Scribd
Upload
168 views

OSCE Study Guide by Joas

Uploaded by

Sekou Semega
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
168 views

OSCE Study Guide by Joas

Uploaded by

Sekou Semega
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 12

OSWE

OSCE³ Study Guide by Joas OSEP


OSED
My Social Network
Content

Study Materials

Reviews
Labs

Content

Study Materials

Reviews
Reviews

Labs

Content

Study Materials
Reviews

Labs

https://www.linkedin.com/in/joas-antonio-dos-santos
https://github.com/CyberSecurityUP
https://twitter.com/C0d3Cr4zy
Web security tools and methodologies
Source code analysis
Persistent cross-site scripting
Session hijacking
.NET deserialization
Remote code execution
Blind SQL injections
Data exfiltration
Bypassing file upload restrictions and file extension filters
PHP type juggling with loose comparisons
PostgreSQL Extension and User Defined Functions
Bypassing REGEX restrictions
Magic hashes
Bypassing character restrictions
UDF reverse shells
PostgreSQL large objects
DOM-based cross site scripting (black box)
Server side template injection
Weak random token generation
XML External Entity Injection
RCE via database Functions
OS Command Injection via WebSockets (BlackBox)
https://github.com/timip/OSWE
https://github.com/noraj/AWAE-OSWE
https://github.com/wetw0rk/AWAE-PREP
https://github.com/kajalNair/OSWE-Prep
https://github.com/s0j0hn/AWAE-OSWE-Prep
https://github.com/deletehead/awae_oswe_prep
https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/
https://rayhan0x01.github.io/web/2021/04/12/awae-web-300-oswe-guide-2021.html
https://drive.google.com/file/d/1bASc-SLmuD0tXmd88h0QclRSpUu_rvnF/view?usp=sharing
https://www.helviojunior.com.br/it/oswe-uma-historia-de-insucessos/
https://0xklaue.medium.com/attacking-the-web-the-offensive-security-way-b38bea609318
https://medium.com/greenwolf-security/an-awae-oswe-review-2020-update-6d6ec7a80c1f
https://securitygrind.com/the-oswe-in-review/
https://forum.hackthebox.eu/discussion/2646/oswe-exam-review-2020-notes-gifts-inside
https://infosecwriteups.com/awae-oswe-review-from-a-non-developer-perspective-2c2842cfbd4d
https://hub.schellman.com/blog/oswe-review-and-exam-preparation-guide
https://www.linkedin.com/pulse/awaeoswe-2020-expected-review-elias-dimopoulos/
https://www.youtube.com/watch?v=ElZ7fFE9Gr4
https://alex-labs.com/my-awae-review-becoming-an-oswe/
https://niebardzo.github.io/2021-01-12-oswe-review/
https://stacktrac3.co/oswe-review-awae-course/
https://blog.kuhi.to/offsec-awae-oswe-review
https://donavan.sg/blog/index.php/2020/03/14/the-awae-oswe-journey-a-review/
https://kojenov.com/2020-04-08-oswe-review/
https://www.reddit.com/r/OSWE/comments/bsods2/i_just_passed_the_oswe_exam_amaa_about_the_exam
https://mystiko.sh/?p=555
https://nethemba.com/why-i-no-longer-endorse-offensive-security/
https://www.youtube.com/watch?v=w4jdrs_rfuk
https://securityforeveryone.com/blog/web-300-course-and-oswe-review
https://www.youtube.com/watch?v=F46tQww_IvE
https://www.youtube.com/watch?v=NMGsnPSm8iw&list=PLidcsTyj9JXKTnpphkJ310PVVGF-GuZA0
https://www.youtube.com/watch?v=S1YUmKGL33w
https://www.youtube.com/watch?v=t-zVC-CxYjw&list=PLL5n_4gj5JCw1aRrlVbdMCAugNz-ia3Wh
https://github.com/svdwi/OSWE-Labs
https://www.vesiluoma.com/offensive-security-web-expert-oswe-advanced-web-attacks-and-exploitation/
https://medium.com/@fasthm00/the-state-of-oswe-c68150210fe4
https://alex-labs.com/my-awae-review-becoming-an-oswe/
https://github.com/jangelesg/AWAE-OSWE
Operating System and Programming Theory
Client Side Code Execution With Office
Client Side Code Execution With Jscript
Process Injection and Migration
Introduction to Antivirus Evasion
Advanced Antivirus Evasion
Application Whitelisting
Bypassing Network Filters
Linux Post-Exploitation
Kiosk Breakouts
Windows Credentials
Windows Lateral Movement
Linux Lateral Movement
Microsoft SQL Attacks
Active Directory Exploitation
Combining the Pieces
Trying Harder: The Labs
https://github.com/chvancooten/OSEP-Code-Snippets
https://github.com/nullg0re/Experienced-Pentester-OSEP
https://github.com/r0r0x-xx/OSEP-Pre
