OSCP Preparation

# Whoami#!/bin/bashName = “Manich Koomsusi” Nick-name = “Marty”Job = PentesterFB = “ manich.koomsusi”Cert = “OSCP, OSCE”

Agenda

•Overview

•What is OSCP ?

•Course Registration ?

•Course Prerequisites ?

•The Course.

•Lab Environment.

Agenda

•Exam Preparation

•Exam

•Tips/Trick for the OSCP Exam

•Got a OSCP

•Websites recommended

•Reference

•Q/A

Overview

•Offensive Security Certified Professional.

•Most technical, Most challenging.

•100 % practical exam.

•24 hour certification exam and 24 hour report.

What is OSCP ?

Course Registration ?Items Price in USD

PWK + 30 days LAB + Cert 800

PWK + 60 days LAB + Cert 1000

PWK + 90 days LAB + Cert 1150

PWK Lab access – extension of 90 days 600

PWK Lab access – extension of 60 days 450

PWK Lab access – extension of 30 days 250

PWK Lab access – extension of 15 days 150

Upgrade from PWB v.3.0 to PWK 200

Upgrade from PWB v.3.0 to PWK 300

Upgrade from PWB v.3.0 to PWK 400

OSCP – retake 60

• require a non-free email address (gmail, yahoo etc.)

• What if I do not have a non-free email address ?

• If you do not have a non free e-mail address, we are legally obligated to obtain a scanned ID, such as a driver’s license or a passport, as proof of identity. We need to be able to see your photo, name, address (if applicable), year of birth and the expiration date of the ID. We also need to see both sides (front and back) of your ID. You may blur the ID number.

More detail:

Ref: https://www.offensive-security.com/faq/

Course Registration ?

Course Prerequisites ?

• Penetration Testing with Kali Linux is a foundational security course, but still “requires students to have certain knowledge prior to attending the online training class. A solid understanding of TCP/IP, networking, and reasonable Linux skills are required. Familiarity with Bash scripting along with basic Perl or Python is considered a plus.”

• You should be comfortable with scripting. • You should be comfortable with Linux and Windows command line syntax. • You should be familiar with Assembly and a debugger• Note-taking

• KeepNote , EverNote

•Penetration Testing: What You Should Know

•Getting Comfortable with Kali Linux

•The Essential Tools

•Passive Information Gathering

•Active Information Gathering

•Vulnerability Scanning

The Course.

•Buffer Overflows

The Course. Cont.

• Win32 Buffer Overflow Exploitation

The Course. Cont.

• Linux Buffer Overflow Exploitation

The Course. Cont.

•Working with Exploits

•File Transfers

•Privilege Escalation

•Client Side Attacks

•Web Application Attacks

•Password Attacks

The Course. Cont.

•Port Redirection and Tunneling

•The Metasploit Framework

•Bypassing Antivirus Software

•Assembling the Pieces: Penetration Test Breakdown

Ref: https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf

The Course. Cont.

LAB Environment.

• LAB Access by VPN

• get proof.txt, network.txt

Ref: https://www.offensive-security.com

Exam Preparation

ผมขอสอบ OSCP ก่อนนะคบับบ คณุเมีย

Exam Preparation Cont.

Exam Preparation Cont.

• High speed internet.. Internet… internet…

• Script your enumeration

• Script your privilege escalation checks

• https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

• http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html

• http://pentestmonkey.net/tools/audit/unix-privesc-check

• http://pentestmonkey.net/tools/windows-privesc-check

Ref : http://www.securitysift.com/offsec-pwb-oscp/

Exam• You have 23 h 45 min for the exam

• 5 Machine vulnerable for compromise

• You needed 70 out of 100 points to pass

• Exam RestrictionsYou cannot use any of the following on the exam:• Spoofing (IP, ARP, DNS, NBNS, etc)• Commercial tools or services (Metasploit Pro, Burp Pro, etc.)• Automatic exploitation tools (e.g. db_autopwn, browser_autopwn, SQLmap,

SQLninja etc.)• Mass vulnerability scanners (e.g. Nessus, NeXpose, OpenVAS, Canvas, Core

Impact, SAINT, etc.)• Features in other tools that utilize either forbidden or restricted exam limitations

• Exam Restrictions: Metasploit

• You can only use Metasploit Auxiliary, Exploit, and Post modules against one target machine of your choice.

• You can use the following against all of the target machines:

• multi handler (aka exploit/multi/handler)

• meterpreter

• msfpayload & msfencode

• msfvenom

Exam Cont.

• Exam Connection

Exam Cont.

• Exam Control Panel• Submit proof files

• Revert target machines (You have a limit of 24 reverts.)

• View specific target objectives and point values

Exam Cont.

• Exam Proofs

• local.txt - This file is accessible to an un-privileged user account

• proof.txt - This file is only accessible to the root or Administrator user

• /root/ directory for Linux or the Administrator Desktop for Windows.

• Exam Proofs: Windows

• You must have a shell to receive full points

• provide the proof files IN A SHELL (Web, bind, reverse, or rdp) by type command

• Obtaining the contents of the proof files in any other way will result in zero points for the target machine.

• Exam Proofs: Linux

• Same as Windows

Exam Cont.

• Screenshot Requirements• Target not require a privilege escalation, you must provide, at minimum, two screenshot

• But target require a privilege escalation , you must provide, at minimum, four screenshot

• No Privilege Escalation

Exam Cont.

Exam Cont.

• Privilege Escalation

Exam Cont.

Exam Cont.

Any ?

Exam Cont.

Music

https://www.offensive-security.com/offsec/say-try-harder/

https://vimeo.com/115074667

https://support.offensive-security.com/#!oscp-exam-guide.md

Tips/Trick for the OSCP Exam

• Time management

• Avoiding rabbit holes

• Make a battle plan which you will stick to during the full length of the exam

• I would suggest to not work longer than 12 hours on the exam without sleep

• Take frequent breaks during the exam.

• Use the last 15-30 minutes of the exam to check before VPN dies

• “outside the box” and “Try Harder”

• Demonstrate creative problem solving and lateral thinking

• Penetration Testing process and techniques:• Information gathering and enumeration• Discovering security holes and vulnerabilities• Exploiting vulnerabilities• Privilege escalation and maintaining access

• Reporting• step-by-step. The documentation requirements are very strict and failure to

provide sufficient documentation will result in reduced or zero points being awarded.

• 5 Point for LAB report and 5 Point for exercises report• Enjoy the experience

Tips/Trick for the OSCP Exam

Final Tips/Trick for the OSCP Exam Anything else?

Got a OSCP

• https://localhost.exposed/path-to-oscp/

• http://www.fuzzysecurity.com/index.html

• https://www.corelan.be/

•Windows Privilege Escalation

• http://www.fuzzysecurity.com/tutorials/16.html

• Linux Privilege Escalation

• https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

Websites recommended

• Tools

• Unix Privilege Escalation

• http://pentestmonkey.net/tools/audit/unix-privesc-check

• Windows Privilege Escalation

• http://pentestmonkey.net/tools/audit/windows-privesc-check

• Books

• http://as.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html

• https://www.nostarch.com/hacking2.htm

• https://www.nostarch.com/pentesting

Websites recommended Cont.

• https://www.offensive-security.com

• http://www.securitysift.com/offsec-pwb-oscp/

• http://www.hackingtutorials.org/hacking-courses/offensive-security-certified-professional-oscp/

• https://support.offensive-security.com/#!oscp-exam-guide.md

• https://royaljay.com/security/how-i-became-an-offensive-security-certified-professional/

Reference

Bonus

Q / A ?

ขอบคุณหลายๆ ครับ