OSCE³ Study Guide by Joas

OSWE, OSEP, OSED

OSWE

Content

• Web security tools and methodologies
• Source code analysis
• Persistent cross-site scripting
• Session hijacking
• .NET deserialization
• Remote code execution
• Blind SQL injections
• Data exfiltration
• Bypassing file upload restrictions and file extension filters
• PHP type juggling with loose comparisons
• PostgreSQL Extension and User Defined Functions
• Bypassing REGEX restrictions
• Magic hashes
• Bypassing character restrictions
• UDF reverse shells
• PostgreSQL large objects
• DOM-based cross site scripting (black box)
• Server side template injection
• Weak random token generation
• XML External Entity Injection
• RCE via database Functions
• OS Command Injection via WebSockets (BlackBox)

Study Materials

• https://github.com/timip/OSWE
• https://github.com/noraj/AWAE-OSWE
• https://github.com/wetw0rk/AWAE-PREP
• https://github.com/kajalNair/OSWE-Prep
• https://github.com/s0j0hn/AWAE-OSWE-Prep
• https://github.com/deletehead/awae_oswe_prep
• https://z-r0crypt.github.io/blog/2020/01/22/oswe/awae-preparation/
• https://rayhan0x01.github.io/web/2021/04/12/awae-web-300-oswe-guide-2021.html
• https://drive.google.com/file/d/1bASc-SLmuD0tXmd88h0QclRSpUu_rvnF/view?usp=sharing
• https://github.com/Lawlez/myOSWE

Reviews

• https://www.helviojunior.com.br/it/oswe-uma-historia-de-insucessos/
• https://0xklaue.medium.com/attacking-the-web-the-offensive-security-way-b38bea609318
• https://medium.com/greenwolf-security/an-awae-oswe-review-2020-update-6d6ec7a80c1f
• https://securitygrind.com/the-oswe-in-review/
• https://forum.hackthebox.eu/discussion/2646/oswe-exam-review-2020-notes-gifts-inside
• https://infosecwriteups.com/awae-oswe-review-from-a-non-developer-perspective-2c2842cfbd4d
• https://hub.schellman.com/blog/oswe-review-and-exam-preparation-guide
• https://www.linkedin.com/pulse/awaeoswe-2020-expected-review-elias-dimopoulos/
• https://www.youtube.com/watch?v=ElZ7fFE9Gr4
• https://alex-labs.com/my-awae-review-becoming-an-oswe/
• https://niebardzo.github.io/2021-01-12-oswe-review/
• https://stacktrac3.co/oswe-review-awae-course/
• https://blog.kuhi.to/offsec-awae-oswe-review
• https://donavan.sg/blog/index.php/2020/03/14/the-awae-oswe-journey-a-review/
• https://kojenov.com/2020-04-08-oswe-review/
• https://www.reddit.com/r/OSWE/comments/bsods2/i_just_passed_the_oswe_exam_amaa_about_the_exam/
• https://mystiko.sh/?p=555
• https://nethemba.com/why-i-no-longer-endorse-offensive-security/
• https://www.youtube.com/watch?v=w4jdrs_rfuk
• https://securityforeveryone.com/blog/web-300-course-and-oswe-review
• https://www.youtube.com/watch?v=ElZ7fFE9Gr4
• https://www.youtube.com/watch?v=wDev3q8lADE
• https://niebardzo.github.io/2021-01-12-oswe-review/
• https://github.com/svdwi/OSWE-Labs-Poc
• https://werebug.com/journal/oswe/osep/2021/08/05/oswe-and-osep-obtained-what-next.html

Labs

• https://www.youtube.com/watch?v=F46tQww_IvE
• https://www.youtube.com/watch?v=NMGsnPSm8iw&list=PLidcsTyj9JXKTnpphkJ310PVVGF-GuZA0
• https://www.youtube.com/watch?v=S1YUmKGL33w
• https://www.youtube.com/watch?v=t-zVC-CxYjw&list=PLL5n_4gj5JCw1aRrlVbdMCAugNz-ia3Wh
• https://github.com/svdwi/OSWE-Labs
• https://www.vesiluoma.com/offensive-security-web-expert-oswe-advanced-web-attacks-and-exploitation/
• https://medium.com/@fasthm00/the-state-of-oswe-c68150210fe4
• https://alex-labs.com/my-awae-review-becoming-an-oswe/
• https://github.com/jangelesg/AWAE-OSWE

