OSCP Penetration Testing Methodology
OSCP Penetration Testing Methodology
Purpose
Execute comprehensive penetration testing engagements following OSCP methodology, covering reconnaissance, enumeration, exploitation, privilege escalation, and post-exploitation phases across Windows, Linux, and Active Directory environments. This skill provides actionable commands and techniques for each phase of a professional penetration test.
Inputs / Prerequisites
Required Tools
- Kali Linux or equivalent attack platform
- Nmap, Gobuster, Nikto for enumeration
- Metasploit Framework, Impacket suite
- Mimikatz, BloodHound, PowerView for AD attacks
- Hashcat, John the Ripper for password cracking
Environment Requirements
- Network access to target systems
- Proper authorization documentation
- Note-taking application for findings
More from zebbern/secops-cli-guides
hacking fundamentals
This skill should be used when the user asks to "understand hacking basics", "learn about hacker types", "understand network protocols", "learn DNS concepts", "understand attack types", or "explore security tool categories". It provides foundational cybersecurity knowledge.
16jwt security testing
This skill should be used when the user asks to "test JWT security", "hack JWT tokens", "bypass JWT authentication", "crack JWT secrets", or "exploit JWT vulnerabilities". It provides comprehensive JSON Web Token attack techniques and security assessment methodologies.
16mobile application security testing
This skill should be used when the user asks to "perform mobile application penetration testing", "test Android app security", "bypass SSL pinning", "analyze APK files", "reverse engineer mobile apps", "test for insecure data storage", or "assess mobile app vulnerabilities". It provides comprehensive techniques for Android application security assessment.
12buffer overflow exploitation
This skill should be used when the user asks to "exploit buffer overflow vulnerabilities", "develop stack-based exploits", "find EIP offset", "identify bad characters", "create shellcode payloads", "perform fuzzing for crashes", or "gain remote code execution via memory corruption". It provides comprehensive techniques for discovering and exploiting buffer overflow vulnerabilities in Windows applications.
10networking essentials
|
10phishing attacks
|
9