Offensive Security Certified Professional (OSCP)

Offensive Security Certified Professional (OSCP) is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution . The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.


Can’t find a batch you were looking for?


Offensive Security Certified Professional (OSCP) is an ethical hacking certification offered by Offensive Security that teaches penetration testing methodologies and the use of the tools included with the Kali Linux distribution . The OSCP is a hands-on penetration testing certification, requiring holders to successfully attack and penetrate various live machines in a safe lab environment. It is considered more technical than other ethical hacking certifications, and is one of the few certifications that requires evidence of practical penetration testing skills.

Course content


1. Penetration Testing with Kali Linux: General Course Information
1.1. About The PWK Course
  • PWK Course Materials
  • Access to the Internal VPN Lab Network
  • The Offensive Security Student Forum
  • Live Support
  • OSCP Exam Attempt
1.2. Overall Strategies for Approaching the Course
  • Welcome and Course Information Emails
  • Course Materials
  • Course Exercises
  • PWK Labs
1.3. Obtaining Support
1.4. About Penetration Testing
1.5. Legal
1.6. The and Sandbox.local Domains
1.7. About the PWK VPN Labs
  • Lab Warning
  • Control Panel
  • Reverts
  • Client Machines
  • Kali Virtual Machine
  • Lab Behavior and Lab Restrictions
1.8. Reporting
  • Consider the Objective
  • Consider the Audience
  • Consider What to Include
  • Consider the Presentation
  • The PWK Report
  • Note Taking
1.9. About the OSCP Exam
  • Metasploit Usage – Lab vs Exam
2. Getting Comfortable with Kali Linux
2.1. Booting Up Kali Linux
2.2. The Kali Menu
2.3. Kali Documentation
  • The Kali Linux Official Documentation
  • The Kali Linux Support Forum
  • The Kali Linux Tools Site
  • The Kali Linux Bug Tracker
  • The Kali Training Site
  • Exercises
2.4. Finding Your Way Around Kali
  • The Linux Filesystem
  • Basic Linux Commands
  • Finding Files in Kali Linux
2.5. Managing Kali Linux Services
  • SSH Service
  • HTTP Service
  • Exercises
2.6. Searching, Installing, and Removing Tools
  • apt update
  • apt upgrade
  • apt-cache search and apt show
  • apt install
  • apt remove –purge
  • dpkg
3. Command Line Fun
3.1. The Bash Environment
  • Environment Variables
  • Tab Completion
  • Bash History Tricks
3.2. Piping and Redirection
  • Redirecting to a New File
  • Redirecting to an Existing File
  • Redirecting from a File
  • Redirecting STDERR
  • Piping
3.3. Text Searching and Manipulation
  • grep
  • sed
  • cut
  • awk
  • Practical Example
3.4. Editing Files from the Command Line
  • nano
  • vi
3.5. Comparing Files
  • comm
  • diff
  • vimdiff
3.6. Managing Processes
  • Backgrounding Processes (bg)
  • Jobs Control: jobs and fg
  • Process Control: ps and kill
3.7. File and Command Monitoring
  • tail
  • watch
3.8. Downloading Files
  • wget
  • curl
  • axel
3.9. Customizing the Bash Environment
  • Bash History Customization
  • Alias
  • Persistent Bash Customization
4. Practical Tools
4.1. Netcat
  • Connecting to a TCP/UDP Port
  • Listening on a TCP/UDP Port
  • Transferring Files with Netcat
  • Remote Administration with Netcat
4.2 Socat
  • Netcat vs Socat
  • Socat File Transfers
  • Socat Reverse Shells
  • Socat Encrypted Bind Shells
4.3 PowerShell and Powercat
  • PowerShell File Transfers
  • PowerShell Reverse Shells
  • PowerShell Bind Shells
  • Powercat
  • Powercat File Transfers
  • Powercat Reverse Shells
  • Powercat Bind Shells
  • Powercat Stand-Alone Payloads
4.4 Wireshark
  • Wireshark Basics
  • Launching Wireshark
  • Capture Filters
  • Display Filters
  • Following TCP Streams
4.5 Tcpdump
  • Filtering Traffic
  • Advanced Header Filtering
5. Bash Scripting
5.1 Intro to Bash Scripting
5.2 Variables
  • Arguments
  • Reading User Input
5.3 If, Else, Elif Statements
5.4 Boolean Logical Operations
5.5 Loops
  • For Loops
  • While Loops
5.6 Functions
5.7 Practical Examples
  • Practical Bash Usage – Example 1
  • Practical Bash Usage – Example 2
  • Practical Bash Usage – Example 3
6. Passive Information Gathering
  • Taking Notes
  • Website Recon
  • Whois Enumeration
  • Google Hacking
  • Netcraft
  • Recon-ng
  • Open-Source Code
  • Shodan
  • Security Headers Scanner
  • SSL Server Test