OSEP

Content

• Operating System and Programming Theory
• Client Side Code Execution With Office
• Client Side Code Execution With Jscript
• Process Injection and Migration
• Introduction to Antivirus Evasion
• Advanced Antivirus Evasion
• Application Whitelisting
• Bypassing Network Filters
• Linux Post-Exploitation
• Kiosk Breakouts
• Windows Credentials
• Windows Lateral Movement
• Linux Lateral Movement
• Microsoft SQL Attacks
• Active Directory Exploitation
• Combining the Pieces
• Trying Harder: The Labs

Study Materials

• https://github.com/chvancooten/OSEP-Code-Snippets
• https://github.com/nullg0re/Experienced-Pentester-OSEP
• https://github.com/r0r0x-xx/OSEP-Pre
• https://github.com/deletehead/pen_300_osep_prep
• https://github.com/J3rryBl4nks/OSEP-Thoughts
• https://github.com/chvancooten/OSEP-Code-Snippets/blob/main/README.md
• https://github.com/aldanabae/Osep
• https://drive.google.com/file/d/1znezUNtghkcFhwfKMZmeyNrtdbwBXRsz/view?usp=sharing
• https://github.com/CyberSecurityUP/Awesome-Red-Team-Operations

Reviews

• https://nullg0re.com/?p=113
• https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
• https://www.youtube.com/watch?v=fA3pkNcGpH0&ab_channel=HackSouth
• https://www.schellman.com/blog/osep-and-pen-300-course-review
• https://cinzinga.com/OSEP-PEN-300-Review/
• https://www.youtube.com/watch?v=iUPyiJbN4l4
• https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/
• https://www.reddit.com/r/osep/comments/ldhc20/osep_review/
• https://www.reddit.com/r/oscp/comments/jj0sr9/offensive_security_experienced_penetration_tester/
• https://www.purpl3f0xsecur1ty.tech/2021/03/18/osep.html
• https://makosecblog.com/miscellaneous/osep-course-review/
• https://www.youtube.com/watch?v=iUPyiJbN4l4&t=1s
• https://www.youtube.com/watch?v=15sv5eZ0oCM
• https://www.youtube.com/watch?v=0n3Li63PwnQ
• https://www.youtube.com/watch?v=BWNzB1wIEQ
• https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
• https://casvancooten.com/posts/2021/03/getting-the-osep-certification-evasion-techniques-and-breaching-defenses-pen-300-course-review/
• https://www.bordergate.co.uk/offensive-security-experienced-penetration-tester-osep-review/
• https://makosecblog.com/miscellaneous/osep-course-review/
• https://davidlebr1.gitbook.io/infosec/blog/osep-review
• https://www.offensive-security.com/offsec/pen300-approach-review/

Labs

• https://spaceraccoon.dev/offensive-security-experienced-penetration-tester-osep-review-and-exam
• https://www.exploit-db.com/evasion-techniques-breaching-defenses
• https://noraj.github.io/OSCP-Exam-Report-Template-Markdown/

OSED

Content

• WinDbg tutorial
• Stack buffer overflows
• Exploiting SEH overflows
• Intro to IDA Pro
• Overcoming space restrictions: Egghunters
• Shellcode from scratch
• Reverse-engineering bugs
• Stack overflows and DEP/ASLR bypass
• Format string specifier attacks
• Custom ROP chains and ROP payload decoders

