Preparing for OSCP (Offensive Security Certified Professional) requires a structured approach because it’s a hands-on penetration testing certification.
Here’s a step-by-step preparation guide:
How to prepare for OSCP | OSCP Guide | OSCP Path | OSCP Roadmap
Level – 1 Fundamentals
Windows Basics:
1: Groups of and Policies.
2: Active Directory.
3: Basics of PowerShell
4: Windows Services Vulnerabilities.
Web Application Basics:
1: Understanding of URL.
2: Role of Client and Server.
3: How requests and responses work.
4: Caching Service.
5: Request Header and Response Header.
6: Web Application Technologies.
7: Web Application Vulnerabilities.
Python Fundamentals:
1: Basic Syntax.
2: Working of Loop.
3: Working of if-else.
4: List, Tuple, Dictionary.
5: Basics of Functions.
6: Files 1/0.
7: Exception Handling.
8: A Little Bit of Socket Programming.
Basic of Server:
1: What is a Server?
2: Types of Servers.
3: How passwords are stored.
4: How the server works.
Basics of Cryptography:
1: Encryption/Decryption.
2: Hashing.
3: Encoding/Decoding.
4: Symmetric and Asymmetric.
5: Public key infrastructure.
6: Block ciphers and stream ciphers.
7: Public key and private key.
8: Vulnerable ciphers/algorithms.
Basics of Networking:
1: Protocol services and Port No.
2: 3-way handshake.
4: TCP headers and UDP headers.
5: Secure Socket Layer.
6: OSI Layers.
7: Network Topologies.
8: TCP/IP Protocol.
9: Subnetting.
10: Tunneling.
11: Network Services Vulnerability.
Level – 2 | Tools:
John The Ripper, Mimikatz, Hydra, Hashcat, Arp-scan, Dmitry, Dnsmap, DNSRecon, Dnswalk, dotDotPwn, Enum4Linux, Nikto, Nmap/Zenmap, Recon-ng, SMBMap, Smtp-user-enum, Snmp-check, Sparta, SSLyze, theHarvester, Unicornscan, Openvas, Burp Suite, Oscanner, Armitage, BeEF, Wireshark, Maltego, Metasploit, Dirb, DirBuster, Gobuster, W3af, WebSlayer, WhatWeb, WPScan, XSSer, Bettercap, Netcat, Weevely, Bettercap, Masscan, Strings, tcpdump, whois, testssl, searchsploit, hping3
Level – 3:
Vulnerable Machines:
1: OverTheWire.
2: DVWA.
3: PicoCTF.
4: Vulnhub.
5: Hack the Box.
Level – 4:
A+Topic:
1: Buffer Overflow.
2: Linux Command and Privilege Escalation.
3: Windows Command and Privilege Escalation.
4: Windows Kernel Exploits. 5: Linux Kernel Exploits.
