TL;DR

Table of Content

  1. OSCE OSCE Course Outline
  2. Online Study Resources
  3. Offline Study Resources
  4. Practice

OSCE Course Outline

1. Advanced Web Attacks

  • HTML Injection and XSS
  • Bypassing CSRF protection
  • LFI to RCE

2. Backdooring PE

3. Bypassing AV

4. Exploit development

  • Automated fuzzing (Spike)
  • Assembly and Shellcode basics
  • Stack overflow
  • SEH
  • Egghunting
  • Bypassing ASLR

5. Advanced Network Attacks

  • Using Scapy
  • Bypassing ACL
  • Exploiting SNMP
  • MiTM attacks

6. Study cases

  • MS07-017
  • Open TFTP 1.4 (CVE-2008-1611)
  • HP OpenView NNM
  • Bypassing Cisco ACL using Spoofed SNMP Requests

Online Study Resources

1. Advanced Web Attacks

2. Backdooring PE

3. Bypassing AV

4. Exploit development

  1. Fuzzing
  2. Assembly and Shellcode basics
  3. Stack Based Overflow
    • Corelan 1 and 2
    • FuzzySecurity’s Exploit Development 1 and 2
    • Securitysift’s Windows Exploit Development 1, 2, 3 and 4
  4. SEH
  5. Egghunting
  6. Bypassing ASLR

5. Advanced Network Attacks

6. Study cases:

Offline Study Resources

  1. Hacking: The Art of Exploitation: Chapter 1,2,3 and 5 are relevant to OSCE.
  2. Assembly Language Step-by-Step: Programming with Linux
  3. The Shellcoder’s Handbook: Discovering and Exploiting Security Holes

Practice

  1. http://overthewire.org/wargames/narnia/
  2. http://www.thegreycorner.com/2010/12/introducing-vulnserver.html
  3. http://canyouhack.us
  4. https://holidayhackchallenge.com/2016/
  5. https://exploit-exercises.com/protostar/
  6. https://exploit-exercises.com/fusion/
  7. http://io.netgarage.org:84/ (Thanks WhizzMan!)

Note: I’m no longer seeking OSCE, but this post has proven to be useful to many. If you think a link should (not) be here, please let me know in the comments.

- Abatchy