████████╗██╗  ██╗███████╗     ██╗  ██╗   ██╗███╗   ██╗██╗  ██╗    ████████╗███████╗ █████╗ ███╗   ███╗
╚══██╔══╝██║  ██║██╔════╝     ██║  ╚██╗ ██╔╝████╗  ██║╚██╗██╔╝    ╚══██╔══╝██╔════╝██╔══██╗████╗ ████║
   ██║   ███████║█████╗       ██║   ╚████╔╝ ██╔██╗ ██║ ╚███╔╝        ██║   █████╗  ███████║██╔████╔██║
   ██║   ██╔══██║██╔══╝       ██║    ╚██╔╝  ██║╚██╗██║ ██╔██╗        ██║   ██╔══╝  ██╔══██║██║╚██╔╝██║
   ██║   ██║  ██║███████╗     ███████╗██║   ██║ ╚████║██╔╝ ██╗       ██║   ███████╗██║  ██║██║ ╚═╝ ██║
   ╚═╝   ╚═╝  ╚═╝╚══════╝     ╚══════╝╚═╝   ╚═╝  ╚═══╝╚═╝  ╚═╝       ╚═╝   ╚══════╝╚═╝  ╚═╝╚═╝     ╚═╝  
			       ---- lynxes just wanna have fun ----

OSCP

We maintain this repo with the aim to gather all the info that we’d found useful and interesting for the OSCP. We also collect material from other resources (websites, courses, blogs, git repos, books, etc).

Before continue: we are still working on this repo as we go on with our OSCP journey. This means we'll add or remove parts without giving notice. Furthermore, this is not intended to be a comprehensive repo, cross-reference and information gathering are your friends.

TOC

• How to navigate the repo
• Official Offensive Security references
• Blog
• Reddit
• GitHub repos
• Webbing
• Genereal useful resources
• Buffer Overflow
• PrivEsc
• Methodologies
• Automation scripts
• Tools
• Cheat sheets
• HackTheBox
• VulnHub
• Reporting
• Mental and Physical Health

How to navigate the repo

The repo is structured by this way:

|── Box template
├── Methodologies
├── README.md
└── troubleshooting.md

• Box template: here you can see how we organize our work flow
• Methodologies: here you can find a checklist for each phase (recon/enum, postexploit, privesc, etc)
• README: where you can find a list of useful links
• troubleshooting.md: is a ledger to record all the tecnhical issues:solution we have found along the way

Be aware: we use Obsidian as note taking application. This justifies the directory structure and how we format files. We think the graph view provided by Obsidian is a pleasant way to have a visual view of the data we gather. So if you use our checklists, we suggest you run them on Obsidian for a better experience.

Official Offensive Security References

• Exam Guide
• Try Harder: From mantra to mindset

Blog

• the-oscp-preperation-guide-2020
• Luke’s Ultimate OSCP Guide (Part 1, Part 2, Part 3)
• TJNulls' preparation guide for PWK OSCP
• Abatchy: How to prepare for PWK/OSCP, a noob-friendly guide
• 5 Tips for OSCP Prep
• BIG resource list
• Tip for succes in PWK OSCP
• My OSCP experience
• Path to OSCP
• Offensive Security Certified Professional – Lab and Exam Review
• My Fight for the OSCP
• Passing the OSCP while working full time
• Not your standard OSCP guide

Reddit

• First Attempt ... Discouraged
• 1 attempt 1 fail with 55 points
• Failed the OSCP - any tips for the next attempt?
• Tips for passing the exam
• 1st attempt, 80+ points. My experience and some unpopular opinions inside.
• First cert, first try, unconventional approach
• How Offensive Security Saved My Life - An OSCP Journey
• Unmotivated in ctfs
• Need help to prepare OSCP Checklist
• Preparing for 4th attempt
• Second Attempt Failure
• Access to machines for report writing?
• OSCP Practical Advice for Success

GitHub repos

• Awesome OSCP
• Enumeration wikis
• PimpMyKali

Webbing

• Web vulnerabilities to gain access to the system
• Basic Shellshock Exploitation

Genereal useful resources

• Explain shell
• Powershell basics
• Pentest Tips and Tricks
• Big list with tips, tricks and cheat sheets

Buffer Overflow

• Do Stack Bufferoverflow Good

PrivEsc

General

• PayloadAllTheThings - Linux Privilege Escalation methodology
• PayloadAllTheThings - Windows Privilege Escalation methodology
• Basic Linux Privilege Escalation

YouTube

• Conda's YouTube Privilege Escalation playlist
• Windows Privilege Escalation Fundamentals
• Privilege Escaltion FTW (Jake Williams)
• Elevating your Windows Privileges Like a Boss! (Jake Williams)
• Weird PrivEsc Techinques

Gamified Learning

• Tib3rius' Linux PrivEsc
• Tib3rius' Windows PrivEsc

Linux Capabilities

• Linux Privilege Escalation using Capabilities
• Linux Capabilities
• Day 44: Linux Capabilities Privilege Escalation via OpenSSL with SELinux Enabled and Enforced
• Privilege Escalation by abusing SYS_PTRACE Linux Capability

Methodologies

• CTF Series : Vulnerable Machines
• Post Exploitation
• PayloadAllTheThings - Methodology and Resources

Automation scripts

• Autorecon
• Onetwopunch

Tools

• Parser Nmap
• SUDO KILLER
• mgeeky's Penetration Testing Tools
• A @TomNomNom Recon Tools Primer

Cheat sheets and Wordlists

• Reverse Shell Cheat Sheet
• OSCP-Prep-cheatsheet
• Immunity Debugger
• SecLists

HackTheBox

• OSCP-Like HTB boxes

VulnHub

• OSCP-Like VulnHub boxes

Reporting

• Reporting * ptestmethod.readthedocs.io
• Offensive Security Exam Report Template in Markdown

Mental and Physical Health

Ok, this is not about popping shells, cracking codes, and launching exploits. Your health is more important than knowing how to pop a shell. If you are under burnout, if you can’t concentrate, if you can’t free your minds and visualize your target, all the above stuff is useless. You should find a spot to read the below links and do your own research. The InfoSec community is an enormous family, you’ll always find someone ready to help you.

• Mental Health Hackers
• The Causes of and Solutions for Security Burnout
• Cybersecurity’s Dirty Little Secret and Talent Grenade: Burnout
• Mental health in Cyber Security
• What Separates the Good From the Bad: Mental Health and Cybersecurity
• Check whole Azeria's Self-Improvement section
• Why People Who Protect Others Need to be at Their Best; Tackling Mental Health in Cybersecurity
• Mental Health for Hackers
• Mental Health for Hackers: Contents Under Pressure
• How to beat imposter syndrome to get into cybersecurity industry?
• Navigating Imposter Syndrome in the world of Information Security