OSCP exam preparation notes, cheatsheets, and methodology references. Built from hands-on practice across HackTheBox machines and lab environments.
Personal study notes — not an official resource. Use alongside PEN-200 course material.
| File | Description |
|---|---|
| oscp-cheatsheet.md | Full exam cheatsheet — commands, techniques, methodology |
- Network Basics — Wireshark, tcpdump, host discovery
- Port Scanning — nmap techniques, service enumeration
- Common Ports & Services — quick reference per protocol
- Web Methodology — enumeration, fuzzing, common vectors
- Web Vulnerabilities — SQLi, XSS, LFI, RFI, SSRF, command injection
- Reverse Shells — bash, python, php, powershell, netcat
- Windows Privilege Escalation — enumeration, exploits, common paths
- Linux Privilege Escalation — SUID, sudo, cron, capabilities
- Password Attacks — hashcat, john, hydra, spray techniques
- Post Exploitation & File Transfer — persistence, pivoting, file moves
- Pivoting & Tunneling — chisel, ligolo, proxychains, SSH tunnels
- Active Directory — Kerberoasting, AS-REP, BloodHound, RBCD, ADCS, DCSync
- MSFvenom Payloads — staged/stageless, encoders, formats
- Misc & Tips — exam tips, common gotchas
- ad-attack-chain — modular AD attack chain automation
- ad-lab — local AD lab + attack scripts + BloodHound queries
- htb-writeups — HTB machine writeups
- nuclei-templates — custom web vulnerability templates
- tifsec — deliberately vulnerable web app for web exploitation practice
J0stif — penetration tester, bug bounty hunter PNPT · PWPA · CEH | OSCP (in progress) · HTB CPTS (in progress) · HTB CWES (in progress)
HTB Profile · Site · Twitter/X