Around a month ago, I started my preparation for OSCP (Offensive Security Certified Professional) exam and signed up for PWK course from Offensive Security in the mid-January. If you just started your path to OSCP certification you might have a lot of questions. Is there any official guide? What to read? Where to start? What kind of knowledge is required? In this article, I tried to unite all the information that I gathered from the Internet. I will constantly update the post with the new information.
Don’t skip anything
What I would do differently – PWK
Penetration Testing Books 2017
PREP GUIDE FOR OFFSEC’S PWK
How to prepare for PWK/OSCP, a noob-friendly guide
OSCP-like Vulnhub VMs
“OSCP Training VM’s hosted on Vulnhub.com“
Fifteen Must Have Books for Penetration Testing Professionals
Offensive Security’s PWB and OSCP — My Experience by Mike Czumak
Penetration Testing: A Hands-On Introduction to Hacking (1st Edition)
Seems like all the people around highly recommend this book for beginners. Interesting book where you build your pentesting lab first (Win XP, Win 7, Ubuntu, etc.) with vulnerable software and go step by step to hack it.
Kali Linux Revealed
Book from Offensive Security creators. A lot of interesting information about Kali platform and Linux platform.
Electronic version of the book is available for free from Offensive Security website.
Metasploit: The Penetration Tester’s Guide (1st Edition)
Another book from OffSec creators. Learn or refresh your knowledge about Metasploit. A lot of people suggest that material is kind of outdated though..
Rtfm: Red Team Field Manual (released February 11, 2014)
More like a quick reference than guide/manual. Helpful if you already know what you are doing but need to remember some commands.
How to practice?
We all know that without practice all the knowledge from books are easily evaporates with time.
Vulnhub VMs (https://www.vulnhub.com/)
Vulnhub is a library with virtual machines purposely configured with vulnerabilities and vulnerable software.
Andrew Hilton in his article “OSCP Training VM’s hosted on Vulnhub.com” provides 10 virtual machines that might be useful for OSCP preparation.
- Kioptrix: 2014
- FristiLeaks: 1.3
- Stapler: 1
- VulnOS: 2
- SickOs: 1.2
- Brainpan: 1
- HackLAB: Vulnix
- /dev/random: scream
- pWnOS: 2.0
- SkyTower: 1
Barasec also provides ~30 useful links to Vulnhub machines in his article – OSCP Preparation – Stalking my Penetration testing Passion
Few more useful resources with vulnerable pre-installed machines:
ExploitExercises – https://exploit-exercises.com/
OverTheWire Wargames – http://overthewire.org/wargames/
OverTheWire have various Linux (bandit), web attack (Natas), etc.
HackTheBox – https://www.hackthebox.eu/
Another project with many vulnerable machines. One interesting detail – you can’t register there, you need to hack your way in.
PentesterLab – https://pentesterlab.com/
OWASP WebGoat – https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
RootMe.Org – https://www.root-me.org/
DVWA (Damn Vulnerable Web Application) – http://www.dvwa.co.uk/
Very useful OSCP Survival Guide by frizb
LARGE list with OSCP helpful links
NetSecFocus Slack community
Register via the link https://netsecfocus.herokuapp.com/. You will receive invitation to Slack via email.
NetSec Learning Resource Google doc
Check tab OSCP, as well as Offense and Defense.
I will keep this updates if I will find more. Please post me comments if you have any questions or you found this post successful.
2018-01-22 UPD: Added NetSec Google document and “The Magic of Learning” by Bitvijays.
2018-04-12 UPD: Added OSCP Survival Guide in HTML