Offensive Security Certified Professional (arabic)
In this course we will start our journey with OSCP in Arabic
Description
Explaining the oscp certificate in a professional and easy way, you will study in the next course:
1. General Course Information
1.1.Overall Strategies for Approaching the
Course
1.1.1. Course Materials2.4.2. HTTP Service
1.1.2. Course Exercises2.4.3. Exercises
1.1.3. Course Labs2.5. Searching, Installing, and
1.2. About Penetration TestingRemoving Tools
1.3. Setup Labs2.5.1. apt update
1.3.1. Virtualization2.5.2. apt upgrade
1.3.1.1. Kali Virtual Machines2.5.3. apt-cache search and
v
1.3.1.2. Linux Virtual Machinesapt show
1.3.1.3. Windows Virtual Machines2.5.4. apt install
1.3.1.4. Virtual Networks and Labs Deployment 2.5.5. apt remove -purge
2.5.6. dpkg
2. Getting Comfortable with Kali Linux
2.1. Booting Up Kali Linux3.Linux Command Line
2.2. The Kali Menu3.1. The Bash Environment
2.3. Finding Your Way Around Kali3.1.1. Environment Variables
2.3.1. The Linux Filesystem3.1.2. Tab Completion
2.3.2. Basic Linux Commands3.1.3. Bash History
2.3.3. Finding Files in Kali Linux3.2. Piping and Redirection
2.4. Managing Kali Linux Services
2.4.1. SSH Service
13.2.1. Redirecting to New File
3.2.2. Redirecting to an Existing File
3.6. Backgrounding Processes (bg)
3.2.3. Redirecting from a File
3.6.1. Jobs Control: jobs and fg
3.2.4. Redirecting STDERR
3.6.2. Process Control: ps and kill
3.2.5. Piping
3.7. File and Command Monitoring
3.3. Text Searching and
3.7.1. tail
Manipulation
3.7.2. watch
3.3.1. grep
3.8. Downloading Files
3.3.2. sed
3.8.1. wget
3.3.3. cut
3.8.2. curl
3.3.4. awk
3.8.3. axel
3.3.5. Practical Example
3.9. Customizing the Bash Environmen
3.4. Editing Files from the
3.9.1. Bash History Customization
Command Line
3.9.2. Alias
3.4.1. nano
3.9.3. Persistent Bash Customization
3.4.2. vi
4. Practical Tools
3.5. Comparing Files
4.1. Netcat
3.5.1. comm
Cat
3.5.2. diff
4.1.1. Connecting to a
3.5.3. vimdiff
TCP/UDP Port
3.5.4. Managing Processes
24.1.2. Listening on a TCP/UDP Port
4.1.3. Transferring Files with Net
4.1.4. Remote Administration with Netcat
4.4.4. Display Filters
4.2. Socat
4.4.5. Following TCP Streams
4.2.1. Netcat vs Socat
4.5. Tcpdump
4.2.2. Socat File Transfers
4.5.1. Filtering Traffic
4.2.3. Socat Reverse Shells
4.5.2. Advanced Header Filtering
4.2.4. Socat Encrypted Bind Shells
5. Bash Scripting
4.3. PowerShell and Powercat
5.1. Intro to Bash Scripting
4.3.1. PowerShell File Transfers
5.2. Variables
4.3.2. PowerShell Reverse Shells
5.2.1. Arguments
4.3.3. PowerShell Bind Shells
5.2.2. Reading User Input
4.3.4. Powercat
5.3. If, Else, Elif Statements
4.3.5. Powercat File Transfers
5.4. Boolean Logical Operations
4.3.6. Powercat Reverse Shells
5.5. Loops
4.3.7. Powercat Bind Shells
5.5.1. For loops
4.3.8. Powercat Stand-Alone Payloads
5.5.2. While Loops
4.4. Wireshark
5.6. Functions
4.4.1. Wireshark Basics
5.7. Practical Examples
4.4.2. Launching Wireshark
4.4.3. Capture Filters
36. Passive Information Gathering
6.1. Taking Notes
6.2. Website Recon
6.3. Whois Enumeration
6.4. Google Hacking
6.5. Netcraft
6.6. Recon-ng
6.7. Open-Source Code
