https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Directory%20Traversal |
2 | PayloadsAllTheThings XSS CheatSheet | CheatSheet | https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection |
3 | XSS Payloads | Payloads | http://www.xss-payloads.com/ |
4 | XSS to Domain Admin | Webinar | https://www.elearnsecurity.com/resources/webinar_video/xss-to-domain-admin/ |
5 | LFI to RCE Exploit with Perl Script | Paper | https://www.exploit-db.com/papers/12992 |
6 | Using XSS to bypass CSRF protection | Paper | https://www.exploit-db.com/docs/13534 |
7 | Local File Inclusion (LFI) | Paper | https://www.exploit-db.com/docs/english/40992-web-app-penetration-testing---local-file-inclusion-(lfi).pdf |
Order | Name | Type | Link |
---|---|---|---|
1 | Skullsecurity Assembly Language Wiki | Blog | https://wiki.skullsecurity.org/index.php?title=Assembly |
2 | Sensepost A Crash Course in x86 Assembly for Reverse Engineers | Paper | https://sensepost.com/blogstatic/2014/01/SensePost_crash_course_in_x86_assembly-.pdf |
3 | SecurityTube Windows Assembly Language Megaprimer | Videos | http://www.securitytube.net/groups?operation=view&groupId=6 |
Order | Name | Type | Link |
---|---|---|---|
1 | Introduction to Network Protocol Fuzzing & Buffer Overflow Exploitation | Blog | https://blog.own.sh/introduction-to-network-protocol-fuzzing-buffer-overflow-exploitation/ |
2 | HowTo: ExploitDev Fuzzing | Blog | https://hansesecure.de/2018/03/howto-exploitdev-fuzzing/ |
3 | [VulnServer] Exploiting TRUN Command via Vanilla EIP Overwrite | Blog | https://captmeelo.com/exploitdev/osceprep/2018/06/27/vulnserver-trun.html |
4 | CTP/OSCE Prep – Boofuzzing Vulnserver for EIP Overwrite | Blog | https://h0mbre.github.io/Boofuzz_to_EIP_Overwrite/# |
5 | Boofuzz – A helpful guide (OSCE – CTP) | Blog | https://zeroaptitude.com/zerodetail/fuzzing-with-boofuzz/ |
Order | Name | Type | Link |
---|---|---|---|
1 | Vulnserver | Lab | https://github.com/stephenbradshaw/vulnserver |
2 | Fuzzysecurity Part 1: Introduction to Exploit Development | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/1.html |
3 | Fuzzysecurity Part 2: Saved Return Pointer Overflows | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/2.html |
4 | Fuzzysecurity Part 3: Part 3: Structured Exception Handler (SEH) | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/3.html |
5 | Fuzzysecurity Part 4: Egg Hunters | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/4.html |
6 | Fuzzysecurity Part 5: Unicode 0x00410041 | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/5.html |
7 | Fuzzysecurity Part Part 6: Writing W32 shellcode | Tutorial | http://www.fuzzysecurity.com/tutorials/expDev/6.html |
8 | SecuritySift Windows Exploit Development – Part 1: The Basics | Tutorial | https://www.securitysift.com/windows-exploit-development-part-1-basics/ |
9 | SecuritySift Windows Exploit Development – Part 2: StackOverflow | Tutorial | https://www.securitysift.com/windows-exploit-development-part-2-intro-stack-overflow/ |
10 | SecuritySift Windows Exploit Development – Part 3: Changing Offsets and Rebased Modules | Tutorial | https://www.securitysift.com/windows-exploit-development-part-3-changing-offsets-and-rebased-modules/ |
11 | SecuritySift Windows Exploit Development – Part 4: Locating Shellcode Jumps) | Tutorial | https://www.securitysift.com/windows-exploit-development-part-4-locating-shellcode-jumps/ |
12 | SecuritySift Windows Exploit Development – Part 5: Locating Shellcode Egghunting | Tutorial | https://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/ |
13 | SecuritySift Windows Exploit Development – Part 6: SHE Exploits | Tutorial | https://www.securitysift.com/windows-exploit-development-part-6-seh-exploits/ |
14 | SecuritySift Windows Exploit Development – Part 7: Unicode Buffer Overflows | Tutorial | https://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows/ |
Order | Name | Type | Link |
---|---|---|---|
1 | Cisco SNMP configuration attack with a GRE tunnel | Blog | https://www.symantec.com/connect/articles/cisco-snmp-configuration-attack-gre-tunnel |
2 | Bypassing Cisco SNMP access lists using Spoofed SNMP Requests | Blog | http://new.remote-exploit.org/index.php/SNMP_Spoof |
3 | Bypassing Router’s Access Control List (ACL) | Blog | https://securityshards.wordpress.com/2016/02/05/bypassing-routers-access-control-list-acl/ |