PEN-200: Penetration Testing with Kali Linux (OSCP)

The OSCP Links & Resources page is a curated collection for those preparing for the OSCP exam. It includes practice resources, Active Directory resources, mind maps, privilege escalation resources, and tools for penetration testing. Additionally, there are links to Red Team GitHub repositories and guides for building labs for practice. The page also provides Techniques for upgrading semi-interactive shells.

Join the Certs IrregularChat (Login Required)

Community Feedback

Sharing experiences and insights from those who have taken the OSCP exam can be incredibly valuable. Below are some comments from the community:

• "OSCP was recommended to help round out my resume as a new cyber officer. I started ethical hacking way before joining cyber, so I do enjoy it. The likelihood of me using this skill in a working environment is low. I just personally care about being a technically competent leader."
• "I'm going to go out on a limb here and offer a different approach, but it is situational dependent. Why are you taking the OSCP exam? If you just want the cert, read and apply the recommendations above. If you plan to employ the skills/knowledge, I have a much different recommendation: to do the CPTS pipeline."
• "I would also recommend setting up a repo of notes/cheat sheets in Obsidian. I also automated my initial Nmap scan process and website enumeration and created global variables of the IPs and URLs with bash scripts I built."
• "Got my OSCP on my second attempt. My first attempt was pre-AD, and I bombed it, only 10 points. On my second attempt, I did the Learn One and still only used about 5 months of it because I was deployed during half of it."

More Resources

Practice Resources

Link links to practice labs, challenges, and other resources to help you hone your skills.

• NetSecFocus "TJ Null's" Trophy Room (Google Sheet)
• All About OSCP
• TJNull's Preparation Guide for PWK/OSCP
• Cracking the New Pattern
• Reddit OSCP Journey and Tips
• Avoiding Common OSCP Pitfalls
• Total OSCP Guide
• OSCP Scripts
• Enumeration Cheatsheets
• General OSCP Cheatsheet

Active Directory Resources

Purple Team

• SwisskyRepo - Active Directory Attack
• HackTricks - AD Methodology

Red Team

• GitHub - 0xJs - Certified Red Team Professional Cheatsheet
• GitHub - 0xJs - Red Teaming Cheat Sheet for Windows Active Directory
• iRed Team - Offensive Security Experiments - Offensive Security Cheatsheets
• Zer1t0's Blog - Attacking Active Directory
• Lümmelsec - A Low Dive into Kerberos Delegations

Blue Team

• WADComs - Windows Active Directory Command Line
• AD Group Related Queries
• AD User Related Queries

Mind Maps

• Whimsical - Target Machine Internet Protocol Workflow Mind Map
• GitHub - Orange Cyber - Penetration Testing Active Directory Mind Map

Privilege Escalation Resources

Windows Privilege Escalation

• Sushant's Total Offensive Security Certified Professional Guide - Windows Privilege Escalation
• Swisskyrepo - Windows - Privesc

Linux Privilege Escalation

• Swisskyrepo - Linux - Privesc

Tools for Penetration Testing

A list of essential tools for conducting penetration tests effectively.

• Dirsearch
• Gobuster
• FeroxBuster

Red Team GitHub Repositories

• A0RX - Red-Blue Team Party
• MantisSTS - Red Team Tools

Building Labs for Practice

• Setting up Amazon Web Services Red Team Active Directory Lab
• SANS Webcast: Building Your Own Super Duper Home Lab

References