- Information Gathering
- Web Application Attacks
- Password Attacks
- Client-Side Attacks
- File Transfers
- Linux Enumeration and Privilege Escalation
- Windows Enumeration and Privilege Escalation
- Shell and Some Payloads
- Port Forwarding and Tunneling
- Active Directory
- Linux Privilege Escalation - HackTricks
- Windows Local Privilege Escalation - HackTricks
- Active Directory - HackTricks
- Wordpress - HackTricks
- Drupal - HackTricks
- Joomla - HackTricks
- Tomcat - HackTricks
- Jenkins - HackTricks
-
Information Gathering
-
Web Application Attacks
- Hack The Box Academy - Introduction to Web Applications
- Hack The Box Academy - Web Attacks
- Hack The Box Academy - File Inclusion
- Hack The Box Academy - Abusing HTTP Misconfigurations
- Hack The Box Academy - HTTP Attacks
- Hack The Box Academy - SQL Injection Fundamentals
- Hack The Box Academy - Blind SQL Injection
- Hack The Box Academy - Advanced SQL Injection
- Hack The Box Academy - Using Web Proxies
- Hack The Box Academy - Attacking Web Applications with ffuf
- Hack The Box Academy - Session Security
- Hack The Box Academy - Attacking Authentication Mecanism
- Hack The Box Academy - Web Service & API Attacks
- Hack The Box Academy - Broken Authentication
- Hack The Box Academy - File Upload Attacks
- Hack The Box Academy - Whitebox Pentesting 101: Command Injection
- Hack The Box Academy - Command Injections
- Hack The Box Academy - Cross-Site Scripting (XSS)
- Hack The Box Academy - Server-Side Attacks
- Hack The Box Academy - Introduction to NoSQL Injection
- Hack The Box Academy - Introduction to Deserialization Attacks
- Try Hack Me - SQL Injection
- Try Hack Me - SQL Injection Lab
- Try Hack Me - Authentication Bypass
- Try Hack Me - IDOR
- Try Hack Me - SSRF
- Try Hack Me - File Inclusion
- Try Hack Me - Cross-Site Scripting
- Try Hack Me - Command Injection
- Try Hack Me - Upload Vulnerabilities
- Try Hack Me - Bypass Disable Functions
- PortSwigger Web Security Academy - SQL Injection
- PortSwigger Web Security Academy - Cross-Site Scripting
- PortSwigger Web Security Academy - XML external entity (XXE) injection
- PortSwigger Web Security Academy - OS command injection
- PortSwigger Web Security Academy - Server-side template injection
- PortSwigger Web Security Academy - Directory traversal
- PortSwigger Web Security Academy - Access control vulnerabilities
- PortSwigger Web Security Academy - Information Disclosure
- PortSwigger Web Security Academy - File upload vulnerabilities
- PortSwigger Web Security Academy - Authentication
- PortSwigger Web Security Academy - JWT attacks
- PortSwigger Web Security Academy - CSRF
- PortSwigger Web Security Academy - SSRF
- PortSwigger Web Security Academy - Business logic vulnerabilities
- PentesterLab - From SQL Injection to Shell
- PentesterLab - From SQL injection to Shell II
- PentesterLab - From SQL injection to Shell III
- PentesterLab - SQL Injection 01
- PentesterLab - SQL Injection 02
- PentesterLab - SQL Injection 03
- PentesterLab - SQL Injection 04
- PentesterLab - SQL Injection 05
- PentesterLab - SQL Injection 06
- PentesterLab - XSS and MySQL FILE
- PentesterLab - RCE via argument injection - PentesterLab
- PentesterLab - Server Side Template Injection 01
- PentesterLab - Server Side Template Injection 02
- PentesterLab - Express Local File Read
- PentesterLab - PHP Include And Post Exploitation
- PentesterLab - File Include 01
- PentesterLab - File Include 02
- PentesterLab - File Upload 01
- PentesterLab - File Upload 02
- PentesterLab - CVE-2021-33564 Argument Injection in Ruby Dragonfly
- PentesterLab - CVE-2014-6271/Shellshock
-
Shells & Payloads
-
Linux Enumeration and Privilege Escalation
-
Windows Enumeration and Privilege Escalation
-
File Transfers
-
Public Exploits (Localizing, Code Review, Improvements)
-
Port Forwarding and Tunneling
-
Active Directory
- Hack The Box Academy - Introduction to Active Directory
- Hack The Box Academy - Active Directory Enumeration Attacks
- Hack The Box Academy - Active Directory LDAP
- Hack The Box Academy - Active Directory PowerView
- Hack The Box Academy - Active Directory BloodHound
- Hack The Box Academy - Kerberos Attacks
- Hack The Box Academy - Using crackmapexec
- Hack The Box Academy - Password Attacks
- Hack The Box Academy - Attacking Enterprise Networks
- Try Hack Me - Active Directory Basics
- Try Hack Me - Attacktive Directory
- Try Hack Me - Attacking Kerberos
- Try Hack Me - Breaching Active Directory
- Try Hack Me - AD Enumeration
- Try Hack Me - Lateral Movement and Pivoting
- Try Hack Me - Exploiting Active Directory
- Try Hack Me - Post-Exploitation Basics
- Try Hack Me - HoloLive
- Try Hack Me - Throwback Network Labs Attacking Windows Active Directory
-
Pentest Report
As you go through the list of machines, keep in mind the changes that occurred in the exam and disregard what came out of the exam recently. PEN-200 (PWK): Updated for 2023
- Machine List - vulndev
- TJ_Null's OSCP Prep - Youtube
- HackTheBox - Active Directory machines(OSCP) - Youtube
- Hack the Box - Active Directory - Youtube
- Vulnhub OSCP pathway training - Youtube
- Beco do Exploit - Hack 30 machines in 30 days! - Youtube
-> Platforms
I decided to put only recent overviews, due to the changes that occurred in the exam.
"Since Buffer Overflows will no longer be a part of the course material, they will also be removed from the exam body of knowledge and no longer part of the exam." PEN-200 (PWK): Updated for 2023
- OSCP 2023 version — A Small write-up on preparation and my exam experience - Neelamegha Kannan S
- Overview OSCP - rodolfomarianocy
- The road to OSCP in 2023 - Thexssrat
- Beginner's To OSCP 2023- Daniel Kula
- OSCP Reborn - 2023 Exam Preparation Guide - johnjhacking
- OffSec OSCP Review & Tips (2023)- James Billingsley
- 2023 OSCP STUDY GUIDE (NEW EXAM FORMAT) - JOHN STAWINSKI IV
- The Journey to Becoming an OSCP - 0xBEN
- Exame OSCP - Jornada e Dicas - Jonatas Villa Flor
- OSCP — Cracking The New Pattern - Jai Gupta