6.8. Shodan
6.9. Security Headers Scanner
6.10. SSL Server Test
6.11. Pastebin
6.12. User Information Gathering
6.12.1. Email Harvesting
6.12.2. Passwords Dumps
6.13. Social Media Tools
6.13.1. Site-Specific Tools
6.14. Stack Oveflow
6.15.InformationGathering
Frameworks
6.15.1. OSINT Framework
6.15.2. Maltego
7. Active Information Gathering
7.1. DNS Enumeration
7.1.1. Interacting with a DNS Server
7.1.2. Automating Lookups
7.1.3. Forward Lookup Brute Force
7.1.4. Reverse Lookup Brute Force
7.1.5. DNS Zone Transfers
7.1.6. Relevant Tools in Kali Linux
7.2. Port Scanning
7.2.1. TCP / UDP Scanning
7.2.2. Port Scanning with Nmap
7.2.3. Masscan
7.3. SMB Enumeration
7.3.1. Scanning for the NetBIOS Service
7.3.2. Nmap SMB NSE Scripts
7.4. NFS Enumeration
7.4.1. Scanning for NFS Shares
7.4.2. Nmap NFS NSE Scripts
7.5. SMTP Enumeration
7.6. SNMP Enumeration
47.6.1. The SNMP MIB Tree
7.6.2. Scanning for SNMP
7.6.3. Windows SNMP Enumeration9. Web Application Attacks
Example9.1. Web Application Assessment
8. Vulnerability ScanningMethodology
8.1. Vulnerability Scanning Overview and9.2. Web Application Enumeration
Considerations9.2.1. Inspecting URLs
8.1.1. How Vulnerability Scanners Work9.2.2. Inspecting Page Content
8.1.2. Manual vs. Automated Scanning9.2.3. Viewing Response Headers
8.1.3. Internet Scanning vs Internal9.2.4. Inspecting Sitemaps
Scanning9.2.5. Locating Administration Consoles
8.1.4. Authenticated vs Unauthenticated9.3. Web Application Assessment Tools
Scanning9.3.1. DIRB
8.2. Vulnerability Scanning with Nessus9.3.2. Burp Suite
8.2.1. Installing Nessus9.3.3. Nikto
8.2.2. Defining Targets9.4. Exploiting Web-based
8.2.3. Configuring Scan DefinitionsVulnerabilities
8.2.4. Unauthenticated Scanning with9.4.1. Exploiting Admin Consoles
Nessus9.4.2. Cross-Site Scripting (XSS)
8.2.5. Authenticated Scanning with Nessus9.4.3. Directory Traversal
8.2.6. Scanning with Individual NessusVulnerabilities
Plugins9.4.4. File Inclusion Vulnerabilities
8.3. Vulnerability Scanning with Nmap9.4.5. SQL Injection
510.Introduction to Buffer Overflows
10.1. Introduction to the x Architecture
10.1.1. Program Memory
10.1.2. CPU Registers
10.2. Buffer Overflow Walkthrough
10.2.1. Sample Vulnerable Code
10.2.2. Introducing the Immunity Debugger
10.2.3. Navigating Code
10.2.4. Overflowing the Buffer
11. Windows Buffer Overflows
11.1. Discovering the Vulnerability
11.1.1. Fuzzing the HTTP Protocol
11.2. Win Buffer Overflow Exploitation
11.2.1. A Word About DEP, ASLR, and CFG
11.2.2. Replicating the Crash
11.2.3. Controlling EIP
11.2.4. Locating Space for Our Shellcode
11.2.5. Checking for Bad Characters
11.2.6. Redirecting the Execution Flow
11.2.7. Finding a Return Address
11.2.8. Generating Shellcode with Metasploit
11.2.10. Improving the Exploit
12. Linux Buffer Overflows
12.1. About DEP, ASLR, and Canaries
12.2. Replicating the Crash
12.3. Controlling EIP
12.4. Locating Space for Our Shellcode
12.5. Checking for Bad Characters
12.6. Finding a Return Address
12.7. Getting a Shell
13. Attacking Wi-Fi Networks
13.1. WEP
13.1.1. Overview and Setup
13.1.2. Deauthentication attack
13.1.3. ARP Replay Attack
13.1.4.
