High level cheatsheet that was designed to make checks on the OSCP more manageable

Overview

OSCP CheatSheet 2022

High-level notes for quick reference, scripts that may be useful for the exam (both my own and third party), tips/tricks & much more

All curated and formatted for the new 'AD' style OSCP exam

  • Jake Scheetz, 2022

Repo Layout

Videos


  • Contains a list of videos from my YouTube channel that walkthrough the HTB machines that emulate the OSCP exam.
  • This contains both Linux and Windows machines and varies in difficulty from insane to easy.
  • this also contains lists of other YT videos that I found helpful for learning other topics covered in the PWK course

Notes


  • This folder contains all of my quick references to useful tid-bits of information and commands that are somehow hard to remember off the top of your head
    • this includes snippets of commands for all topics from enumeration to post exploitation techniques
  • Additionally you'll find useful nuances about tech stacks, services, and exploit chains that can be useful to identify entry points onto machines.

Scripts


  • This folder contains all of he source code for all the tools that I personally wrote to automate things like recon in the lab environment as well as scripts that were used to build off of during the course
    • Note that in the source code of each script I'll clearly state what was produced by myself and what is an example from OffSec, I in no way am taking credit for their work or their code examples.
  • While I think that my scripts for recon can be useful to automate the process, I hihgly recommend not using them during the course exercises so that you can build the adequate skills to approach the lab env. However, feel free to use them elsewhere and especially on the lab env where recon becomes very repetitive.
You might also like...
JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat
NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

NoSecerets NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat How does it work? Instead of taking

A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.  The Web Application Firewall Paranoia Level Test Tool.
The Web Application Firewall Paranoia Level Test Tool.

Quick WAF "paranoid" Doctor Evaluation WAFPARAN01D3 The Web Application Firewall Paranoia Level Test Tool. — From alt3kx.github.io Introduction to Par

Source code for
Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. 🔥 Introduction We focus on extra

Tools to make working the Arch Linux Security Tracker easier

This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

Make your own huge Wordlist with advanced options

#It's my first tool i hope to be useful for everyone, Make your own huge Wordlist with advanced options, You need python3 to run this tool, If you hav

Owner
Jacob Scheetz
💼 Cyber Security Consultant - NetSPI 🎬 Offensive Security content creator
Jacob Scheetz
Visius Heimdall is a tool that checks for risks on your cloud infrastructure

Heimdall Cloud Checker ???? About Visius is a Brazilian cybersecurity startup that follows the signs of the crimson thunder ;) ?? ! As we value open s

visius 48 Jun 20, 2022
This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

Ashish Kunwar 33 Sep 23, 2022
Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a

null 1 Nov 12, 2021
Script checks provided domains for log4j vulnerability

log4j Script checks provided domains for log4j vulnerability. A token is created with canarytokens.org and passed as header at request for a single do

Matthias Nehls 2 Dec 12, 2021
A Burp Pro extension that adds log4shell checks to Burp Scanner

scan4log4shell A Burp Pro extension that adds log4shell checks to Burp Scanner, written by Daniel Crowley of IBM X-Force Red. Installation To install

X-Force Red 26 Mar 15, 2022
Bandit is a tool designed to find common security issues in Python code.

A security linter from PyCQA Free software: Apache license Documentation: https://bandit.readthedocs.io/en/latest/ Source: https://github.com/PyCQA/ba

Python Code Quality Authority 4.8k Dec 31, 2022
This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

Nathan Galindo 1 Oct 30, 2021
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

null 11 Apr 2, 2022
Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains. Disc

Pushpender Singh 35 Dec 12, 2022
HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

EntySec 5 May 10, 2022