Friday, March 10, 2017

TL;DR

Table of Content

OSCE Course Outline

1. Advanced Web Attacks

HTML Injection and XSS

Bypassing CSRF protection

LFI to RCE

2. Backdooring PE

3. Bypassing AV

4. Exploit development

Automated fuzzing (Spike)

Assembly and Shellcode basics

Stack overflow

SEH

Egghunting

Bypassing ASLR

5. Advanced Network Attacks

Using Scapy

Bypassing ACL

Exploiting SNMP

MiTM attacks

6. Study cases

MS07-017

Open TFTP 1.4 (CVE-2008-1611)

HP OpenView NNM

Bypassing Cisco ACL using Spoofed SNMP Requests

Online Study Resources

1. Advanced Web Attacks

2. Backdooring PE

3. Bypassing AV

4. Exploit development

5. Advanced Network Attacks

6. Study cases:

Offline Study Resources

Hacking: The Art of Exploitation: Chapter 1,2,3 and 5 are relevant to OSCE. Assembly Language Step-by-Step: Programming with Linux The Shellcoder’s Handbook: Discovering and Exploiting Security Holes

Practice

Note: I’m no longer seeking OSCE, but this post has proven to be useful to many. If you think a link should (not) be here, please let me know in the comments.

- Abatchy