Awesome
OSCP omnibus
a collection of OSCP resources for everyone 📚
Books
Other Resources by Topic
Information Gathering
Passive
- Google Filetype Conversions - a nifty guide to filetype specifications that work in Google dorks
Active
- Hackertarget Nmap Cheat Sheet - handy guide to Nmap commands
- smb NSE Library - pretty much all the details you'd ever need to know about interacting with SMB via Nmap Scripting Engine
- A New Look at Null Sessions and User Enumeration - if you regularly use enum4linux or rpcclient, then read this! it may save you from false negatives.
- AutoRecon - a powerful, time-saving network recon tool
Vulns
- IP Traffic Accounting with iptables - all about traffic accounting with iptables
Buffer Overflows
- dostackbufferoverflowgood - guide and workshop on stack buffer overflows complete with vulnerable executable
- Vortex's Guide to PWK/OSCP Stack Buffer Overflow Practice - I think this is where I found out about dostackbufferoverflowgood!
Exploit Development
- Mona.py Manual - guide to the mona.py pycommand for Immunity Debugger
- Corelan Exploit Development Tutorials - starting at the oldest and working toward the newer material, these tutorials begin with stack buffer overflow-based exploits and get progressively more complex
- 0x7 Exploit Tutorial: Bad Character Analysis - A brief tutorial on bad character analysis for shellcode development
Working with Exploits
I've been spending a lot of time reading up on pointers in C for this section.
- The Basics and Pitfalls of Pointers in C
- When 4 + 1 Equals 8: An Advanced Take on Pointers in C
- C Pointer Arithmetic
Post-Exploitation
Upgrading Shells & Transferring Files
- Transferring Files from Kali to Windows - I like the Python webserver one-liner
- Upgrading Simple Shells to Fully Interactive TTYs
- Spawning a TTY Shell
- Flying a Cylon Raider - video on post-exploitation without Meterpreter
- PowerShell Download Cradles
- LOLBAS - binaries, scripts, and libraries for living off the land in Windows
SQL
- Accessing and Hacking MSSQL from Backtrack Linux - Good info about sqsh and xp_cmdshell
- SQL Cheat Sheet
Privilege Escalation
Windows
- PayloadsAllTheThings - Windows Privilege Escalation - explanations and tools for lots of privesc methods
- Windows Privilege Escalation Techniques and Scripts - detailed writeup of privesc methods
- Windows Privilege Escalation - An Approach for Penetration Testers
- icacls - lists all the possible permissions you might see when running icacls against a file
- Windows Privilege Escalation Techniques (local) - Tradecraft Security Weekly #02 - video on Windows privesc techniques
- Windows Privilege Escalation for OSCP & Beyond! - Udemy course by Tib3rius
Scripts/Executables
- PowerUp.ps1 - privesc script from the PowerSploit project
- Windows Privesc Check - EXE that checks for common privesc opportunities
- SessionGopher - script for digging up stored session information
- Powerless - script for privesc in environments that lack PowerShell
Linux
- PayloadsAllTheThings - Linux Privilege Escalation - explanations and tools for lots of privesc methods
- LinEnum.sh - privesc shell script
- GTFOBins - Unix binaries that can be used to bypass security restrictions and sometimes escalate privileges
- Linux Privilege Escalation - Tradecraft Security Weekly #22 - video on Linux privesc techniques
- Linux Privilege Escalation for OSCP & Beyond! - Udemy course by Tib3rius
Web Application Attacks
- XSS Filter Evasion Cheat Sheet - OWASP - XSS filter evasion techniques
- WordPress Vulnerability Discovery and Exploitation - Tradecraft Security Weekly #6 - video on WordPress vulnerabilities (it's usually the plugins)
- Basic and Advanced SQL Injection Techniques - video with good explanations of various types of SQL injection vulnerabilities and exploitation techniques
Tunneling and Port Redirection
- Dynamic Port Forwarding (SSH) - brief walkthrough of dynamic SSH port forwarding with proxychains
- Evading Filters with Traffic Tunnels
- How to tunnel SSH over SSL/TLS - quick guide to client and server setup of stunnel
- Using Stunnel - red hat stunnel docs
Metasploit
- Metasploit Cheat Sheet
- Shikata Ga Nai Encoder Still Going Strong - a good post from FireEye on Shikata Ga Nai
- Porting Exploits - Metasploit Unleashed
Other Random Stuff
- Mimikatz Cheat Sheet
- basic terminator config - multi-tab, multi-pane terminator config with installation instructions here