SlideShare a Scribd company logo

Oscp - Journey

V
Vandana Verma

The document provides an overview of how to get started with the OSCP (Offensive Security Certified Professional) certification. It outlines the required skills like basic Linux usage and programming knowledge. It recommends starting with Hack The Box to practice skills like port scanning and web application testing. The journey involves lab machines to exploit systematically through enumeration, exploitation, and privilege escalation. The exam involves cracking 5 out of 10 machines within 23 hours 45 minutes to pass. Regular breaks, thorough enumeration, and immediately submitting flags are tips for the exam. Overall it recommends perseverance and practicing systematically on similar machines.

Technology
1 of 11
1
2
3
Most read
4
Most read
5
6
7
8
9
Most read
10
11
HOW TO GET STARTED WITH OSCP SREELAKSHMY PALLIYIL, OSCP
AGENDA • Overview • Things Required for OSCP Presentation • Beginning • Journey • Exam • Conclusion
OVERVIEW • An awesome journey where you will experience lots of excitement, pain, suffering, frustration, confidence, and motivation • Will be awarded on successfully cracking 5 machines in 23.45 hours. • One machine for exploit writing. • Other 4 machines include Enumeration, Exploitation and Post exploitation
THINGS REQUIRED FOR OSCP PREPERATION • A ‘NEVER GIVE UP’ attitude • Basic Linux usage skills • A bit of programming knowledge • Ability to read and understand the flow of public exploits • Creative hacker way of thinking • Lots of interest, patience, and enthusiasm
BEGINNING • Start over with Hack the box (HTB) • Get handy in using Linux • Learn a bit of python • Basic concepts such as port-scanning, web application testing, etc. • Learn Metasploit • Learn Buffer Overflow
JOURNEY • “Its not about the destination, Its all about the journey. • Search for OSCP Similar Machines • Lab consist of 55 machines • Go through the video material • Go through the pdf completely • Do the exercises in pdf and document it.
JOURNEY Exploiting a machine is a Systematic Process: • Find the open ports and services running on ports • Enumerate the services and the machine • Exploit the correct vulnerability and gain access • Do proper post exploitation enumeration • Privilege Escalation
EXAM • 23.45hrs • 5 Machines to Crack • 70 Marks to get pass
TIPS • Be confident • Be very cool and calm • Never bother if you didn’t get access to one or two machines in short time as mentioned in other blogs • Enumerate well • Take regular breaks. Go for a small walk and get some fresh air. • Take screenshots and POCs immediately after each exploitation steps. • Submit the flags (local.txt & proof.txt) in the exam panel immediately once you retrieve them
CONCLUSION TRY HARDER 
THANK YOU

More Related Content

PDF
Oscp preparation
Manich Koomsusi
 
PPTX
AWS Cloud Security
AWS Riyadh User Group
 
PDF
Memcache Injection (Hacktrick'15)
Ömer Çıtak
 
PDF
Level Up! - Practical Windows Privilege Escalation
jakx_
 
PDF
Container Security
Jie Liau
 
PDF
Threat Hunting Workshop
Splunk
 
PDF
Terraform
Christophe Marchal
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Oscp preparation
Manich Koomsusi
 
AWS Cloud Security
AWS Riyadh User Group
 
Memcache Injection (Hacktrick'15)
Ömer Çıtak
 
Level Up! - Practical Windows Privilege Escalation
jakx_
 
Container Security
Jie Liau
 
Threat Hunting Workshop
Splunk
 
Terraform
Christophe Marchal
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 

What's hot (20)

PPTX
Owasp top 10 vulnerabilities
OWASP Delhi
 
PPTX
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
PPT
DDOS Attack
Ahmed Salama
 
PPTX
K8s security best practices
Sharon Vendrov
 
PPTX
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
 
PDF
Azure web apps
Vaibhav Gujral
 
PDF
Container Security
Salman Baset
 
PDF
Secure Coding in C/C++
Dan-Claudiu Dragoș
 
PPT
Methods to Bypass a Web Application Firewall Eng
Dmitry Evteev
 
PPTX
Web application security
Kapil Sharma
 
PPTX
Catch Me If You Can: PowerShell Red vs Blue
Will Schroeder
 
PDF
Cloud security
n|u - The Open Security Community
 
PPTX
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
PDF
Privilege escalation from 1 to 0 Workshop
Hossam .M Hamed
 
