[Offensive] OSCE³ Study Guide

OSWE, OSEP, OSED

OSWE

Content

• Web security tools and methodologies

• Source code analysis

• Persistent cross-site scripting

• Session hijacking

• .NET deserialization

• Remote code execution

• Blind SQL injections

• Data exfiltration

• Bypassing file upload restrictions and file extension filters

• PHP type juggling with loose comparisons

• PostgreSQL Extension and User Defined Functions

• Bypassing REGEX restrictions

• Magic hashes

• Bypassing character restrictions

• UDF reverse shells

• PostgreSQL large objects

• DOM-based cross site scripting (black box)

• Server side template injection

• Weak random token generation

• XML External Entity Injection

• RCE via database Functions

• OS Command Injection via WebSockets (BlackBox)

Study Materials

• github.com/timip/OSWE

• github.com/noraj/AWAE-OSWE

• github.com/wetw0rk/AWAE-PREP

• github.com/kajalNair/OSWE-Prep

• github.com/s0j0hn/AWAE-OSWE-Prep

• github.com/deletehead/awae_oswe_prep

• z-r0crypt.github.io/blog/2020/01/22/oswe/aw..

• rayhan0x01.github.io/web/2021/04/12/awae-we..

• drive.google.com/file/d/1bASc-SLmuD0tXmd88h..

• github.com/Lawlez/myOSWE

Reviews

• helviojunior.com.br/it/oswe-uma-historia-de..

• 0xklaue.medium.com/attacking-the-web-the-of..

• medium.com/greenwolf-security/an-awae-oswe-..

• securitygrind.com/the-oswe-in-review

• forum.hackthebox.eu/discussion/2646/oswe-ex..

• infosecwriteups.com/awae-oswe-review-from-a..

• hub.schellman.com/blog/oswe-review-and-exam..

• linkedin.com/pulse/awaeoswe-2020-expected-r..

• youtube.com/watch?v=ElZ7fFE9Gr4

• alex-labs.com/my-awae-review-becoming-an-oswe

• niebardzo.github.io/2021-01-12-oswe-review

• stacktrac3.co/oswe-review-awae-course

• blog.kuhi.to/offsec-awae-oswe-review

• donavan.sg/blog/index.php/2020/03/14/the-aw..

• kojenov.com/2020-04-08-oswe-review

• reddit.com/r/OSWE/comments/bsods2/i_just_pa..

• mystiko.sh/?p=555

• nethemba.com/why-i-no-longer-endorse-offens..

• youtube.com/watch?v=w4jdrs_rfuk

• securityforeveryone.com/blog/web-300-course..

• youtube.com/watch?v=ElZ7fFE9Gr4

• youtube.com/watch?v=wDev3q8lADE

• niebardzo.github.io/2021-01-12-oswe-review

• github.com/svdwi/OSWE-Labs-Poc

• werebug.com/journal/oswe/osep/2021/08/05/os..

Labs

• youtube.com/watch?v=F46tQww_IvE

• youtube.com/watch?v=NMGsnPSm8iw&list=PL..

• youtube.com/watch?v=S1YUmKGL33w

• youtube.com/watch?v=t-zVC-CxYjw&list=PL..

• github.com/svdwi/OSWE-Labs

• vesiluoma.com/offensive-security-web-expert..

• medium.com/@fasthm00/the-state-of-oswe-c681..

• alex-labs.com/my-awae-review-becoming-an-oswe

• github.com/jangelesg/AWAE-OSWE

OSEP

Content

• Operating System and Programming Theory

• Client Side Code Execution With Office

• Client Side Code Execution With Jscript

• Process Injection and Migration

• Introduction to Antivirus Evasion

• Advanced Antivirus Evasion

• Application Whitelisting

• Bypassing Network Filters

• Linux Post-Exploitation

• Kiosk Breakouts

• Windows Credentials

• Windows Lateral Movement

• Linux Lateral Movement

• Microsoft SQL Attacks

• Active Directory Exploitation

• Combining the Pieces

• Trying Harder: The Labs

Study Materials

• github.com/chvancooten/OSEP-Code-Snippets

• github.com/nullg0re/Experienced-Pentester-O..

• github.com/r0r0x-xx/OSEP-Pre

• github.com/deletehead/pen_300_osep_prep

• github.com/J3rryBl4nks/OSEP-Thoughts

• github.com/chvancooten/OSEP-Code-Snippets/b..

• github.com/aldanabae/Osep

• drive.google.com/file/d/1znezUNtghkcFhwfKMZ..

• github.com/CyberSecurityUP/Awesome-Red-Team..

Reviews

• nullg0re.com/?p=113

• spaceraccoon.dev/offensive-security-experie..

• youtube.com/watch?v=fA3pkNcGpH0&ab_chan..

• schellman.com/blog/osep-and-pen-300-course-..

• cinzinga.com/OSEP-PEN-300-Review

• youtube.com/watch?v=iUPyiJbN4l4

• bordergate.co.uk/offensive-security-experie..

• reddit.com/r/osep/comments/ldhc20/osep_review

• reddit.com/r/oscp/comments/jj0sr9/offensive..

