Posts Offensive Security Certified Expert Study Plan

Offensive Security Certified Expert Study Plan

While taking summer computer science and engineering classes I took part in an independent study which allows me to make my own course essentially and do research on the topics I choose. So I decided to build the course around my study plan for obtaining my OSCE certification. Please note that this is a shorten version of the my study plan for the independent study since I will be covering this content in about 2.5 months. More than likely I will continue my studying after the independent study course is over to prepare for the OSCE exam. I used a few different resources to come up with this study plan from resources such as the Pentester Academy x86_64 content and abatchy’s OSCE blog study plan and a few others.

Study Plan Outline

  • Advance Web Application Attacks
    • Cross Site Scripting (XSS)
    • Local File Inclusion (LFI)/ Remote File Inclusion (RFI)
    • Bypassing CSRF Protection Via XSS
  • Backdooring Portable Executables (PE)
    • Manually Adding Shellcode to Windows Executables
    • Code Caves
    • Adding Shellcode to Windows
  • Bypassing Antivirus
    • Intro to AV and Detection Techniques
  • Assembly
    • Registers and Flags
    • Program Structure for use with nasm
    • Data Types
    • Data Movement Instructions
    • Arithmetic instructions
    • Reading and Writing from memory
    • Conditional instructions
    • Strings and Loops
    • Interrupts, Traps and Exceptions
    • Procedures, Prologues and Epilogues
    • Syscall structure and ABI for Linux
    • Calling standard library functions
    • FPU instructions
    • MMX, SSE, SSE2 etc. instruction sets
  • Shellcoding on Linux
    • Execution environment
    • Exit and Execve shellcode
    • Bind Shell and Reverse TCP
    • Staged Shellcode
    • Egg Hunter
    • Using 3rd party shellcode
    • Simulating shellcode
      • locating syscalls
      • graphing shellcode execution
  • Encoders, Decoders and Crypters on Linux
    • Purpose of encoding and crypting
    • XOR encoders
    • Custom encoding
      • Random sequencing and scrambling
      • mapping functions
    • Crypters
  • Exploit Development
    • Fuzzing with Vuln Server Examples
    • Stack Based Overflow
    • Structured Exception Handler (SEH)
    • Egg Hunting
    • Bypassing ASLR
    • Return Object Programming Chaining
    • Data Execution Prevention
This post is licensed under CC BY 4.0 by the author.