PDF
Evil Twin
n|u - The Open Security Community
 
PPTX
Forging Trusts for Deception in Active Directory
Nikhil Mittal
 
PPTX
Metasploit
Lalith Sai
 
PPTX
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
PDF
DerbyCon 2019 - Kerberoasting Revisited
Will Schroeder
 
PPT
Web Hacking
Information Technology
 
Owasp top 10 vulnerabilities
OWASP Delhi
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
Soroush Dalili
 
DDOS Attack
Ahmed Salama
 
K8s security best practices
Sharon Vendrov
 
SC-900 Concepts of Security, Compliance, and Identity
FredBrandonAuthorMCP
 
Azure web apps
Vaibhav Gujral
 
Container Security
Salman Baset
 
Secure Coding in C/C++
Dan-Claudiu Dragoș
 
Methods to Bypass a Web Application Firewall Eng
Dmitry Evteev
 
Web application security
Kapil Sharma
 
Catch Me If You Can: PowerShell Red vs Blue
Will Schroeder
 
Cloud security
n|u - The Open Security Community
 
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
Privilege escalation from 1 to 0 Workshop
Hossam .M Hamed
 
Evil Twin
n|u - The Open Security Community
 
Forging Trusts for Deception in Active Directory
Nikhil Mittal
 
Metasploit
Lalith Sai
 
OWASP Top 10 2021 Presentation (Jul 2022)
TzahiArabov
 
DerbyCon 2019 - Kerberoasting Revisited
Will Schroeder
 
Web Hacking
Information Technology
 
Ad

Similar to Oscp - Journey (20)

PDF
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
 
PDF
Agile testing
Eran Kinsbrunner
 
PDF
BSides Lisbon 2013 - All your sites belong to Burp
Tiago Mendo
 
PDF
Scrum toufiq
Toufiq Mahmud
 
PPTX
It's XP Stupid (2019)
Mike Harris
 
PPTX
What aircrews can teach devops teams ignite
Peter Varhol
 
PDF
544 Project Part 1
pilatpatrick123
 
PPT
Automated testing 101
Tabitha Chapman
 
PPTX
Exploratory testing
Harshani Wickramaarachchi
 
PPTX
Cron Jobs Gone Wrong: The Top Mistakes That Keep Your Tasks from Ticking
pmeth1
 
PDF
Finding Needles in Haystacks
snyff
 
PPTX
Automated testing
s0194975
 
KEY
Continuous Integration In A PHP World
Idaf_1er
 
ODP
2014 ZAP Workshop 1: Getting Started
Simon Bennetts
 
PPTX
Testing API's: Tools & Tips & Tricks (Oh My!)
Ford Prior
 
PDF
Random thoughts and dev practices / advices to build a great product
Guillaume POTIER
 
PDF
Wilko Nienhaus - continuous delivery release the right thing, done right, at ...
DevConFu
 
PDF
DOD Presentation V2
Cookie Lanfear
 
PDF
Basics of Functional Verification - Arrow Devices
Arrow Devices
 
PDF
You and your code.pdf
Tony Khánh
 
My pwk & oscp journey
M.Syarifudin, ST, OSCP, OSWP
 
Agile testing
Eran Kinsbrunner
 
BSides Lisbon 2013 - All your sites belong to Burp
Tiago Mendo
 
Scrum toufiq
Toufiq Mahmud
 
It's XP Stupid (2019)
Mike Harris
 
What aircrews can teach devops teams ignite
Peter Varhol
 
544 Project Part 1
pilatpatrick123
 
Automated testing 101
Tabitha Chapman
 
Exploratory testing
Harshani Wickramaarachchi
 
Cron Jobs Gone Wrong: The Top Mistakes That Keep Your Tasks from Ticking
pmeth1
 
Finding Needles in Haystacks
snyff
 
Automated testing
s0194975
 
Continuous Integration In A PHP World
Idaf_1er
 
2014 ZAP Workshop 1: Getting Started
Simon Bennetts
 
Testing API's: Tools & Tips & Tricks (Oh My!)
Ford Prior
 
Random thoughts and dev practices / advices to build a great product
Guillaume POTIER
 
Wilko Nienhaus - continuous delivery release the right thing, done right, at ...
DevConFu
 
DOD Presentation V2
Cookie Lanfear
 
Basics of Functional Verification - Arrow Devices
Arrow Devices
 
You and your code.pdf
Tony Khánh
 
Ad

More from Vandana Verma (18)

PDF
Building security into the pipelines
Vandana Verma
 
PPTX
Applying OWASP web security testing guide (OWSTG)
Vandana Verma
 
PDF
Running an app sec program with OWASP projects_ Defcon AppSec Village
Vandana Verma
 