  • Pastebin
6.1 User Information Gathering
  • Email Harvesting
  • Password Dumps
6.2 Social Media Tools
  • 13.2 Site-Specific Tools
6.3 Stack Overflow
6.4 Information Gathering Frameworks
  • OSINT Framework
  • Maltego
7. Active Information Gathering
7.1 DNS Enumeration
  • Interacting with a DNS Server
  • Automating Lookups
  • Forward Lookup Brute Force
  • Reverse Lookup Brute Force
  • DNS Zone Transfers
  • Relevant Tools in Kali Linux
7.2 Port Scanning
  • TCP / UDP Scanning
  • Port Scanning with Nmap
  • Masscan
7.3 SMB Enumeration
  • Scanning for the NetBIOS Service
  • Nmap SMB NSE Scripts
7.4 NFS Enumeration
  • Scanning for NFS Shares
  • Nmap NFS NSE Scripts
7.5 SMTP Enumeration
7.6 SNMP Enumeration
  • The SNMP MIB Tree
  • Scanning for SNMP
  • Windows SNMP Enumeration Example
8. Vulnerability Scanning
8.1 Vulnerability Scanning Overview and Considerations
  • How Vulnerability Scanners Work
  • Manual vs. Automated Scanning
  • Internet Scanning vs Internal Scanning
  • Authenticated vs Unauthenticated Scanning
8.2 Vulnerability Scanning with Nessus
  • Installing Nessus
  • Defining Targets
  • Configuring Scan Definitions
  • Unauthenticated Scanning With Nessus
  • Authenticated Scanning With Nessus
  • Scanning with Individual Nessus Plugins
8.3 Vulnerability Scanning with Nmap
9. Web Application Attacks
9.1 Web Application Assessment Methodology
9.2 Web Application Enumeration
  • Inspecting URLs
  • Inspecting Page Content
  • Viewing Response Headers
  • Inspecting Sitemaps
  • Locating Administration Consoles
9.3 Web Application Assessment Tools
  • DIRB
  • Burp Suite
  • Nikto
9.4 Exploiting Web-based Vulnerabilities
  • Exploiting Admin Consoles
  • Cross-Site Scripting (XSS)
  • Directory Traversal Vulnerabilities
  • File Inclusion Vulnerabilities
  • SQL Injection
9.5 Extra Miles
  • Exercises
10. Introduction to Buffer Overflows
10.1 Introduction to the x Architecture
  • Program Memory
  • CPU Registers
10.2 Buffer Overflow Walkthrough
  • Sample Vulnerable Code
  • Introducing the Immunity Debugger
  • Navigating Code
  • Overflowing the Buffer
  • Exercises
11. Windows Buffer Overflows
11.1 Discovering the Vulnerability
  • Fuzzing the HTTP Protocol
11.2 Win Buffer Overflow Exploitation
  • A Word About DEP, ASLR, and CFG
  • Replicating the Crash
  • Controlling EIP
  • Locating Space for Our Shellcode
  • Checking for Bad Characters
  • Redirecting the Execution Flow
  • Finding a Return Address
  • Generating Shellcode with Metasploit
  • Getting a Shell
  • Improving the Exploit
12. Linux Buffer Overflows
  • About DEP, ASLR, and Canaries
  • Replicating the Crash
  • Controlling EIP
  • Locating Space for Our Shellcode
  • Checking for Bad Characters
  • Finding a Return Address
  • Getting a Shell
  • Wrapping Up
13. Client-Side Attacks
13.1 Know Your Target
  • Passive Client Information Gathering
  • Active Client Information Gathering
13.2 Leveraging HTML Applications
  • Exploring HTML Applications
  • HTA Attack in Action
13.3 Exploiting Microsoft Office
  • Installing Microsoft Office
  • Microsoft Word Macro
  • Object Linking and Embedding
  • Evading Protected View
14. Locating Public Exploits
14.1 A Word of Caution
14.2 Searching for Exploits
  • Online Exploit Resources
  • Offline Exploit Resources
14.3 Putting It All Together
15. Fixing Exploits
15.1 Fixing Memory Corruption Exploits
  • Overview and Considerations
  • Importing and Examining the Exploit
  • Cross-Compiling Exploit Code
  • Changing the Socket Information
  • Changing the Return Address
  • Changing the Payload
  • Changing the Overflow Buffer
15.2 Fixing Web Exploits
  • Considerations and Overview
  • Selecting the Vulnerability
  • Changing Connectivity Information
  • Troubleshooting the “index out of range” Error
15.3 Wrapping Up
15.4 File Transfers
15.5 Considerations and Preparations
  • Dangers of Transferring Attack Tools
  • Installing Pure-FTPd
  • The Non-Interactive Shell
15.6 Transferring Files with Windows Hosts
  • Non-Interactive FTP Download
  • Windows Downloads Using Scripting Languages
  • Windows Downloads with exe2hex and PowerShell
  • Windows Uploads Using Windows Scripting Languages
  • Uploading Files with TFTP
17. Antivirus Evasion
17.1 What is Antivirus Software
17.2 Methods of Detecting Malicious Code
  • Signature-Based Detection
  • Heuristic and Behavioral-Based Detection
17.3 Bypassing Antivirus Detection
