Many have asked me about the OSCP certification which is your beginning with the

1. Many have asked me about the OSCP certification which is your beginning with the field of penetration testing. The content of the certificate, whether the book or the videos are essential, does not cover everything you need to solve the labs. They just give you the tip of the thread and the beginning of the road, and you should search and learn from a variety of sources.
2.  
3. The important thing is, with this post I will give you a plan that I hope will be good and appropriate for you before you intend to register in the laboratory and take the exam.
4.  
5. Article for the certificate contains 18 training units. For this reason, I would like to provide you with some resources that may be useful for you to prepare for the certificate and the units in it before reviewing its content.
6.  
7. The first unit talks about how to deal with Kali Linux in addition to bash scripting and to prepare for this unit, we advise you to check out the following sources:
8. 1- Linux Basics Course:
9. https://www.youtube.com/playlist?list=PLs6emGC4vqRK0buaLWzZkxdNX6-WW0eh7
10. 2- Programming course using bash scripting:
11. https://www.youtube.com/playlist?list=PLEOFNTP51Gtedb0auUdfYqTJc0ZkETp7s
12.  
13. The second grandmother tells about some of the main and important tools that any penetration laboratory needs to know how to deal with and to prepare for its unity with your advice, see the following topics:
14. 1- Dealing with the netcat:
15. https://www.win.tue.nl/~aeb/linux/hh/netcat_tutorial.pdf
16. https://www.binarytides.com/netcat-tutorial-for-beginners/
17. 2- Dealing with the wireshark:
18. https://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/
19. https://www.youtube.com/watch?v=r0l_54thSYU
20. https://www.youtube.com/playlist?list=PLMYF6NkLrdN_RQWQRUSX-15MFb8uwfkpE
21. 3- Dealing with tcpdump:
22. https://www.giac.org/paper/gsec/3489/beginners-guide-tcpdump/105700
23.  
24. The third unit talks about how to collect information, but passive through the sites and services on the Internet, and to prepare it for your advice, see the following sources:
25. https://www.youtube.com/watch?v=U5ps0nj89ic&list=PLs6emGC4vqRJYHKMLfi6zoLoLR4kuEnpJ
26.  
27. The fourth unit talks about gathering information in an active way, and the sources help you to prepare:
28. 1- The network scanning unit of the ethical hacker course:
29. https://www.youtube.com/watch?v=uWukBZboGW0&list=PLs6emGC4vqRJz-GgzSXNxh1poZibnr3-i
30. 2- Summary of nmap options:
31. http://cs.lewisu.edu/~klumpra/camssem2015/nmapcheatsheet1.pdf
32. 3- Dealing with the enum4linux tool:
33. https://labs.portcullis.co.uk/tools/enum4linux/
34. 4- Collection of information through the SMTP protocol:
35. https://pentestlab.blog/2012/11/20/smtp-user-enumeration/
36. 5- Collection of information through SNMP:
37. https://resources.infosecinstitute.com/snmp-pentesting/
38.  
39. The fifth unit tells how to check and detect the vulnerabilities, and you can see the following videos:
40. https://www.youtube.com/watch?v=U0XWM4-NQTY&list=PLs6emGC4vqRJz-GgzSXNxh1poZibnr3-i&index=10
41.  
42. Units 6, 7 and 8 tell about buffer overflow vulnerabilities, so you can get to know and understand them by advising you. See the following videos and resources:
43. https://www.youtube.com/watch?v=1S0aBV-Waeo
44. https://www.youtube.com/watch?v=1TNecxUBD1w
45. https://dhavalkapil.com/blogs/Buffer-Overflow-Exploit/
46. https://www.exploit-db.com/docs/english/28475-linux-stack-based-buffer-overflows.pdf
47. https://www.hackingtutorials.org/exploit-tutorials/buffer-overflow-explained-basics/
48. https://0xrick.github.io/binary-exploitation/bof1/
49. https://medium.com/@Z3R0th/a-simple-buffer-overflow-using-vulnserver-86b011eb673b
50.  