• purpl3f0xsecur1ty.tech/2021/03/18/osep.html

• makosecblog.com/miscellaneous/osep-course-r..

• youtube.com/watch?v=iUPyiJbN4l4&t=1s

• youtube.com/watch?v=15sv5eZ0oCM

• youtube.com/watch?v=0n3Li63PwnQ

• youtube.com/watch?v=BWNzB1wIEQ

• spaceraccoon.dev/offensive-security-experie..

• casvancooten.com/posts/2021/03/getting-the-..

• bordergate.co.uk/offensive-security-experie..

• makosecblog.com/miscellaneous/osep-course-r..

• davidlebr1.gitbook.io/infosec/blog/osep-rev..

• offensive-security.com/offsec/pen300-approa..

Labs

• spaceraccoon.dev/offensive-security-experie..

• exploit-db.com/evasion-techniques-breaching..

• noraj.github.io/OSCP-Exam-Report-Template-M..

OSED

Content

• WinDbg tutorial

• Stack buffer overflows

• Exploiting SEH overflows

• Intro to IDA Pro

• Overcoming space restrictions: Egghunters

• Shellcode from scratch

• Reverse-engineering bugs

• Stack overflows and DEP/ASLR bypass

• Format string specifier attacks

• Custom ROP chains and ROP payload decoders

Study Materials

• github.com/snoopysecurity/OSCE-Prep

• github.com/epi052/osed-scripts

• exploit-db.com/windows-user-mode-exploit-de..

• github.com/r0r0x-xx/OSED-Pre

• github.com/sradley/osed

• github.com/Nero22k/Exploit_Development

• youtube.com/watch?v=7PMw9GIb8Zs

• youtube.com/watch?v=FH1KptfPLKo

• youtube.com/watch?v=sOMmzUuwtmc

• blog.exploitlab.net

• azeria-labs.com/heap-exploit-development-pa..

• zeroknights.com/getting-started-exploit-lab

• drive.google.com/file/d/1poocO7AOMyBQBtDXvo..

• drive.google.com/file/d/1qPPs8DHbeJ6YIIjbsC..

• drive.google.com/file/d/1RdkhmTIvD6H4uTNxWL..

• corelan.be/index.php/2009/07/19/exploit-wri..

• github.com/wtsxDev/Exploit-Development/blob..

• github.com/corelan/CorelanTraining

• github.com/subat0mik/Journey_to_OSCE

• github.com/nanotechz9l/Corelan-Exploit-tuto..

• github.com/snoopysecurity/OSCE-Prep

• github.com/bigb0sss/OSCE

• github.com/epi052/OSCE-exam-practice

• github.com/mdisec/osce-preparation

• github.com/mohitkhemchandani/OSCE_BIBLE

• github.com/FULLSHADE/OSCE

• github.com/areyou1or0/OSCE-Exploit-Developm..

• github.com/securityELI/CTP-OSCE

• drive.google.com/file/d/1MH9Tv-YTUVrqgLT3qJ..

• coalfire.com/the-coalfire-blog/january-2020..

• connormcgarr.github.io/browser1

• kalitut.com/exploit-development-resources

• github.com/0xZ0F/Z0FCourse_ExploitDevelopment

• github.com/dest-3/OSED_Resources

• resources.infosecinstitute.com/topic/python..

• anitian.com/a-study-in-exploit-development-..

• samsclass.info/127/127_WWC_2014.shtml

• stackoverflow.com/questions/42615124/exploi..

• cd6629.gitbook.io/ctfwriteups/converting-me..

• subscription.packtpub.com/book/networking_a..

• cybrary.it/video/exploit-development-part-5

• spaceraccoon.dev/rop-and-roll-exp-301-offen..

• help.offensive-security.com/hc/en-us/articl..

• github.com/epi052/osed-scripts

• youtube.com/watch?v=0n3Li63PwnQ

• epi052.gitlab.io/notes-to-self/blog/2021-06..

• pythonrepo.com/repo/epi052-osed-scripts

• github.com/dhn/OSEE

• pythonrepo.com/repo/epi052-osed-scripts

Reviews

• youtube.com/watch?v=aWHL9hIKTCA

• youtube.com/watch?v=62mWZ1xd8eM

• ihack4falafel.github.io/Offensive-Security-..

• linkedin.com/pulse/advanced-windows-exploit..

• animal0day.blogspot.com/2018/11/reviews-for..

• addaxsoft.com/blog/offensive-security-advan..

• jhalon.github.io/OSCE-Review

• youtube.com/watch?v=NAe6f1_XG6Q

• spaceraccoon.dev/rop-and-roll-exp-301-offen..

Labs

• github.com/CyberSecurityUP/Buffer-Overflow-..

• github.com/ihack4falafel/OSCE

• github.com/nathunandwani/ctp-osce

• github.com/firmianay/Life-long-Learner/blob..

• github.com/wadejason/Buffer-Overflow-Vulner..

• github.com/Jeffery-Liu/Buffer-Overflow-Vuln..

• github.com/mutianxu/SEED-LAB-Bufferoverflow..

My Social Network

• linkedin.com/in/joas-antonio-dos-santos

• github.com/CyberSecurityUP

• twitter.com/C0d3Cr4zy

XMind - Evaluation Version