Cracking
the
Key
with
Aircrack-ng
13.1.4.1. Running PTW Attack with
Aircrack-ng
13.1.4.2. KoreK Attack
13.1.5. Clientless WEP Cracking
11.2.9. Getting a Shell
613.1.6. Bypassing Shared Key Authentication
13.1.7. Attacking the Client14.2. Sniffing in action
13.1.7.1. Caffe-Latte Overview14.2.1. Passive Sniffing
13.1.7.2. Practical Caffe-Latte Attack14.2.2. Active Sniffing
13.2. WPA and WPA214.2.2.1. MAC Flooding
13.2.1. The Four-Way Handshake14.2.2.2. ARP Poisoning
13.2.2. Capture the Handshake14.3. Basic of ARP
13.2.3. Using Aircrack-ng Against the14.3.1. Gratuitous ARP
Handshake14.3.2. ARP Poisoning
13.2.3.1. Build a Wordlist with Crunch14.3.3. Host poisoning
13.2.3.2. A Note on Cracking Speed14.3.4. Gateway poisoning
13.2.4. Exploit the GPU power14.4. Sniffing Tools
13.2.4.1. oclHashCat14.4.1. Dsniff
13.2.5. Cracking as a Service14.4.2. Wireshark
13.2.5.1. CloudCracker14.4.3. TCPDump
13.2.6. Space-time Tradeoff14.4.4. WinDump
13.2.6.1. Pyrit14.5.Man-in-the-Middle(MITM) Attacks
13.2.6.2. Pre-built Hash Files14.5.1. What they are
13.3. WPS14.5.2. ARP Poisoning for MITM
14. Sniffing & MITM14.5.3. Local to Remote MITM
14.1. What sniffing meansoofing
14.1.1. Why it is Possible
7
14.5.6.1. Responder/MultiRelay14.5.4. DHCP Spoofing
14.5.5. MITM in Public Key Exchange
15.2.2. HTA Attack in Action
14.5.6.LLMNR and NBT-NS
15.3. Exploiting Microsoft Office
Spoofing/Poisoning
15.3.1. Installing Microsoft Office
14.5.6.1. Responder/MultiRelay
15.3.2. Microsoft Word Macro
14.6. Attacking Tools
15.3.3. Object Linking and Embedding
14.6.1. Ettercap: Sniffing and MITM Attacks
15.3.4. Evading Protected View
14.6.1.1. SSL Traffic Sniffing
16. Locating Public Exploits
14.6.2. Cain&Abel: Sniffing and MITM
16.1. A Word of Caution
Attacks
16.2.1. Online Exploit Resources
14.6.3. Macof
16.2.2. Offline Exploit Resources
14.6.4. Arpspoof
16.3. Putting It All Together
14.6.5. Bettercap
17. Fixing Exploits
14.7. Intercepting SSL traffic
17.1. Fixing Memory Corruption
14.7.1. SSLStrip
Exploits
14.7.2. HSTS Bypass
17.1.1. Overview and Considerations
15. client-Side Attacks
17.1.2. Importing and Examining the
15.1. Know Your Target
Exploit
15.1.1. Passive Client Information Gathering
17.1.3. Cross-Compiling Exploit Code
15.1.2. Active Client Information Gathering
17.1.4. Changing the Socket
15.2. Leveraging HTML Applications
Information
15.2.1. Exploring HTML Applications
817.1.5. Changing the Return Address
17.1.6. Changing the Payload
18.2.5. Uploading Files with TFTP
17.1.7. Changing the Overflow Buffer
19. Antivirus Evasion
17.2. Fixing Web Exploits
19.1. What is Antivirus Software
17.2.1. Considerations and Overview
19.2. Methods of Detecting
17.2.2. Selecting the Vulnerability
Malicious Code
17.2.3. Changing Connectivity Information
19.2.1. Signature-Based Detection
17.2.4. Troubleshooting the “index out of
19.2.2. Heuristic and
range” Error
Behavioral-Based Detection
18. File Transfers
19.3. Bypassing Antivirus Detection
18.1. Considerations and Preparations
19.4. On-Disk Evasion
18.1.1. Dangers of Transferring Attack
19.5. In-Memory Evasion
Tools
19.6. AV Evasion: Practical
18.1.2. Installing Pure-FTPd
Example
18.1.3. The Non-Interactive Shell
20. Privilege Escalation
18.2. Transferring Files with Windows
20.1. Information Gathering
Hosts
20.1.1. Manual Enumeration
18.2.1. Non-Interactive FTP Download
20.1.2. Automated Enumeration
18.2.2. Windows Downloads Using
20.2. Windows Privilege Escalation
Scripting Languages
Examples
18.2.3. Windows Downloads with exe2hex
and PowerShell
