OSCP Preparation

# Whoami
#!/bin/bash
Name = “Manich Koomsusi”
Nick-name = “Marty”
Job = Pentester
FB = “ manich.koomsusi”
Cert = “OSCP, OSCE”
 Agenda
•Overview
•What is OSCP ?
•Course Registration ?
•Course Prerequisites ?
•The Course.
•Lab Environment.
 Agenda
•Exam Preparation
•Exam
•Tips/Trick for the OSCP Exam
•Got a OSCP 
•Websites recommended
•Reference
•Q/A
Overview
What is OSCP ?

•Offensive Security Certified Professional.

•Most technical, Most challenging.
•100 % practical exam.
•24 hour certification exam and 24 hour report.
 Course Registration ?
Items Price in USD
PWK + 30 days LAB + Cert 800
PWK + 60 days LAB + Cert 1000
PWK + 90 days LAB + Cert 1150
PWK Lab access – extension of 90 days 600
PWK Lab access – extension of 60 days 450
PWK Lab access – extension of 30 days 250
PWK Lab access – extension of 15 days 150
Upgrade from PWB v.3.0 to PWK 200
Upgrade from PWB v.3.0 to PWK 300
Upgrade from PWB v.3.0 to PWK 400
OSCP – retake 60
 Course Registration ?
• require a non-free email address (gmail, yahoo etc.)
• What if I do not have a non-free email address ?
• If you do not have a non free e-mail address, we are legally obligated to
obtain a scanned ID, such as a driver’s license or a passport, as proof of
identity. We need to be able to see your photo, name, address (if
applicable), year of birth and the expiration date of the ID. We also need to
see both sides (front and back) of your ID. You may blur the ID number.

More detail:
Ref: https://www.offensive-security.com/faq/
 Course Prerequisites ?
• Penetration Testing with Kali Linux is a foundational security course,
but still “requires students to have certain knowledge prior to attending
the online training class. A solid understanding of TCP/IP, networking, and
reasonable Linux skills are required. Familiarity with Bash scripting along
with basic Perl or Python is considered a plus.”

• You should be comfortable with scripting.

• You should be comfortable with Linux and Windows command line syntax.
• You should be familiar with Assembly and a debugger
• Note-taking
• KeepNote , EverNote
 The Course.

•Penetration Testing: What You Should Know

•Getting Comfortable with Kali Linux
•The Essential Tools
•Passive Information Gathering
•Active Information Gathering
•Vulnerability Scanning
 The Course. Cont.

• Buffer Overflows
 The Course. Cont.
• Win32 Buffer Overflow Exploitation
 The Course. Cont.
• Linux Buffer Overflow Exploitation
 The Course. Cont.

• Working with Exploits

• File Transfers
• Privilege Escalation
• Client Side Attacks
• Web Application Attacks
• Password Attacks
 The Course. Cont.

• Port Redirection and Tunneling

• The Metasploit Framework
• Bypassing Antivirus Software
• Assembling the Pieces: Penetration Test Breakdown

Ref: https://www.offensive-security.com/documentation/penetration-testing-with-kali.pdf
 LAB Environment.

• LAB Access by VPN

• get proof.txt, network.txt

Ref: https://www.offensive-security.com
Exam Preparation

ผมขอสอบ OSCP
ก่อนนะคับบบ คุณเมีย
Exam Preparation Cont.
 Exam Preparation Cont.
• High speed internet.. Internet… internet…
• Script your enumeration
• Script your privilege escalation checks
• https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
• http://it-ovid.blogspot.com/2012/02/windows-privilege-escalation.html
• http://pentestmonkey.net/tools/audit/unix-privesc-check
• http://pentestmonkey.net/tools/windows-privesc-check

Ref : http://www.securitysift.com/offsec-pwb-oscp/
 Exam
• You have 23 h 45 min for the exam
• 5 Machine vulnerable for compromise
• You needed 70 out of 100 points to pass
• Exam Restrictions
You cannot use any of the following on the exam:
• Spoofing (IP, ARP, DNS, NBNS, etc)
• Commercial tools or services (Metasploit Pro, Burp Pro, etc.)
• Automatic exploitation tools (e.g. db_autopwn, browser_autopwn, SQLmap,
SQLninja etc.)
• Mass vulnerability scanners (e.g. Nessus, NeXpose, OpenVAS, Canvas, Core
Impact, SAINT, etc.)
• Features in other tools that utilize either forbidden or restricted exam limitations
 Exam Cont.