Study Materials

• https://github.com/snoopysecurity/OSCE-Prep
• https://github.com/epi052/osed-scripts
• https://www.exploit-db.com/windows-user-mode-exploit-development
• https://github.com/r0r0x-xx/OSED-Pre
• https://github.com/sradley/osed
• https://github.com/Nero22k/Exploit_Development
• https://www.youtube.com/watch?v=7PMw9GIb8Zs
• https://www.youtube.com/watch?v=FH1KptfPLKo
• https://www.youtube.com/watch?v=sOMmzUuwtmc
• https://blog.exploitlab.net/
• https://azeria-labs.com/heap-exploit-development-part-1/
• http://zeroknights.com/getting-started-exploit-lab/
• https://drive.google.com/file/d/1poocO7AOMyBQBtDXvoaZ2dgkq3Zf1Wlb/view?usp=sharing
• https://drive.google.com/file/d/1qPPs8DHbeJ6YIIjbsC-ZPMajUeSfXw6N/view?usp=sharing
• https://drive.google.com/file/d/1RdkhmTIvD6H4uTNxWL4FCKISgVUbaupL/view?usp=sharing
• https://www.corelan.be/index.php/2009/07/19/exploit-writing-tutorial-part-1-stack-based-overflows/
• https://github.com/wtsxDev/Exploit-Development/blob/master/README.md
• https://github.com/corelan/CorelanTraining
• https://github.com/subat0mik/Journey_to_OSCE
• https://github.com/nanotechz9l/Corelan-Exploit-tutorial-part-1-Stack-Based-Overflows/blob/master/3%20eip_crash.rb
• https://github.com/snoopysecurity/OSCE-Prep
• https://github.com/bigb0sss/OSCE
• https://github.com/epi052/OSCE-exam-practice
• https://github.com/mdisec/osce-preparation
• https://github.com/mohitkhemchandani/OSCE_BIBLE
• https://github.com/FULLSHADE/OSCE
• https://github.com/areyou1or0/OSCE-Exploit-Development
• https://github.com/securityELI/CTP-OSCE
• https://drive.google.com/file/d/1MH9Tv-YTUVrqgLT3qJDBl8Ww09UyF2Xc/view?usp=sharing
• https://www.coalfire.com/the-coalfire-blog/january-2020/the-basics-of-exploit-development-1
• https://connormcgarr.github.io/browser1/
• https://kalitut.com/exploit-development-resources/
• https://github.com/0xZ0F/Z0FCourse_ExploitDevelopment
• https://github.com/dest-3/OSED_Resources/
• https://resources.infosecinstitute.com/topic/python-for-exploit-development-common-vulnerabilities-and-exploits/
• https://www.anitian.com/a-study-in-exploit-development-part-1-setup-and-proof-of-concept/
• https://samsclass.info/127/127_WWC_2014.shtml
• https://stackoverflow.com/questions/42615124/exploit-development-in-python-3
• https://cd6629.gitbook.io/ctfwriteups/converting-metasploit-modules-to-python
• https://subscription.packtpub.com/book/networking_and_servers/9781785282324/8
• https://www.cybrary.it/video/exploit-development-part-5/
• https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-an
• https://help.offensive-security.com/hc/en-us/articles/360052977212-OSED-Exam-Guide
• https://github.com/epi052/osed-scripts
• https://www.youtube.com/watch?v=0n3Li63PwnQ
• https://epi052.gitlab.io/notes-to-self/blog/2021-06-16-windows-usermode-exploit-development-review/
• https://pythonrepo.com/repo/epi052-osed-scripts
• https://github.com/dhn/OSEE
• https://pythonrepo.com/repo/epi052-osed-scripts

Reviews

• https://www.youtube.com/watch?v=aWHL9hIKTCA
• https://www.youtube.com/watch?v=62mWZ1xd8eM
• https://ihack4falafel.github.io/Offensive-Security-AWEOSEE-Review/
• https://www.linkedin.com/pulse/advanced-windows-exploitation-osee-review-etizaz-mohsin-/
• https://animal0day.blogspot.com/2018/11/reviews-for-oscp-osce-osee-and-corelan.html
• https://addaxsoft.com/blog/offensive-security-advanced-windows-exploitation-awe-osee-review/
• https://jhalon.github.io/OSCE-Review/
• https://www.youtube.com/watch?v=NAe6f1_XG6Q
• https://spaceraccoon.dev/rop-and-roll-exp-301-offensive-security-exploit-development-osed-review-and

Labs

• https://github.com/CyberSecurityUP/Buffer-Overflow-Labs
• https://github.com/ihack4falafel/OSCE
• https://github.com/nathunandwani/ctp-osce
• https://github.com/firmianay/Life-long-Learner/blob/master/SEED-labs/buffer-overflow-vulnerability-lab.md
• https://github.com/wadejason/Buffer-Overflow-Vulnerability-Lab
• https://github.com/Jeffery-Liu/Buffer-Overflow-Vulnerability-Lab
• https://github.com/mutianxu/SEED-LAB-Bufferoverflow_attack

My Social Network

https://www.linkedin.com/in/joas-antonio-dos-santos

https://github.com/CyberSecurityUP

https://twitter.com/C0d3Cr4zy

XMind - Evaluation Version