OSCP Certification Preparation

Description:

This intensive OSCP-focused training introduces participants to advanced penetration testing techniques. Starting with fundamental cybersecurity principles, it quickly delves into ethical hacking, network security, exploitation, and privilege escalation. Through practical exercises and real-world scenarios, participants will gain hands-on experience with vulnerability assessment, exploiting systems, post-exploitation methods, and persistence techniques. By the end, participants will be ready for OSCP-style challenges and real-world security testing.

Duration: 5 Day 

Course Code: BDT398

Learning Objectives:

After this course, students will be able to:

• Perform reconnaissance and information gathering on networks and systems.
• Conduct network and application vulnerability scanning.
• Exploit and pivot through various network segments.
• Implement privilege escalation techniques.
• Prepare for the OSCP examination and demonstrate ethical hacking skills.

• Basic understanding of networks, operating systems, and security concepts.
• Familiarity with Linux command line and scripting.

• This training is designed for IT Professionals, Security Analysts, Network Administrators, Penetration Testers, and Ethical Hackers aiming to enhance their offensive security skills. It’s also beneficial for those preparing for the OSCP exam or anyone looking to strengthen their organization’s security.

Course Outline:

• Reconnaissance and Scanning: Gathering information about systems and networks.
• Exploitation Techniques: Identifying and exploiting common vulnerabilities in web and network services.
• Privilege Escalation: Practicing privilege escalation on both Linux and Windows systems.
• Persistence and Post-Exploitation: Maintaining access and pivoting across systems.
• Exam Simulations: Mock exams with real-world OSCP-style scenarios for hands-on practice.

• OSCP Overview and Exam Requirements
• Core Cybersecurity Principles
• Ethical Hacking Lifecycle (Reconnaissance, Scanning, Exploitation, Post-Exploitation)
• Network Security Basics (TCP/IP, UDP, OSI Model)
• Types of Penetration Testing and Compliance (PCI-DSS, GDPR)

• Hands-On:
  • Lab: Passive and Active Reconnaissance on Target Systems
  • Lab: Using OSINT Tools to Gather Information

• Information Gathering Techniques (Whois, DNS, Subnetting)
• Enumeration Techniques (SMB, SNMP, SMTP)
• Network Scanning with Nmap (Port Scanning, Service Detection, OS Fingerprinting)
• Vulnerability Scanning with Nikto and OpenVAS

• Hands-On:
  • Lab: Using Nmap for OS and Service Detection
  • Lab: Conducting Enumeration with SMB and SNMP
  • Lab: Identifying Web Vulnerabilities with Nikto

• Introduction to Exploitation (Exploits, Payloads, Shells)
• Buffer Overflow Basics (Identifying, Exploiting, Custom Shellcode)
• Exploit Development Basics (Fuzzing, Finding Offsets)
• Web Application Exploits (SQL Injection, Cross-Site Scripting, File Inclusion)
• Exploiting Public Vulnerabilities with Metasploit

• Hands-On:
  • Lab: Exploiting Windows and Linux Services
  • Lab: SQL Injection in Web Applications
  • Lab: Exploiting Web Server Vulnerabilities Using Metasploit

• Privilege Escalation on Windows (Weak Permissions, Exploiting Services)
• Privilege Escalation on Linux (SUID, Cron Jobs, Kernel Exploits)
• Finding and Exploiting Sudo Privileges
• Automated Escalation with LinEnum and WinPEAS

• Hands-On:
  • Lab: Escalating Privileges on Linux Using Kernel Exploits
  • Lab: Escalating Privileges on Windows via Unquoted Service Paths
  • Lab: Identifying Weak Permissions with WinPEAS

• Post-Exploitation (Data Exfiltration, Maintaining Access)
• Pivoting Through Networks (SSH Tunneling, Proxy Chains)
• Persistence Techniques (Scheduled Tasks, Startup Scripts)
• Covering Tracks (Log Deletion, Obfuscation)

• Hands-On:
  • Lab: Setting Up Persistence on a Compromised Machine
  • Lab: Pivoting and Moving Laterally Using SSH
  • Lab: Clearing System Logs on Target Machines

• OSCP Lab and Exam Structure Overview
• Strategy for the OSCP Exam (Time Management, Note-taking, Documentation)
• Practice Labs and Mock Exam Scenarios
• Review of Key Tools (Metasploit, Nmap, Burp Suite)
• Recap and Q&A