PDF
SARCON Talk - Vandana Verma Sehgal
Vandana Verma
 
PDF
Sacon 2020 living in the world of zero trust v1.0
Vandana Verma
 
PDF
Addo 2019 vandana_dev_secops_culturalchange
Vandana Verma
 
PDF
App Sec village DevSecOps as a culture
Vandana Verma
 
PPTX
Web sockets - Pentesting
Vandana Verma
 
PPTX
Story of http headers
Vandana Verma
 
PPTX
Security audits & compliance
Vandana Verma
 
PPTX
Basics of Server Side Template Injection
Vandana Verma
 
PPTX
SIEM Vendor Neutrality
Vandana Verma
 
PPTX
Getting started with android
Vandana Verma
 
PPTX
Importance of Penetration Testing
Vandana Verma
 
PPTX
Identity & access management
Vandana Verma
 
PPTX
Chariot generic presentation owaspwia_Infosecgirls
Vandana Verma
 
PDF
OWASP - Dependency Check
Vandana Verma
 
PDF
Incident response in Cloud
Vandana Verma
 
Building security into the pipelines
Vandana Verma
 
Applying OWASP web security testing guide (OWSTG)
Vandana Verma
 
Running an app sec program with OWASP projects_ Defcon AppSec Village
Vandana Verma
 
SARCON Talk - Vandana Verma Sehgal
Vandana Verma
 
Sacon 2020 living in the world of zero trust v1.0
Vandana Verma
 
Addo 2019 vandana_dev_secops_culturalchange
Vandana Verma
 
App Sec village DevSecOps as a culture
Vandana Verma
 
Web sockets - Pentesting
Vandana Verma
 
Story of http headers
Vandana Verma
 
Security audits & compliance
Vandana Verma
 
Basics of Server Side Template Injection
Vandana Verma
 
SIEM Vendor Neutrality
Vandana Verma
 
Getting started with android
Vandana Verma
 
Importance of Penetration Testing
Vandana Verma
 
Identity & access management
Vandana Verma
 
Chariot generic presentation owaspwia_Infosecgirls
Vandana Verma
 
OWASP - Dependency Check
Vandana Verma
 
Incident response in Cloud
Vandana Verma
 

Recently uploaded (20)

PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
KodekX | Application Modernization Development
KodekX
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
A Presentation on Artificial Intelligence
memembruh336
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Cloud computing and distributed systems.
kkkkkhan
 
Approach and Philosophy of On baking technology
30anthuong17
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 

Oscp - Journey

  • 1. HOW TO GET STARTED WITH OSCP SREELAKSHMY PALLIYIL, OSCP
  • 2. AGENDA • Overview • Things Required for OSCP Presentation • Beginning • Journey • Exam • Conclusion
  • 3. OVERVIEW • An awesome journey where you will experience lots of excitement, pain, suffering, frustration, confidence, and motivation • Will be awarded on successfully cracking 5 machines in 23.45 hours. • One machine for exploit writing. • Other 4 machines include Enumeration, Exploitation and Post exploitation
  • 4. THINGS REQUIRED FOR OSCP PREPERATION • A ‘NEVER GIVE UP’ attitude • Basic Linux usage skills • A bit of programming knowledge • Ability to read and understand the flow of public exploits • Creative hacker way of thinking • Lots of interest, patience, and enthusiasm
  • 5. BEGINNING • Start over with Hack the box (HTB) • Get handy in using Linux • Learn a bit of python • Basic concepts such as port-scanning, web application testing, etc. • Learn Metasploit • Learn Buffer Overflow
  • 6. JOURNEY • “Its not about the destination, Its all about the journey. • Search for OSCP Similar Machines • Lab consist of 55 machines • Go through the video material • Go through the pdf completely • Do the exercises in pdf and document it.
  • 7. JOURNEY Exploiting a machine is a Systematic Process: • Find the open ports and services running on ports • Enumerate the services and the machine • Exploit the correct vulnerability and gain access • Do proper post exploitation enumeration • Privilege Escalation
  • 8. EXAM • 23.45hrs • 5 Machines to Crack • 70 Marks to get pass
  • 9. TIPS • Be confident • Be very cool and calm • Never bother if you didn’t get access to one or two machines in short time as mentioned in other blogs • Enumerate well • Take regular breaks. Go for a small walk and get some fresh air. • Take screenshots and POCs immediately after each exploitation steps. • Submit the flags (local.txt & proof.txt) in the exam panel immediately once you retrieve them