920.2.1. Understanding Windows Privileges
and Integrity Levels
21.1. Wordlists
20.2.2. Introduction to User Account Control
21.1.1. Standard Wordlists
(UAC)
21.2. Brute Force Wordlists
20.2.3. User Account Control (UAC) Bypass:
21.3. Common Network Service
fodhelper.exe Case Study
Attack Methods
20.2.4. Insecure File Permissions: Serviio
21.3.1. HTTP htaccess Attack with
Case Study
Medusa
20.2.5. Leveraging Unquoted Service Paths
21.3.2. Remote Desktop Protocol
20.2.6. Windows Kernel Vulnerabilities:
Attack with Crowbar
USBPcap Case Study
21.3.3. SSH Attack with THC-Hydra
20.3. Linux Privilege Escalation Examples
21.3.4. HTTP POST Attack with
20.3.1. Understanding Linux Privileges
THC-Hydra
20.3.2. Insecure File Permissions: Cron Case
21.4. Leveraging Password Hashes
Study
21.4.1. Retrieving Password Hashes
20.3.3. Insecure File Permissions: /etc/passwd
21.4.2. Passing the Hash in Windows
Case Study
21.4.3. Password Cracking
20.3.4. Kernel Vulnerabilities: CVE-7-2 Case
22. Port Redirection and Tunneling
Study
21. Password Attacks
1022.1. Port Forwarding
22.1.1. RINETD
23.3.2. Kerberos Authentication
22.2. SSH Tunneling
23.3.3. Cached Credential Storage and
22.2.1. SSH Local Port Forwarding
Retrieval
22.2.2. SSH Remote Port Forwarding
23.3.4. Service Account Attacks
22.2.3. SSH Dynamic Port Forwarding
23.3.5. Low and Slow Password Guessing
22.3. PLINK.exe
23.4. Active Directory Lateral
22.4. NETSH
Movement
22.5. HTTPTunnel-ing Through Deep Packet
23.4.1. Pass the Hash
Inspection
23.4.2. Overpass the Hash
23. Active Directory Attacks
23.4.3. Pass the Ticket
23.1. Active Directory Theory
23.4.4. Distributed Component
23.2. Active Directory Enumeration
Object Model
23.2.1. Traditional Approach
23.5. Active Directory Persistence
23.2.2. A Modern Approach
23.5.1. Golden Tickets
23.2.3. Resolving Nested Groups
23.5.2. Domain Controller
23.2.4. Currently Logged on Users
Synchronization
23.2.5. Enumeration Through Service
24. The Metasploit Framework
Principal Names
24.1. Metasploit User Interfaces and
23.3. Active Directory Authentication
Setup
23.3.1. NTLM Authentication
1124.1.1. Getting Familiar with MSF
Syntax24.5.1. Core Post-Exploitation
24.1.2. Metasploit Database AccessFeatures
24.1.3. Auxiliary Modules24.5.2. Migrating Processes
24.2. Exploit Modules24.5.3. Post-Exploitation Modules
24.2.1. SyncBreeze Enterprise24.5.4. Pivoting with the Metasploit
24.3. Metasploit PayloadsFramework
24.3.1. Staged vs Non-Staged24.6. Metasploit Automation
Payloads25. PowerShell Empire
24.3.2. Meterpreter Payloads25.1. Installation, Setup, and Usage
24.3.3. Experimenting with25.1.1. PowerShell Empire Syntax
Meterpreter25.1.2. Listeners and Stagers
24.3.4. Executable Payloads25.1.3. The Empire Agent
24.3.5. Metasploit Exploit Multi25.2. PowerShell Modules
Handler25.2.1. Situational Awareness
24.3.6. Client-Side Attacks25.2.2.
24.3.7. Advanced Features andEscalation
Transports25.2.3. Lateral Movement
24.4. Building Our Own MSF Module25.3. Switching Between Empire and
24.5. Post-Exploitation withMetasploit
Metasploit
12
Credentials
and
Privilege14
What You Will Learn!
- Offensive Security Certified Professional (OSCP) video series by salama:
- Practical Hands on Offensive Penetration Testing OSCP - Beginner to Advance -
- In this course we will start our journey with OSCP in Arabic
- Learn in a professional and different way, in detail that is not boring, the steps of penetration testing, practical and theoretical, and practice
Who Should Attend!
- this course for beginners in field of cyber security