OSCP Notes

General OSCP and lab-style notes covering common enumeration strategies, privilege escalation checklists, and practice resources. These notes focus on methodology rather than exam-specific content.

Enumeration Strategy

Initial Reconnaissance

  • Perform comprehensive port scanning with version detection
  • Enumerate all open services and their versions
  • Run default Nmap scripts against discovered services
  • Identify web technologies and frameworks
  • Document all findings in organized notes

Privilege Escalation Checklists

Windows

  • Check for unquoted service paths
  • Review scheduled tasks and permissions
  • Examine registry for auto-start programs
  • Check for writable directories in PATH
  • Review installed software versions
  • Run automated enumeration scripts (WinPEAS)
  • Check for kernel exploits and patch levels

Linux

  • Check for SUID/SGID binaries
  • Review cron jobs and scheduled tasks
  • Examine world-writable files and directories
  • Check for capabilities on binaries
  • Review environment variables and PATH
  • Run automated enumeration scripts (LinPEAS)
  • Check for kernel exploits and patch levels

Note-Taking Tips

  • Document everything: Commands run, outputs received, and observations made during enumeration.
  • Organize by service: Group findings by discovered services (HTTP, SSH, SMB, etc.) for easier reference.
  • Screenshot important outputs: Capture proof of concepts and successful exploitation attempts.
  • Track time spent: Monitor time allocation across different phases of the assessment.
  • Use templates: Create consistent note templates for different types of machines and scenarios.

Practice Resources

Hack The Box

Online platform offering various difficulty levels of vulnerable machines for practice. Great for learning enumeration and exploitation techniques.

TryHackMe

Guided learning platform with structured paths covering different aspects of cybersecurity and penetration testing.

VulnHub

Repository of vulnerable virtual machines for download and local practice. Excellent for offline learning and OSCP-style preparation.

Proving Grounds

Practice lab environment with realistic scenarios and varying difficulty levels. Useful for hands-on experience with different attack vectors.