High level cheatsheet that was designed to make checks on the OSCP more manageable

OSCP CheatSheet 2022

High-level notes for quick reference, scripts that may be useful for the exam (both my own and third party), tips/tricks & much more

All curated and formatted for the new 'AD' style OSCP exam

  • Jake Scheetz, 2022

Repo Layout

Videos


  • Contains a list of videos from my YouTube channel that walkthrough the HTB machines that emulate the OSCP exam.
  • This contains both Linux and Windows machines and varies in difficulty from insane to easy.
  • this also contains lists of other YT videos that I found helpful for learning other topics covered in the PWK course

Notes


  • This folder contains all of my quick references to useful tid-bits of information and commands that are somehow hard to remember off the top of your head
    • this includes snippets of commands for all topics from enumeration to post exploitation techniques
  • Additionally you'll find useful nuances about tech stacks, services, and exploit chains that can be useful to identify entry points onto machines.

Scripts


  • This folder contains all of he source code for all the tools that I personally wrote to automate things like recon in the lab environment as well as scripts that were used to build off of during the course
    • Note that in the source code of each script I'll clearly state what was produced by myself and what is an example from OffSec, I in no way am taking credit for their work or their code examples.
  • While I think that my scripts for recon can be useful to automate the process, I hihgly recommend not using them during the course exercises so that you can build the adequate skills to approach the lab env. However, feel free to use them elsewhere and especially on the lab env where recon becomes very repetitive.
Owner
Jacob Scheetz
💼 Cyber Security Consultant - NetSPI 🎬 Offensive Security content creator
Jacob Scheetz
Similar Resources

JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

JavaScript Raider is a coverage-guided JavaScript fuzzing framework designed for the v8 JavaScript engine

Jun 24, 2022

NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

NoSecerets NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat How does it work? Instead of taking

Apr 28, 2022

The Web Application Firewall Paranoia Level Test Tool.

 The Web Application Firewall Paranoia Level Test Tool.

Quick WAF "paranoid" Doctor Evaluation WAFPARAN01D3 The Web Application Firewall Paranoia Level Test Tool. — From alt3kx.github.io Introduction to Par

Jun 9, 2022

Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

Source code for

TSAR Source code for NAACL 2022 paper: A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction. 🔥 Introduction We focus on extra

Jun 21, 2022

Tools to make working the Arch Linux Security Tracker easier

This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

May 19, 2022

A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

Jun 14, 2022

Make your own huge Wordlist with advanced options

#It's my first tool i hope to be useful for everyone, Make your own huge Wordlist with advanced options, You need python3 to run this tool, If you hav

Oct 14, 2021
Visius Heimdall is a tool that checks for risks on your cloud infrastructure
Visius Heimdall is a tool  that checks for risks on your cloud infrastructure

Heimdall Cloud Checker ???? About Visius is a Brazilian cybersecurity startup that follows the signs of the crimson thunder ;) ?? ! As we value open s

Jun 20, 2022
This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature

rpckiller This script checks for any possible SSRF dns/http interactions in xmlrpc.php pingback feature and with that you can further try to escalate

May 19, 2022
Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a

Nov 12, 2021
Script checks provided domains for log4j vulnerability

log4j Script checks provided domains for log4j vulnerability. A token is created with canarytokens.org and passed as header at request for a single do

Dec 12, 2021
A Burp Pro extension that adds log4shell checks to Burp Scanner

scan4log4shell A Burp Pro extension that adds log4shell checks to Burp Scanner, written by Daniel Crowley of IBM X-Force Red. Installation To install

Mar 15, 2022
Bandit is a tool designed to find common security issues in Python code.
Bandit is a tool designed to find common security issues in Python code.

A security linter from PyCQA Free software: Apache license Documentation: https://bandit.readthedocs.io/en/latest/ Source: https://github.com/PyCQA/ba

Jul 6, 2022
This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

Oct 30, 2021
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

Apr 2, 2022
Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.
Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains.

Log4jScanner Log4jScanner is a Log4j Related CVEs Scanner, Designed to Help Penetration Testers to Perform Black Box Testing on given subdomains. Disc

Jun 19, 2022
HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

May 10, 2022