How To Hack The Box To Your OSCP (Part 2)

Name: How To Hack The Box To Your OSCP (Part 2)
Rating: 4.8 (117 reviews)

The Hard Boxes

Created byVonnie Hudson

Last updated 11/2022

English

What you'll learn

Technical confidence needed to take on the OSCP exam
Attacker tradecraft mapped to the MITRE ATT&CK Framework
New tooling and techniques to conduct higher quality penetration tests and red team exercises.
Expert tips and tactics for becoming a competent offensive cyber security professional

Course content

4 sections • 6 lectures • 3h 23m total length

How To Get Started1:34
In this quick lecture I'm going to show you how to sign up for Hack The Box, setup your Linux VM and configure TMUX so you can start hacking like a pro! Let's go!

Blackfield - Initial Access1:05:10
Once upon a time nmap scanned a vulnerable host and discovered SMB was open... but the path to exploitation wasn't as direct as it seemed! In this lecture you're going to use (and understand) a ton of tools! You're going to learn how to use dig, rpcclient, ldapsearch, smbmap, smbclient, kerbrute, crackmapexec, hashkat, bloodhound and more. You're going to learn how to AS-REP Roast (and how it's different from Kerberoasting). You're going to learn the attackers methodology and how to think through difficult situations. You're going to map all attacks to the industry standard MITRE ATT&CK Framework. You're going to... <panting> lol - okay it's going to be nuts - let's just get started lol
Blackfield - Exploitation + Priv Esc32:46
Dump creds from memory and escalate... you've head about this technique but have you ever.. like.. actually done it - and understood what the crap you were doing? In this lecture it will ALL MAKE SENSE. You're going to learn how to Pass the Hash (PtH) and THEN we're going to try to detect evidence of PtH in the Windows Security Logs at the end of the video lecture. You're going to dump secrets from SAM Security Hives... You're going to execute defense evasion, NTDS.DIT dumping, lateral movement... oh man! I have a ton in store for you - can't hold it in - let's go!

Spider - Initial Access1:21:49
Beware: this lecture is only for the brave! It's a challenging box! You'll learn how to use Ferox Oxide buster, how to manually craft a reflected XSS payload (and understand EXACTLY how it works and why it's dangerous), how to craft a SSTI payload to achieve RCE on the victim server, how to use WFUZZ to bypass a WAF, how to used advanced SQLMap features to exploit a SQL injection vulnerability, how to manually fingerprint a web application based on leaked environment variables and more! This lecture is grade A "BONKERS!" - I poured my very best into this one for you - I promise you will learn something new after going through this one! ENJOY :)
Spider - Exploitation + Priv Esc22:14
Now it's time to pop the box. In this lecture we'll discovery that LinPEAS doesn't give us a direct route to exploitation... but a subtle clue which, as astute observers, we will capitalize on! You will learn about SSH Port Forwarding. Not only how to do it but why you may need it and important use cases. You'll learn how to exploit XXE vulnerabilities and more. C'mon! Let's do this!! now! haha.

Requirements

Basic computer with at least 16GB of RAM
VMWare Workstation Trial
VIP Hack The Box Account
Constant Curiosity and a thirst to learn new things :)

Description

Hack The Box is becoming ascendant in the penetration testing infosec community. It has rapidly risen to stardom as super hackers such as IppSec and 0xdf have published tons of free material helping our community graduate from n00b to ninja. Hack The Box has gameified hacking and has made the entire learning process both fun and educational.

In this course I wanted to give you a set of boxes that are more challenging to hack. If you're looking for harder boxes and want to peek inside my hacking methodology, mindset and technique then this course is for you. You won't pass the OSCP exam from simply going through these videos lectures and I currently don't have the OSCP cert. I've taken the training material and took the 24 hour exam but failed it. BUT! Instead of letting that get me down, I decided to create an online course as a means of helping me master the concepts I encountered in my training and on the exam. I created this course as a means of helping me pass the exam and helping others as we go through the journey together.

The good news is the training in this course will help you because you'll develop the attacker tradecraft and technical skillset needed to compromise systems. You'll also learn why attacks work. This isn't a course about push-button-hacking. You will learn the rationale behind various real-world attacks and understand the gotches and pitfalls newbies make when using select tools.

We are about to have a lot of fun and I can hardly wait to come along side you on your journey to earning your OSCP. Are you ready to have fun studying for this thing?

Get prepared to go on a ride. You’re about to learn a lot and many of the tactics and techniques we leverage align with real world scenarios.

All attacks and techniques are mapped to the MITRE ATT&CK Framework.

If you're a software engineering dreaming about how to pwn boxes then this course is for you.

If you're the curious type who wonders what could have been done differently after rooting a box or if you want to know WHY exploits fail... then this course is for you.

If you want to stop feeling like an imposter who acts like you know what you're talking about and want to finally feel the confidence, pleasure and peace that comes from REALLY knowing what you're talking about.. then this.... course.... is for you.

Let's go! You got this baby!

Who this course is for:

Students who want to understand the thinking methodology behind hacking computers
Students who want to earn their OSCP Certification

How To Hack The Box To Your OSCP (Part 2)

What you'll learn

Explore related topics

Course content

Press Play1 lecture • 2min

Windows2 lectures • 1hr 38min

Linux2 lectures • 1hr 44min

BONUS SECTION: THANK YOU!!!1 lecture • 1min

Requirements

Description

Who this course is for: