Duration 5 days – 35 hrs
Overview.
The Offensive Security Certified Professional (OSCP) Training Course is an intensive, hands-on penetration testing course designed to equip participants with the skills to identify, exploit, and remediate vulnerabilities in network and web applications. This course, developed by Offensive Security, emphasizes practical experience and real-world scenarios, preparing participants to become proficient penetration testers. The OSCP certification is highly respected in the cybersecurity industry, known for its rigorous exam that tests candidates on identifying and exploiting vulnerabilities within a controlled environment.
Objectives
- Gain a solid understanding of the penetration testing process, including planning, enumeration, exploitation, and post-exploitation phases.
- Learn to identify and exploit vulnerabilities in network systems, applications, and web services.
- Develop proficiency with various attack vectors and methods, including privilege escalation, buffer overflows, and password attacks.
- Build experience in real-world penetration testing tools and techniques.
- Prepare for the OSCP certification exam through hands-on labs and practice exercises.
Audience
- Penetration Testers and Red Teamers
- Security Analysts and Security Engineers
- IT Professionals transitioning to cybersecurity
- Network Administrators and System Administrators
- Cybersecurity Professionals preparing for the OSCP certification exam
Pre- requisites
- Strong understanding of networking concepts, including TCP/IP, DNS, and protocols.
- Basic knowledge of Linux and Windows operating systems, including command-line usage.
- Familiarity with scripting languages such as Python, Bash, or PowerShell is beneficial.
- Prior experience with penetration testing fundamentals is recommended but not required.
Course Content
Day 1: Introduction to Penetration Testing and Information Gathering
- Penetration Testing Overview: Understanding the purpose, phases, and ethics of penetration testing.
- Legal and Ethical Considerations: Importance of authorization and responsible disclosure.
- Information Gathering Techniques: Open-source intelligence (OSINT) and passive reconnaissance.
- Scanning and Enumeration: Active scanning techniques to identify open ports, services, and configurations.
- Tools Covered: Nmap, Netcat, and Nikto for information gathering.
Day 2: Exploiting Network Vulnerabilities
- Network Penetration Testing Basics: Identifying and exploiting common network vulnerabilities.
- Password Attacks and Authentication Bypass: Techniques for brute force and dictionary attacks on login credentials.
- Privilege Escalation in Network Environments: Methods to escalate privileges on compromised systems.
- Exploitation of Common Protocols: Exploiting vulnerabilities in SMB, FTP, SSH, and other network protocols.
- Tools Covered: Hydra, Medusa, and Metasploit for network exploitation.
Day 3: Exploiting Web Vulnerabilities
- Web Application Penetration Testing: Understanding web application architecture and common vulnerabilities.
- Exploiting OWASP Top 10 Vulnerabilities: Practical exploration of SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
- File Inclusion and Code Injection Attacks: Techniques to exploit vulnerabilities like Local File Inclusion (LFI) and Remote File Inclusion (RFI).
- Session Management and Bypassing Authentication: Identifying weaknesses in session handling and authentication mechanisms.
- Tools Covered: Burp Suite, OWASP ZAP, and sqlmap for web application testing.
Day 4: Buffer Overflows, Shells, and Post-Exploitation
- Introduction to Buffer Overflow Exploits: Basics of buffer overflows and crafting simple exploits.
- Stack-Based Buffer Overflow: Understanding stack manipulation and exploit development.
- Generating and Using Shells: Techniques to gain remote shells and maintain persistent access.
- Post-Exploitation Techniques: Privilege escalation, persistence, and lateral movement.
- Maintaining Access and Covering Tracks: Methods to remain undetected on compromised systems.
- Tools Covered: msfvenom for payload creation, Mimikatz for Windows post-exploitation.
Day 5: Practical Labs, Exam Preparation, and Review
- Hands-On Labs: Practical labs simulating real-world penetration testing environments.
- Lab Exercises: Identifying and exploiting network and web vulnerabilities, performing privilege escalation, and using various attack vectors.
- Review of Key Concepts and Techniques: Summary of core topics across penetration testing phases.
- Practice Exam and Preparation Tips: Sample exercises and guidance for tackling the OSCP exam.
- Exam Strategy and Tips: Techniques for managing time, documenting findings, and following a methodical approach.
- Q&A Session: Addressing participant questions and clarifying complex techniques.