- Methodology Tips
https://youtu.be/XQnkiuIFZ-c?t=3940https://youtu.be/4ls30YSlfAM?t=5064- Methodology for information gathering and prioritizing attack vectors and surfaces.
https://youtu.be/kSmiFJipiZw?t=172728:47 - 1:11:55
Exam Tip / PWK Lab: Connecting the dots
https://youtu.be/UzR1dH810aM?t=1685
28:07 - 29:12
Exam Tip / PWK Lab: Login Page
https://www.youtube.com/watch?v=UzR1dH810aM&t=4748s 01:19:08 - 01:20:50
Exam Tip / PWK Lab : Searching for exploit at dead-end (login/fuzzing). We don’t always have to brute-force login pages.
https://youtu.be/UzR1dH810aM?t=4874
01:21:14 - 1:30:07
Exam Tip / PWK Lab: Fuzzing
https://youtu.be/UzR1dH810aM?t=4190
1:09:50 - 1:10:32
Exam Tip / PWK Lab: Offsec's silly tip brute force rule of thumb https://youtu.be/270ZD17aA1Y?t=3300 55:00 - 57:40
Exam Hack: Permitted automated SQLi
https://youtu.be/c2OFrDVb3EM?t=2558 42:39 - 50:18
Exam Tip: Hack the Metasploit https://youtu.be/Bkp3n___dko?t=3018 50:18 - 1:11:42
Fuzzing Tip: Fuzz Parameters
https://youtu.be/XQnkiuIFZ-c?t=2848 47:28 - 52:50
Most underrated Vuln / SSRF / Maybe Out-of-Scope+Overkill for exam prep / Good thing to watch
https://youtu.be/Y14yjigX9I8?t=2910 48:30 - 1:04:08
Burp Suite Tip
https://youtu.be/UzR1dH810aM?t=3733
01:02:13 - 1:06:16
Siddicky’s Recommended Cheatsheet
https://youtu.be/UzR1dH810aM?t=6913 01:55:13 - 01:55:30 https://liodeus.github.io/2020/09/18/OSCP-personal-cheatsheet.html
Fuzzing Tip: burp parameter discovery
https://youtu.be/x6BSeahgfgY?t=3316 55:16 - 58:30
Port Knocking Concept
https://youtu.be/270ZD17aA1Y?t=3926 01:05:26 - 01:10:54 https://sirensecurity.io/blog/port-knocking/
Fuzzing Tip: Found Nothing with Fuzzing
https://youtu.be/GBSWd_2fw3s?t=2110 35:10 - 36:20
Restricted shell bypass https://youtu.be/c2OFrDVb3EM?t=3254 54:14 - 57:04
S1REN’s PrivEsc Cheatsheet Inpiration: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Most used wordlists
directories
/usr/share/seclists/Discovery/Web-Content/raft-large-directories.txt
files
/usr/share/seclists/Discovery/Web-Content/raft-large-files.txt
brup-parameter / URL-Parameter
/usr/share/seclists/Discovery/Web-Content/burp-parameter-names.txt
SQLi Payload
/usr/share/seclists/Fuzzing/SQLi/quick-SQLi.txt
.extensions
/usr/share/seclists/Discovery/Web-Content/raft-large-extensions.txt
Common
/usr/share/dirb/wordlists/common.txt
Password
https://github.com/drtychai/wordlists/blob/master/fasttrack.txt