  • On-Disk Evasion
  • In-Memory Evasion
  • AV Evasion: Practical Example
18. Privilege Escalation
18.2 Information Gathering
  • Manual Enumeration
  • Automated Enumeration
18.3 Windows Privilege Escalation Examples
  • Understanding Windows Privileges and Integrity Levels
  • Introduction to User Account Control (UAC)
  • User Account Control (UAC) Bypass: fodhelper.exe Case Study
  • Insecure File Permissions: Serviio Case Study
  • Leveraging Unquoted Service Paths
  • Windows Kernel Vulnerabilities: USBPcap Case Study
18.3 Linux Privilege Escalation Examples
  • Understanding Linux Privileges
  • Insecure File Permissions: Cron Case Study
  • Insecure File Permissions: /etc/passwd Case Study
  • Kernel Vulnerabilities: CVE-7-2 Case Study
19. Password Attacks
19.1 Wordlists
  • Standard Wordlists
19.2 Brute Force Wordlists
19.3 Common Network Service Attack Methods
  • HTTP htaccess Attack with Medusa
  • Remote Desktop Protocol Attack with Crowbar
  • SSH Attack with THC-Hydra
  • HTTP POST Attack with THC-Hydra
19.4 Leveraging Password Hashes
  • Retrieving Password Hashes
  • Passing the Hash in Windows
  • Password Cracking
20. Port Redirection and Tunneling
20.1 Port Forwarding
20.2 SSH Tunneling
  • SSH Local Port Forwarding
  • SSH Remote Port Forwarding
  • SSH Dynamic Port Forwarding
20.3 PLINK.exe
20.4 NETSH
20.5 HTTPTunnel-ing Through Deep Packet Inspection
21. Active Directory Attacks
21.1 Active Directory Theory
21.2 Active Directory Enumeration
  • Traditional Approach
  • A Modern Approach
  • Resolving Nested Groups
  • Currently Logged on Users
  • Enumeration Through Service Principal Names
21.3 Active Directory Authentication
  • NTLM Authentication
  • Kerberos Authentication
  • Cached Credential Storage and Retrieval
  • Service Account Attacks
  • Low and Slow Password Guessing
21.4 Active Directory Lateral Movement
  • Pass the Hash
  • Overpass the Hash
  • Pass the Ticket
  • Distributed Component Object Model
21.5 Active Directory Persistence
  • Golden Tickets
  • Domain Controller Synchronization
22. The Metasploit Framework
22.1 Metasploit User Interfaces and Setup
  • Getting Familiar with MSF Syntax
  • Metasploit Database Access
  • Auxiliary Modules
22.2 Exploit Modules
  • SyncBreeze Enterprise
22.3 Metasploit Payloads
  • Staged vs Non-Staged Payloads
  • Meterpreter Payloads
  • Experimenting with Meterpreter
  • Executable Payloads
  • Metasploit Exploit Multi Handler
  • Client-Side Attacks
  • Advanced Features and Transports
22.4 Building Our Own MSF Module
22.5 Post-Exploitation with Metasploit
  • Core Post-Exploitation Features
  • Migrating Processes
  • Post-Exploitation Modules
  • Pivoting with the Metasploit Framework
22.6 Metasploit Automation
23. PowerShell Empire
23.1 Installation, Setup, and Usage
  • PowerShell Empire Syntax
  • Listeners and Stagers
  • The Empire Agent
23.2 PowerShell Modules
  • Situational Awareness
  • Credentials and Privilege Escalation
  • Lateral Movement
23.3 Switching Between Empire and Metasploit
24. Assembling the Pieces: Penetration Test Breakdown
24.1 Public Network Enumeration
24.2 Targeting the Web Application
  • Web Application Enumeration
  • SQL Injection Exploitation
  • Cracking the Password
  • Enumerating the Admin Interface
  • Obtaining a Shell
  • Post-Exploitation Enumeration
  • Creating a Stable Pivot Point
24.3 Targeting the Database
  • Enumeration
  • Attempting to Exploit the Database
24.4 Deeper Enumeration of the Web Application Server
  • More Thorough Post Exploitation
  • Privilege Escalation
  • Searching for DB Credentials
24.5 Targeting the Database Again
  • Exploitation
  • Post-Exploitation Enumeration
  • Creating a Stable Reverse Tunnel
24.6 Targeting Poultry
  • Enumeration
  • Exploitation (Or Just Logging In)
  • Post-Exploitation Enumeration
  • Unquoted Search Path Exploitation
  • Post-Exploitation Enumeration
24.7 Internal Network Enumeration
  • Reviewing the Results
24.8 Targeting the Jenkins Server
  • Application Enumeration
  • Exploiting Jenkins
  • Post Exploitation Enumeration
  • Privilege Escalation
  • Post Exploitation Enumeration
24.9 Targeting the Domain Controller
  • Exploiting the Domain Controller
25. Trying Harder: The Labs
  • Real Life Simulations
  • Machine Dependencies
  • Cloned Lab Machines
  • Unlocking Networks
  • Routing
  • Machine Ordering & Attack Vectors
  • Firewall / Routers / NAT
  • Passwords