https://github.com/deletehead/pen_300_osep_prep
https://github.com/J3rryBl4nks/OSEP-Thoughts
https://github.com/chvancooten/OSEP-Code-Snippets/blob/main/README.md
https://github.com/aldanabae/Osep
https://drive.google.com/file/d/1znezUNtghkcFhwfKMZmeyNrtdbwBXRsz/view?usp=sharing
https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations
https://nullg0re.com/?p=113
https://www.schellman.com/blog/osep-and-pen-300-course-review
https://cinzinga.com/OSEP-PEN-300-Review/
https://www.youtube.com/watch?v=iUPyiJbN4l4
https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/
https://www.reddit.com/r/osep/comments/ldhc20/osep_review/
https://www.reddit.com/r/oscp/comments/jj0sr9/offensive_security_experienced_penetration_tester/
https://www.purpl3f0xsecur1ty.tech/2021/03/18/osep.html
https://makosecblog.com/miscellaneous/osep-course-review/
https://www.youtube.com/watch?v=iUPyiJbN4l4&t=1s
https://www.youtube.com/watch?v=15sv5eZ0oCM
https://www.youtube.com/watch?v=0n3Li63PwnQ
https://www.youtube.com/watch?v=BWNzB1wIEQc
https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
https://www.exploit-db.com/evasion-techniques-breaching-defenses
https://noraj.github.io/OSCP-Exam-Report-Template-Markdown/
WinDbg tutorial
Stack buffer overflows
Exploiting SEH overflows
Intro to IDA Pro
Overcoming space restrictions: Egghunters
Shellcode from scratch
Reverse-engineering bugs
Stack overflows and DEP/ASLR bypass
Format string specifier attacks
Custom ROP chains and ROP payload decoders
https://github.com/snoopysecurity/OSCE-Prep
https://github.com/epi052/osed-scripts
https://www.exploit-db.com/windows-user-mode-exploit-development
https://github.com/r0r0x-xx/OSED-Pre
https://github.com/sradley/osed
https://github.com/Nero22k/Exploit_Development
https://www.youtube.com/watch?v=7PMw9GIb8Zs
https://www.youtube.com/watch?v=FH1KptfPLKo
https://www.youtube.com/watch?v=sOMmzUuwtmc
https://blog.exploitlab.net/
https://azeria-labs.com/heap-exploit-development-part-1/
http://zeroknights.com/getting-started-exploit-lab/
https://drive.google.com/file/d/1poocO7AOMyBQBtDXvoaZ2dgkq3Zf1Wlb/view?usp=sharing
https://drive.google.com/file/d/1qPPs8DHbeJ6YIIjbsC-ZPMajUeSfXw6N/view?usp=sharing
https://drive.google.com/file/d/1RdkhmTIvD6H4uTNxWL4FCKISgVUbaupL/view?usp=sharing
https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
https://github.com/wtsxDev/Exploit-Development/blob/master/README.md
https://github.com/corelan/CorelanTraining
https://github.com/subat0mik/Journey_to_OSCE
https://github.com/nanotechz9l/Corelan-Exploit-tutorial-part-1-Stack-Based-Overflows/blob/master/3%20eip_cra
https://github.com/snoopysecurity/OSCE-Prep
https://github.com/bigb0sss/OSCE
https://github.com/epi052/OSCE-exam-practice
https://github.com/mdisec/osce-preparation
https://github.com/mohitkhemchandani/OSCE_BIBLE
https://github.com/FULLSHADE/OSCE
https://github.com/areyou1or0/OSCE-Exploit-Development
https://github.com/securityELI/CTP-OSCE
https://drive.google.com/file/d/1MH9Tv-YTUVrqgLT3qJDBl8Ww09UyF2Xc/view?usp=sharing
https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1
https://connormcgarr.github.io/browser1/
https://kalitut.com/exploit-development-resources/
https://github.com/0xZ0F/Z0FCourse_ExploitDevelopment
https://www.youtube.com/watch?v=aWHL9hIKTCA
https://www.youtube.com/watch?v=62mWZ1xd8eM
https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/
https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/
https://animal0day.blogspot.com/2018/11/reviews-for-oscp-osce-osee-and-corelan.html
https://addaxsoft.com/blog/offensive-security-advanced-windows-exploitation-awe-osee-review/
https://jhalon.github.io/OSCE-Review/
https://github.com/CyberSecurityUP/Buffer-Overflow-Labs
https://github.com/ihack4falafel/OSCE
https://github.com/nathunandwani/ctp-osce
https://github.com/firmianay/Life-long-Learner/blob/master/SEED-labs/buffer-overflow-vulnerability-lab.md
https://github.com/wadejason/Buffer-Overflow-Vulnerability-Lab
https://github.com/Jeffery-Liu/Buffer-Overflow-Vulnerability-Lab
https://github.com/mutianxu/SEED-LAB-Bufferoverflow_attack

You might also like