Login

u/strikoder

The OSCP Review
▲ 117 r/oscp+1 crossposts

The OSCP Review

I'm sharing All the OSCP resources I actually used on my both attempts to pass the exam: notes, tools, AD enum scripts, CVEs, reporting setup, methodology, and more.

Hello everyone, Strikoder here!

Recently I passed the OSCP, and to pay the tribute for this wonderful subreddit, I decided to collect pretty much everything I personally used during preparation in one place.

This includes:

GitHub repo (with all resources):

https://github.com/strikoder/Strikoder-OSCP-Prep

Some useful stuff inside the repo:

* Notion Notes

* SysReptor installer/setup (report writing)

* OffensiveSecurity repo (I made an OSCP release so you would download the scripts as a zip file)

https://github.com/strikoder/OffensiveSecurity

* Active Directory enum scripts

https://github.com/strikoder/OffensiveSecurity/tree/main/Scripts

* LinEnum-ng (I try to maintain it without bloating it)

https://github.com/strikoder/LinEnum-ng

* New OSCP Prep List (strilist : Strikoder OSCP List)

https://strikoder.com/oscp

* gtfobinSUID

https://github.com/strikoder/gtfobinSUID

* CredSpray (Nxc bash wrapper, I really enjoied using it through the exam, and so should U!)

https://github.com/strikoder/CredSpray

* NagoyaSpray (Favorite tool)

https://github.com/strikoder/NagoyaSpray

* username-anarchy-extended (added few stuff to the main one)

https://github.com/strikoder/username-anarchy-extended

* CVE PoC implementations list

https://github.com/stars/strikoder/lists/cve-poc-implementations

* CVE repository

https://github.com/strikoder/OffensiveSecurity/tree/main/CVES

* Windows binaries collection (gonna add more)

https://github.com/strikoder/windows-binaries

* pentest interview questions (Still need improvments)

https://github.com/strikoder/pentest-interview-questions

Each project above has its own readme, feel free to check them out. I’m also working on updating the OSCP list (strilist) further, so it’s not fully finished yet. I will publish and update in 2 weeks.

For now, you can check my full exam review either on Medium or Youtube (OR BOTH <3) in the links below

OSCP Review:

Medium: https://medium.com/@strikoder/strikoder-oscp-review-47f9f6efb25e

Youtube: https://www.youtube.com/watch?v=9HFKfGs6ym8

Additionally, I want to also thank:

* Penelope developer

* Ligolo developer

* NetExec/NXC team devs

And also thanks to everyone in the community sharing tools, walkthroughs, notes, and knowledge openly. A lot of us probably would straggled more with the OSCP without that.

u/strikoder — 6 days ago
▲ 14 r/hackthebox

Hey everyone!

Currently running BH CE 9.0.2 and been testing it with both RustHound and bloodhound.py. The problem is it's missing attack vectors on a few HTB machines that I know exist and it's too noisy for a simple CTF. Tried 8.0.2 and it showed the vectors but with a little of noise as well. Older versions have almost no noise but risk missing newer attack vectors (I recall a box where you would miss the vector if you didn't use rusthound).

What version are you guys running for HTB/CTFs? Any specific collector combo you prefer and use?

reddit.com
u/strikoder — 23 days ago