ROADMAP TO

OSCP
HEY I am Ansh Bhawnani
I am here because I love to give presentations.
THERE! You can find me at @techhacker98
WHAT IS OSCP?
WHAT TO LEARN IN THE
COURSE?
 Kali Linux Basics
 Command Line and Bash Scripting
 Essentials Tools
 Information Gathering
 Vulnerability Scanning
 Web Application Attacks
 Client Side Attacks
 Buffer Overflows
 Finding and Fixing Public Exploits
 File Transfers
 Anti Virus Bypass
 Privilege Escalation
 Password Attacks
 Port Redirection and Tunneling
 Active Directory Attacks
 Metasploit Framework
 Powershell Empire
 Assembling the Pieces
FIRST THINGS FIRST
 Who is this Course For?
 Infosec professionals transitioning to Pentesting
 People having basic Pentesting skills
 Security Professionals
 Not for absolute Beginners!
ABOUT THE EXAM
 Yes, it’s a battlefield
 24 hour fully proctored
 Exam time: 23 hour 45 minutes
 Another 24 hour for uploading documentation
 Min 70 points for passing
▰ Exam Structure
▰ Bonus Points (10)

 >= 80% correct solutions for topic exercises in each

topic
 30 correct proof.txt hashes from challenge machines
▰ Bonus Points (10)
▰ Passing Scenarios

 (40) AD Set + (20) Non-AD + (10) Non-AD

 (10) BP + (40) AD Set + (20) Non-AD
 (10) BP + (40) AD Set + (10) Non-AD + (10) Non-AD
 (10) BP + (20) Non-AD + (20) Non-AD + (20) Non-AD
PWK COURSE
 PDF Book
 Videos
 Exercises
 Labs (now Challenges)
 Lab Access
 90 days voucher (1500$)
 Costly, right?
 Make sure you utilize those days!
BEFORE THE COURSE
BASIC KNOWLEDGE
 Fundamentals
 Windows Basics
 System Administration
 User Account Management
 Good CMD
 Powershell basics
 Groups and Policies
 Service Management
 Fundamentals
 Linux Basics
 File System and Directory Structure
 System Administration
 User and Group Management
 File Management and Access Control
 Service Management
 Bash shell basics
 Networking Basics
 TCP/IP protocol suite
 Basic network communication
 Layer 3/4 addressing
 OSI Model
 Subnetting and NAT
 Proxies and Tunneling
 Web Application Basics
 Client Server Architecture
 HTTP and HTTPS (SSL)
 Request Response Protocol
 HTTP headers
 Status Codes and Errors
 URL Concepts
 Programming (YES!)
 Basics Paradigms (if-else/loops/data types/functions/files)
 Ability to read and modify code
 Basics of Python
 Exception and Error Handling
 Cryptography
 Encryption/Decryption
 Hashing algorithms (MD5/SHA)
 Encoding/Decoding
 Public Key Infrastructure
 Crypto Applications: SSH/VPN/NTLM
PRACTICE LABS
 TJNull NetSecFocus (do them all)
 VulnHub, no?
 Proving Grounds (Play and Practice)
 Buy the subscription (worth it)
 Hack The Box
 THM Offensive Pentesting
 Stuck, need walkthroughs?
 Videos
 IppSec
 S1REN
 HackerSploit
 Articles
 Hacking Articles
 0xdf
 Infosec Writeups
START THE PWK!
 Videos > PDF > PWK Labs
 PDF > Videos > PWK Labs
 Videos > PWK Labs
 Only PWK labs (not recommended )
TOOLS
Pentesting = Human Expertise + Arsenal of tools
 Scanning  Enumeration  Password Attacks
 nmap  smbclient  john
 wpscan  Dirbuster/gobuster  hashcat
 nikto  NSE  hydra
 impacket

 Web Attacks  Initial Access  Privilege Escalation

 Burp Suite  searchsploit  *-privesc-check
 nikto  msfvenom  linpeas
 netcat  cewl  winpeas
 pspy
  Pivoting
 General  Active Directory
 Proxychains
 netcat  crackmapexec
 ssh
 powershell  enum4linux
 chisel
 socat  impacket toolkit
 plink
 Bloodhound
 mimikatz
 Adpeas
NOTE MAKING
 Tools?
 OneNote
 CherryTree
 KeepNote
 Notion
 OneNote
 Simple Interface
 Cloud Sync
 Free and feature-rich
 Hierarchical Notebook structure
 Lab Notes Format
 Recon
 Initial Access
 Priv Esc
 Post Exploitation (if any)
 Exploits Used
 Tools Used
 Other resources
 WATCH VIDEOS
VIEW PDF

FILTER AND
HIGHLIGHT
COPY
CONTENT

ADD COMMENTS
 PDF for note making
 Initial Access
 Priv Esc
 Post Exploitation (if any)
 Exploits Used
 Tools Used
 Other resources
 Courses:
 YouTube Playlist
 Pentester Academy
 Udemy
 TCM Active Directory
 Bitten Tech’s Active Directory for Pentesting 
 Practice
 HTB Dante Pro Labs
 HTB RastaLabs Pro Lab
 THM Throwback
 THM Attacktive Directory
 THM Wreath
BEYOND THE COURSE
 Blogs:
 HackTricks
 Hacking Articles
 Ippsec.rocks
GIVING THE EXAM
 VMWare > VirtualBox (you can use any)
 My Kali Specs:
 4 core CPU
 8 GB RAM
 128 MB Video Memory
 Have backups, snapshots
 Recon parallely, focus manually
 Don’t be stuck, and don’t keep switching
 Use Official OffSec Report Template
 Just explain what you did, don’t write too much
 Put as many screenshots as possible
 Proof read 2-3 times
 Came with basic pentesting/CTF skills
 1 year subscription
 Videos > PDF > PWK labs
 No exercises
 1 month study, 4 months practice, 1 month note making
 HTB > PG >THM (~150 in total)
 12 hour mock test – 3 random HTB machines
 Full day rest before exam
 Victory
 Have a Plan
 Have a Dry Run before the exam
 Practice Practice PRACTICE
 Create your own notes/cheatsheet
 Not about how to exploit, but what to exploit
 Take Breaks
 DON’T RELY ON TOOLS!
 Try Harder (but change)
 {Manual} Enumeration is the key
 Think out of the box
 Don’t underestimate and overestimate