Offensive Security OSCP v2020 pdf
We’ll get to the point: Penetration Testing with Kali Linux (PWK) has been overhauled for 2020. It’s bigger and better than ever before.
PWK is the foundational penetration testing course here at Offensive Security, and the only official training for the industry-leading OSCP exam. The original version of the course has enabled thousands of information security professionals to build their careers.
Updating PWK to integrate the latest technology, tools and processes is critical to continuing to support our students. Our teams have worked hard to not only develop new additions to the content, but also to completely revise all the modules for a better experience.
The 2020 PWK overhaul more than doubles the amount of course content and adds 33% more lab machines to provide you with even more practice and experience. PWK is still a foundational course, intended to push infosec professionals to the next level.
For those who just want a quick summary of some of what’s new and what’s been updated, check out the list below. For the details, read on – keeping in mind that the course as a whole has had a significant upgrade that goes well beyond the items listed here.
New for PWK
Introduction to Buffer Overflows
Active Directory Attacks
Dedicated lab machines
Targets in the labs including Active Directory targets
Updated for PWK
Modules: All modules have been updated. The below received the most extensive updates.
Passive Information Gathering
Client Side Attacks
Web Application Attacks
Port Redirection and Tunneling
Lab machines have been updated
Now, let’s dive into the details. We also answer questions for those students who have already purchased PWK at the end.
WHAT’S NEW IN PWK FOR 2020
Bash Scripting: While we still recommend having some experience prior to starting the course, we’ve expanded and separated the Bash scripting portion of the Getting Comfortable with Kali Linux module to ensure students get even more time with Bash.
Introduction to Buffer Overflows: This module contains detailed explanation of the principles behind buffer overflow attacks and introduces the student to the x86 architecture, program memory, and CPU registers.
Active Directory Attacks: Learn Kerberos and NTLM attacks, and lateral movements.
PowerShell Empire: This module introduces students to PowerShell Empire and the use of its modules to assist with local privilege escalation and lateral movements.
Dedicated lab machines: You’ll be provided with three dedicated lab machines for the exercises (Windows 10 client, Windows 2016 Active Directory, Debian client).
Labs: New machines are available, increasing the total number to over 70. Moreover, almost all the previous targets have been updated with new operating systems and exploitation vectors. The shared networks now also contain Active Directory with different configurations.
Walkthrough: The previous version of PWK has a theoretical network to demonstrate a full penetration testing scenario. In the update, we’ve developed a hands-on mini-network in which the student will be able to reproduce the steps provided with a book and video walk-through.
Extra exercises: Get more practice with the new exercises under Extra Miles.
WHAT’S UPDATED FOR 2020
As noted above, the entire course has been updated. The most notable updates are included below.
Practical Tools: Added PowerShell and PowerCat.
Passive Information Gathering: We cover more OSINT, as well as using Shodan and Pastebin.
Privilege Escalation: We added content on local information gathering techniques, enumerating firewall rules, as well as bypassing UAC and several privilege escalation examples on Windows and Linux.
Client Side Attacks: Learn more about HTA attacks, Microsoft Word macros, object linking and DDE embedding.
Web Application Attacks: A deeper dive on traditional web attack vectors, including exploiting admin consoles, XSS, directory traversal vulnerabilities, SQL injections and more.
Password Attacks: Expanded material for online, offline and in-memory based password attacks.
Port Redirection and Tunneling: New and expanded exercises on tunneling, pivoting, and port redirection. Students will now be able to practice these techniques using their three dedicated virtual machines, before applying their new-found knowledge in the shared labs.
Metasploit: Increased coverage on the Metasploit framework. Covering auxiliary modules, exploits, payloads, scanners, meterpreter, post-exploitation, automation, and more!
Labs: Targets have been updated, so if you need more practice on fresh exercises, we recommend giving these a try.