To see the full course content Download now

Course Prerequisites

  • Solid understanding of TCP/IP networking
  • Reasonable Windows and Linux administration experience
  • Familiarity with basic Bash and/or Python scripting

Who can attend

  • Infosec professionals transitioning into penetration testing
  • Pentesters seeking an industry-leading certification
  • Security professionals
  • Network administrators
  • Other technology professionals

Number of Hours: 40hrs



Key features

  • One to One Training
  • Online Training
  • Fastrack & Normal Track
  • Resume Modification
  • Mock Interviews
  • Video Tutorials
  • Materials
  • Real Time Projects
  • Virtual Live Experience
  • Preparing for Certification


DASVM Technologies offers 300+ IT training courses with 10+ years of Experienced Expert level Trainers.

  • One to One Training
  • Online Training
  • Fastrack & Normal Track
  • Resume Modification
  • Mock Interviews
  • Video Tutorials
  • Materials
  • Real Time Projects
  • Materials
  • Preparing for Certification

Call now: +91-99003 49889 and know the exciting offers available for you!

We working and coordinating with the companies exclusively to get placed. We have a placement cell focussing on training and placements in Bangalore. Our placement cell help more than 600+ students per year.

Learn from experts active in their field, not out-of-touch trainers. Leading practitioners who bring current best practices and case studies to sessions that fit into your work schedule. We have a pool of experts and trainers are composed with highly skilled and experienced in supporting you in specific tasks and provide professional support. 24x7 Learning support from mentors and a community of like-minded peers to resolve any conceptual doubts. Our trainers has contributed in the growth of our clients as well as professionals.

All of our highly qualified trainers are industry experts with at least 10-12 years of relevant teaching experience. Each of them has gone through a rigorous selection process which includes profile screening, technical evaluation, and a training demo before they are certified to train for us. We also ensure that only those trainers with a high alumni rating continue to train for us.

No worries. DASVM technologies assure that no one misses single lectures topics. We will reschedule the classes as per your convenience within the stipulated course duration with all such possibilities. If required you can even attend that topic with any other batches.

DASVM Technologies provides many suitable modes of training to the students like:

  • Classroom training
  • One to One training
  • Fast track training
  • Live Instructor LED Online training
  • Customized training

Yes, the access to the course material will be available for lifetime once you have enrolled into the course.

You will receive DASVM Technologies recognized course completion certification & we will help you to crack global certification with our training.

Yes, DASVM Technologies provides corporate trainings with Course Customization, Learning Analytics, Cloud Labs, Certifications, Real time Projects with 24x7 Support.

Yes, DASVM Technologies provides group discounts for its training programs. Depending on the group size, we offer discounts as per the terms and conditions.

We accept all major kinds of payment options. Cash, Card (Master, Visa, and Maestro, etc), Wallets, Net Banking, Cheques and etc.

DASVM Technologies has a no refund policy. Fees once paid will not be refunded. If the candidate is not able to attend a training batch, he/she is to reschedule for a future batch. Due Date for Balance should be cleared as per date given. If in case trainer got cancelled or unavailable to provide training DASVM will arrange training sessions with other backup trainer.

Your access to the Support Team is for lifetime and will be available 24/7. The team will help you in resolving queries, during and after the course.

Please Contact our course advisor +91-99003 49889. Or you can share your queries through

like our courses