• Exam Restrictions: Metasploit

• You can only use Metasploit Auxiliary, Exploit, and Post modules
against one target machine of your choice.
• You can use the following against all of the target machines:
• multi handler (aka exploit/multi/handler)
• meterpreter
• msfpayload & msfencode
• msfvenom
 Exam Cont.
• Exam Connection
 Exam Cont.

• Exam Control Panel

• Submit proof files
• Revert target machines (You have a limit of 24 reverts.)
• View specific target objectives and point values
 Exam Cont.
• Exam Proofs
• local.txt - This file is accessible to an un-privileged user account
• proof.txt - This file is only accessible to the root or Administrator user
• /root/ directory for Linux or the Administrator Desktop for Windows.
• Exam Proofs: Windows
• You must have a shell to receive full points
• provide the proof files IN A SHELL (Web, bind, reverse, or rdp) by type command
• Obtaining the contents of the proof files in any other way will result in zero points for
the target machine.
• Exam Proofs: Linux
• Same as Windows
 Exam Cont.

• Screenshot Requirements
• Target not require a privilege escalation, you must provide, at minimum, two screenshot
• But target require a privilege escalation , you must provide, at minimum, four screenshot
• No Privilege Escalation
Exam Cont.
 Exam Cont.

• Privilege Escalation
Exam Cont.
 Exam Cont.

Any ?

Music
https://www.offensive-security.com/offsec/say-try-harder/
https://vimeo.com/115074667
https://support.offensive-security.com/#!oscp-exam-guide.md
 Tips/Trick for the OSCP Exam
• Time management
• Avoiding rabbit holes
• Make a battle plan which you will stick to during the full length of the exam
• I would suggest to not work longer than 12 hours on the exam without sleep
• Take frequent breaks during the exam.
• Use the last 15-30 minutes of the exam to check before VPN dies
• “outside the box” and “Try Harder”
• Demonstrate creative problem solving and lateral thinking
 Tips/Trick for the OSCP Exam
• Penetration Testing process and techniques:
• Information gathering and enumeration
• Discovering security holes and vulnerabilities
• Exploiting vulnerabilities
• Privilege escalation and maintaining access
• Reporting
• step-by-step. The documentation requirements are very strict and failure to
provide sufficient documentation will result in reduced or zero points being
awarded.
• 5 Point for LAB report and 5 Point for exercises report
• Enjoy the experience
Final Tips/Trick for the OSCP Exam Anything else?
Got a OSCP 
 Websites recommended
• https://localhost.exposed/path-to-oscp/
• http://www.fuzzysecurity.com/index.html
• https://www.corelan.be/
• Windows Privilege Escalation
• http://www.fuzzysecurity.com/tutorials/16.html
• Linux Privilege Escalation
• https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
 Websites recommended Cont.
• Tools
• Unix Privilege Escalation
• http://pentestmonkey.net/tools/audit/unix-privesc-check
• Windows Privilege Escalation
• http://pentestmonkey.net/tools/audit/windows-privesc-check
• Books
• http://as.wiley.com/WileyCDA/WileyTitle/productCd-1118026470.html
• https://www.nostarch.com/hacking2.htm
• https://www.nostarch.com/pentesting
 Reference
• https://www.offensive-security.com
• http://www.securitysift.com/offsec-pwb-oscp/
• http://www.hackingtutorials.org/hacking-courses/offensive-security-certified-
professional-oscp/
• https://support.offensive-security.com/#!oscp-exam-guide.md
• https://royaljay.com/security/how-i-became-an-offensive-security-certified-
professional/
Bonus
Q/A?
ขอบคุณหลายๆ ครับ