This repository contains a list of free or inexpensive resources that can be used as preparation for Offensive Security's Cracking the Perimeter (CTP) course and OSCE certification.
The following table shows notes, courses, challenges, and tutorials that can be used in preparation for the OSCE. It should be noted that the content within multiple sources do overlap each other so not all of these resources are needed.
The code located herein is associated with the various tutorials listed.
Sam Sanoop started this list and I noticed that there is more to be done!
Name | Type | Link |
---|---|---|
[Pentester Academy] (SecurityTube) GNU Debugger Megaprimer | Video Series | https://www.pentesteracademy.com/course?id=4 |
[InfoSec Institude] Exploit Dev Debugging Fundamentals | Blog | https://resources.infosecinstitute.com/debugging-fundamentals-for-exploit-development/ |
WinDBG Commands | Cheatsheet | https://briolidz.wordpress.com/2013/11/17/windbg-some-debugging-commands/ |
[Corelan] Exploit Writing Tutorial part 5: How debugger modules & plugins can speed up basic exploit development | Blog | http://www.corelan.be/index.php/2009/09/05/exploit-writing-tutorial-part-5-how-debugger-modules-plugins-can-speed-up-basic-exploit-development/ |
[Corelan] Mona.py The Manual | Cheatsheet | https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/r |
Mona py : The Exploit Writer's Swiss Army Knife | Presentation | https://www.youtube.com/watch?v=y2zrEAwmdws |
Name | Type | Link |
---|---|---|
Art of Anti Detection #1 - Intro to AV & Detection Techniques | Paper | http://web.archive.org/web/20161213055552/https://www.exploit-db.com/docs/40900.pdf |
Art of Anti Detection #1 - Intro to AV & Detection Techniques | Blog | https://pentest.blog/art-of-anti-detection-1-introduction-to-av-detection-techniques/ |
Bypassing AV Scanners | Paper | https://dl.packetstormsecurity.net/papers/bypass/bypassing-av.pdf |
[SecuritySift] peCloak.py - An Experiment in AV Evasion | Blog | https://www.securitysift.com/pecloak-py-an-experiment-in-av-evasion/ |
Name | Type | Link |
---|---|---|
Portable Executable File Format | Blog | https://blog.kowalczyk.info/articles/pefileformat.html |
Understanding PE Structure, The Layman's Way | Blog | https://tech-zealots.com/malware-analysis/pe-portable-executable-structure-malware-analysis-part-2/ |
Backdooring PE Files - Part 1 | Blog | http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-1.html |
Backdooring PE Files - Part 2 | Blog | http://sector876.blogspot.co.uk/2013/03/backdooring-pe-files-part-2.html |
Beginner's Guide to Codecaves | Blog | https://www.codeproject.com/Articles/20240/The-Beginners-Guide-to-Codecaves |
Backdooring Windows EXEs for Fun and Profit | Blog | http://ly0n.me/2015/07/09/backdooring-windows-exes-for-fun-and-profit-part-1/ |
Art of Anti Detection #2 - PE Backdoor Manufacturing | Paper | http://web.archive.org/web/20170401142227/https://www.exploit-db.com/docs/41129.pdf |
Art of Anti Detection #2 - PE Backdoor Manufacturing | Blog | https://pentest.blog/art-of-anti-detection-2-pe-backdoor-manufacturing/ |
Name | Type | Link |
---|---|---|
[InfoSec Institute] Intro to Fuzzing | Tutorial | https://resources.infosecinstitute.com/intro-to-fuzzing/ |
[InfoSec Institute] Fuzzer Automation with Spike | Tutorial | http://resources.infosecinstitute.com/fuzzer-automation-with-spike/ |
Introduction to Network Protocol Fuzzing & Buffer Overflow Exploitation | Blog | https://blog.own.sh/introduction-to-network-protocol-fuzzing-buffer-overflow-exploitation/ |
Very Unofficial Dummies Guide to Scapy | Tutorial | https://theitgeekchronicles.files.wordpress.com/2012/05/scapyguide1.pdf |
HowTo: ExploitDev Fuzzing | Blog | https://hansesecure.de/2018/03/howto-exploitdev-fuzzing/ |
[Vulnserver] Exploiting TRUN Command via Vanilla EIP Overwrite | Blog | https://captmeelo.com/exploitdev/osceprep/2018/06/27/vulnserver-trun.html |
[Vulnserver] Boofuzzing Vulnserver for EIP Overwrite | Blog | https://h0mbre.github.io/Boofuzz_to_EIP_Overwrite/# |
Boofuzz – A helpful guide (OSCE – CTP) | Blog | https://zeroaptitude.com/zerodetail/fuzzing-with-boofuzz/ |
Name | Type | Link |
---|---|---|
[Skape] Safely Searching Process Virtual Address Space | Paper | https://web.archive.org/web/20061010194043/http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf |
[SecuritySift] Windows Exploit Dev #5: Locating Shellcode with Egghunting | Tutorial | http://www.securitysift.com/windows-exploit-development-part-5-locating-shellcode-egghunting/ |
[Corelan] Exploit Writing #8: Win32 Egghunting | Tutorial | https://www.corelan.be/index.php/2010/01/09/exploit-writing-tutorial-part-8-win32-egg-hunting/ |
[FuzzySec] Windows Exploit Dev #4: Egg Hunters | Tutorial | http://fuzzysecurity.com/tutorials/expDev/4.html |
[Vulnserver] GMON Egghunter with Character Restrictions | Tutorial | https://h0mbre.github.io/Badchars_Egghunter_SEH_Exploit/ |
[HackSys Team] Egghunter | Paper | http://web.archive.org/web/20150717003732/https://www.exploit-db.com/docs/18482.pdf |
[SecuritySift] EggSandwich - An Egghunter with Integrity | Blog | https://www.securitysift.com/eggsandwich-egghunter-integrity/ |
Name | Type | Link |
---|---|---|
[Corelan] Exploit Writing #6: Bypassing Stack Cookies, SafeSEH, SEHOP, HW DEP, and ASLR | Tutorial | https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/ |
Bypassing ASLR | Paper | http://web.archive.org/web/20171015120748/https://www.exploit-db.com/docs/18744.pdf |
Name | Type | Link |
---|---|---|
TCP Session Hijacking | Paper | https://www.exploit-db.com/papers/13587 |
[Muts] Cisco SNMP Configuration Attack with GRE Tunnel | Paper | https://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=50318646-6402-48f0-82db-25d00ac3d76c&CommunityKey=1ecf5f55-9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocuments |
Hacking Networks with SNMP | Blog | https://web.archive.org/web/20180808174050/https://0x41.no/hacking-networks-with-snmp/ |
Bypassing Router's Access Control List | Blog | https://securityshards.wordpress.com/2016/02/05/bypassing-routers-access-control-list-acl/ |
Name | Type | Link |
---|---|---|
[Muts] From Bug to 0-Day | Presentation | https://www.youtube.com/watch?v=axTthxE-z6A |
[Muts] Bypassing Cisco SNMP Access Lists Using Spoofed SNMP Requests | Blog | https://web.archive.org/web/20051024151559/http://new.remote-exploit.org/index.php/SNMP_Spoof |
Name | Type | Link |
---|---|---|
[Corelan] Exploit Writing #4: From Exploit to Metasploit | Tutorial | http://www.corelan.be/index.php/2009/08/12/exploit-writing-tutorials-part-4-from-exploit-to-metasploit-the-basics/ |
[Corelan] Exploit Writing #7: Unicode from 0x00410041 to calc | Tutorial | http://www.corelan.be/index.php/2009/11/06/exploit-writing-tutorial-part-7-unicode-from-0x00410041-to-calc/ |
[FuzzySec] Windows Exploit Dev #5: Unicode 0x00410041 | Tutorial | https://www.fuzzysecurity.com/tutorials/expDev/5.html |
[SecuritySift] Windows Exploit Dev #7: Unicode Buffer Overflows | Tutorial | https://www.securitysift.com/windows-exploit-development-part-7-unicode-buffer-overflows/ |
Eliminating the bad characters in your Exploit | Presentation | https://www.youtube.com/watch?v=IOjl3tU1Ht8 |
Name | Type | Link |
---|---|---|
Vulnserver | Lab | https://github.com/stephenbradshaw/vulnserver |
Introducing Vulnserver | Tutorial | http://grey-corner.blogspot.com/2010/12/introducing-vulnserver.html |
[Exploit-Exercises] Protostar | Lab | https://www.vulnhub.com/entry/exploit-exercises-protostar-v2,32/ |
[Exploit-Exercises] Protostar | Lab (Challenges) | https://web.archive.org/web/20180322220122/https://exploit-exercises.com/protostar/ |
[Exploit-Exercises] Fusion | Lab | https://www.vulnhub.com/entry/exploit-exercises-fusion-v2,15/ |
[Exploit-Exercises] Fusion | Lab (Challenges) | https://web.archive.org/web/20180820234507/https://exploit-exercises.com/fusion/ |
[OverTheWire] Narnia | Lab | https://overthewire.org/wargames/narnia/ |
Name | Type | Link |
---|---|---|
[Muts] Live Demo from Backtrack to the MAX 1/5 | Presentation | https://www.youtube.com/watch?v=kwq5VQj3Ils |
[Muts] Live Demo from Backtrack to the MAX 2/5 | Presentation | https://www.youtube.com/watch?v=ykfHy2lX88c |
[Muts]Live Demo from Backtrack to the MAX 3/5 | Presentation | https://www.youtube.com/watch?v=IWf7UM7qX0M |
[Muts] Live Demo from Backtrack to the MAX 4/5 | Presentation | https://www.youtube.com/watch?v=azepnwdVfyU |
[Muts] Live Demo from Backtrack to the MAX 5/5 | Presentation | https://www.youtube.com/watch?v=6gmAoW1mtYg |
[OffSec] Quickzip Stack BOF 0-Day: A Box of Chocolates | Blog | https://www.offensive-security.com/vulndev/quickzip-stack-bof-0day-a-box-of-chocolates/ |