51. For buffer overflow, you need a little bit of programming knowledge to check out this course on Python programming:
52. https://www.youtube.com/playlist?list=PLs6emGC4vqRKqI9i-JbHjnBC7lx8206v7
53.  
54. Module 9 talks about how to find exploits for vulnerabilities and the sources you can use. To know how to work with searchsploit and how to find and use vulnerabilities from exploit-db, you must know. Take a look at this links for more information:
55. https://www.exploit-db.com/searchsploit
56. https://www.exploit-db.com/
57. https://packetstormsecurity.com/files/tags/exploit/
58.  
59. Unit 10 tells how to transfer files between the hacker’s device and the victim’s machine. Take a look at some of the ways through the following links:
60. https://awakened1712.github.io/oscp/oscp-transfer-files/
61. https://blog.ropnop.com/transferring-files-from-kali-to-windows/
62. https://www.tecmint.com/python-simplehttpserver-to-create-webserver-or-serve-files-instantly/
63.  
64. Unit No. 11 is one of the most difficult units and it talks about how it is possible to raise the powers after you enter the victim’s apparatus so that your powers become administrative powers. Meaning if the machine is Linux, how can root user and Windows become the spectrum of administrator or system user. There are many many useful resources:
65. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/my-5-top-ways-to-escalate-privileges/
66. https://blog.netwrix.com/2018/09/05/what-is-privilege-escalation/
67. https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
68. https://payatu.com/guide-linux-privilege-escalation
69. https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Linux%20-%20Privilege%20Escalation.md
70. https://medium.com/@rahmatnurfauzi/windows-privilege-escalation-scripts-techniques-30fa37bd194
71. https://medium.com/@rahmatnurfauzi/windows-privilege-escalation-scripts-techniques-30fa37bd194
72. https://www.fuzzysecurity.com/tutorials/16.html
73. https://sec-consult.com/en/blog/2019/04/windows-privilege-escalation-an-approach-for-penetration-testers/
74. https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Privilege%20Escalation.md
75.  
76. Module 12 tells about client-side attacks, which is how it is possible to penetrate victims' devices through vulnerabilities in programs or programs such as Java. You can take a look through the following links:
77. https://www.offensive-security.com/metasploit-unleashed/client-side-attacks/
78. https://technical.nttsecurity.com/post/102ej16/what-are-client-side-attacks
79. https://kentosec.com/2018/09/02/oscp-prep-episode-11-client-side-attacks/
80. https://rafalharazinski.gitbook.io/security/oscp/untitled-1/client-side-attack
81.  
82. Module 13 talks about the most popular web application vulnerabilities. This unit covers everything about web vulnerabilities, it only covers vulnerabilities such as SQLi, XSS, L / RFI. Until you practice these vulnerabilities and learn to discover them, you can see the following resources:
83. https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
84. https://www.owasp.org/index.php/SQL_Injection
85. http://pentestmonkey.net/category/cheat-sheet/sql-injection
86. https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities/
87. https://www.youtube.com/playlist?list=PLs6emGC4vqRL3emHZrdJ_LVt-CO726kmd
88.  
89. Module 14 talks about password attacks, and these are useful sources for you:
90. https://alexandreborgesbrazil.files.wordpress.com/2013/08/introduction_to_password_cracking_part_1.pdf
91. https://www.offensive-security.com/metasploit-unleashed/john-ripper/
92. https://digi.ninja/projects/cewl.php
93. https://tools.kali.org/password-attacks/crunch
94. https://medium.com/bugbountywriteup/pwning-wordpress-passwords-2caf12216956
95. https://www.youtube.com/playlist?list=PLBf0hzazHTGPT7i4CTePJGaImPiiS60sR
96.  
97. Unit 15 tells about tunneling and until you understand what is meant by the term and how you can use this technology, you can see the following links:
98. https://www.abatchy.com/2017/01/port-forwarding-practical-hands-on-guide
99. https://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/
100. http://woshub.com/port-forwarding-in-windows/
101. https://www.offensive-security.com/metasploit-unleashed/proxytunnels/
102.  
