The Offensive Security Certified Professional (OSCP) has been one of the most difficult certifications I have completed but also one the most rewarding. If you are thinking of going down this path or preparing for the exam, below are a few things I found useful or wish I knew before I started this journey.
A beginner/intermediate VM, with only a few twists by author g0tmi1k. Apparently 2 ways to get limited shell and 3 ways to get root.
First of 3 in the Brainpan series created by superkojiman. A fun challenge with a easy BoF entry.
Natas teaches the basics of serverside web-security. I really enjoyed the Bandit challenges, so wanted to give this a go. I’ve tried to complete these without giving the key or direct solution – just a few hints.
Author KookSec created this machine to help others learn some basic CTF strategies and some tools. This machine is aimed to be very similar in difficulty to those found in the OSCP – which it was. This is a large post, but lists the 3 privilege escalation paths. What a great challenge.
Based on the show, Mr. Robot. This VM has three keys hidden in different locations. Your goal is to find all three. Each key is progressively difficult to find. There isn’t any advanced exploitation or reverse engineering. The level is considered intermediate level.
The story of a lonely and lazy sysadmin who cries himself to sleep. A beginner / intermediate CTF. Goal is to get root.
The Bandit wargames by OverTheWire is aimed at beginners and is lots of fun. It teaches the basics and many useful commands. Finding the solution is one thing, however eliminating other solutions and what you learn on the way is a great experience. Its highly recommend you try to solve these yourself before looking at the solutions. Note no keys or spoilers are found here.
It is a very simple Rick and Morty themed CTF. There are 130 points worth of flags available (each flag has its points recorded with it), you should also get root. This was my walk through…
During a 5 day CEH course our trainer gave us this CTF as a challenge towards the end of SQLi module. We were encouraged not to use any automated tools but just the theory we had learned so far. This was my first ever CTF and was lots of fun. Completion of this was a team effort.