How To Hack The Box To Your OSCP (Part 3)

How To Hack The Box To Your OSCP (Part 3) | Udemy
English | Size: 3.32 GB
Genre: eLearning

What you’ll learn
How modern adversaries breach public facing webservers
How to weoponize benign applications with exploits
How to evade AV and EDR with advanced shellcode loaders
How attackers move laterally, create reverse tunnels and expand influence on the victim network
How to think in terms of MITRE ATT&CK and understand the vernacular.
How to test and validate SQLi, XSS, SSTI and more

Are you ready to level up your game?

Ready for the hardest boxes to hack?

Want a challenge without feeling overwhelmed or confused?

I finally did it. I finally decided to create the last series in my three part collection on pwning Hack The Box machines.

There are tons of free write-ups and Youtube videos on-line that will show you how to breach a box but almost none of them break down the process step by step.

And almost none of them include all the commands as a tidy reference.

And even fewer map all attacks to the MITRE ATT&CK Matrix.

What I’ve done is taken you on a journey into my mind as I help you understand how an expert hacker thinks. You will get the behind-the-curtain view into my thought process as I think through difficult scenarios and carefully step through each obstacle until the box is pwned.

In addition, after we pop the box, we’ll take a step back and understand what vulnerabilities led to the initial intrusion vector by exploring host logs, vulnerable application source code and event logs.

I’ve prepared everything you need for learning success in one convenient package.

So, I’m going to ask again – are you ready to level up your game?

You are about to learn the following tools and techniques from an offensive perspective:

MITRE ATT&CK Enterprise Framework TTPs

ping

nmap

rpcdump

rpcclient

smbmap

smbclient

crackmapexec

whatweb

Wappalyzer

curl

openssl

gowitness

Burp Proxy

Burp Embedded Chromium Browser

feroxbuster

wfuzz

Web Application Attacks: SQLi

Web Application Attacks: Reflected XSS

Web Application Attacks: SSTI

Polyglot Payloads

Web Application Attacks: Command Injection

Reverse Shells: Powershell

Reverse Shells: Powershell Upgrade

Reverse Shells: Netcat

Reverse Shells: Meterpeter

Reverse Shells: PSExec

Reverse Shells: NoPAC

Base64 Encoded Powershell Payloads

rlwrap

PEASS-ng

Blue Team: wmic

Blue Team: tasklist

Blue Team: Get-WmiObject

CSRs

Chisel

ProxyChains

FoxyProxy SOCKS Proxies

tshark

responder

hashcat

Lateral Movement

Resource Development: Commando VM!

Resource Development: Exploit Testing and Maldoc creation

Defense Evasion: charlotte

Defense Evasion: Meterpreter

certutil

SharpCollection

PowerView

Rubeus

Certify

date (sounds lame but we actually use it in a way you’ve never seen before)

Detection Engineering: Log Review

Secure Coding Principles: Source Code Review

If this doesn’t excite you, you are not the right person for this course.

But if you’re ready to freggin’ have a blast and take your learning and skills to beast mode click Buy Now and let’s begin!

Who this course is for:
Intermediate to Advanced Red Team Operators
Intermediate to Advanced Penetration Testers
Security Conscious Software Developers
Blue Team SOC Analysts
Blue Team Threat Hunters
Cybersecurity Managers (wanting to understand initial intrusions and mitigations)

If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9

Leave a Comment Cancel reply