103. Module 16 tells about the Metasploit and how it can be used correctly and professionally (but with the test you are only limited to using it once at most). Here are the sources that tell you how to deal with it:
104. https://www.offensive-security.com/metasploit-unleashed/
105. https://netsec.ws/?p=331
106. https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom
107. https://www.youtube.com/playlist?list=PLBf0hzazHTGN31ZPTzBbk70bohTYT7HSm
108.  
109. Module No. 17 talks about how anti-virus programs have been bypassed. And you are advised to review this link:
110. https://github.com/Veil-Framework/Veil
111.  
112. The last module tells how you can apply everything you learned in the course to pentesting and prepare a report on the things you discovered. For your advice, please review the following report templates:
113. https://www.offensive-security.com/reports/sample-penetration-testing-report.pdf
114. https://www.radicallyopensecurity.com/report_otf_fdroid.pdf
115. https://underdefense.com/wp-content/uploads/2018/07/Anonymised-BlackBox-Penetration-Testing-Report.pdf
116. https://github.com/juliocesarfort/public-pentesting-reports
117.  
118. Here we have learned the resources you can use to learn the course content. Negi is now for practical matters, which we mean is that how can everything that I have learned be applied to infected devices and gaps.
119.  
120. On this topic, we recommend the following two sites:
121. https://hackthebox.eu
122. https://www.vulnhun.com
123.  
124. These two sites have hundreds of vulnerabilities that range in difficulty. To advise you, you should try at least the following devices before registering for the course and labels for the OSCP course:
125. Vulnhub machines:
126. https://www.vulnhub.com/entry/kioptrix-level-1-1,22/
127. https://www.vulnhub.com/entry/kioptrix-2014-5,62/
128. https://www.vulnhub.com/entry/kioptrix-level-13-4,25/
129. https://www.vulnhub.com/entry/kioptrix-level-12-3,24/
130. https://www.vulnhub.com/entry/kioptrix-level-11-2,23/
131. https://www.vulnhub.com/entry/stapler-1,150/
132. https://www.vulnhub.com/entry/sickos-12,144/
133. https://www.vulnhub.com/entry/vulnos-2,147/
134. https://www.vulnhub.com/entry/brainpan-1,51/
135. https://www.vulnhub.com/entry/hacklab-vulnix,48/
136. https://www.vulnhub.com/entry/pwnos-20-pre-release,34/
137. https://www.vulnhub.com/entry/zico2-1,210/
138. https://www.vulnhub.com/entry/dc-8,367/
139. https://www.vulnhub.com/entry/dc-7,356/
140. https://www.vulnhub.com/entry/dc-6,315/
141. https://www.vulnhub.com/entry/dc-5,314/
142. https://www.vulnhub.com/entry/dc-3,312/
143. https://www.vulnhub.com/entry/dc-2,311/
144. https://www.vulnhub.com/entry/dc-1,292/
145.  
146. hackthebox machines:
147. Lame
148. Shocker
149. bashed
150. nibbles
151. beep
152. cronos
153. october
154. sense
155. nineveh
156. node
157. poison
158. sunday
159. Legacy
160. Blue
161. Devel
162. Optimum
163. bastard
164. grany
165. grandpa
166. jerry
167. bounty
168. Arctic
169. jeeves
170. bart
171. active
172. jail
173. dev0ps
174.  
175. Also follow these links to know how to solve the previous tasks:
176. https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf
177. https://www.youtube.com/playlist?list=PLs6emGC4vqRJVM5FUSi2oY4rANy2f201O
178. https://hackingresources.com/category/ctf-writeups/
179.  
180. It is true and before I forget. In two free courses, you give good information about the content of the certificate:
181. https://www.cybrary.it/course/oscp/
182. https://www.youtube.com/playlist?list=PLtr9ezc61PUb3iQMlvnicIC3BIra2BZId