Updated OSCP Materials: Part Two

Note: This will be at least a three part review, and hopefully I can fit in an ambiguous lab review at the end of Part Three.

I'll start this part by covering the passive information gathering section. This section has been greatly improved and expanded upon. A number of tools that are covered are tools you most likely use in your own field engagements. Active and passive OSINT techniques are covered, and if you pay attention, you may glean some remarkable insight as to the identity of our new narrator.

The DNS section is very helpful, and an excellent reference for DNS enumeration and exploitation. Tasks are walked through in detail, and at length, as well as providing methods to automate these tasks. The commonly used Kali Linux tools for DNS recon and attacks are also covered, and even if you use them regularly, it's worth sitting through.

Port scanning has been expanded a bit to provide greater detail as to how systems communicate, to include an excellent walkthrough of these processes, as well as a greater explanation of how these processes differ. Much better discussion on the implications of heavy scanning on the network. Many of the examples, while the same, offer a bit more insight and better explanation of what occurs in the background.

Network sweeping techniques are covered in detail, and many of these techniques I used during my engagements. Much more information is provided to provide flexibility and easy methods to perform recon. Masscan is also covered.

I found there was not much difference in the nmap script usage and SMB enumeration, but it’s comprehensive and still quite useful. For someone new to the course, this information, while not providing any new information (SMB gonna SMB), is presented in an easy to understand, practical method. For most of us, this is a retread, though new students and junior professionals can still greatly benefit from the material.

Excellent coverage of NFS recon and exploitation. The course has very helpful and practical examples to assist you in both recon and exploitation. In fact, if you were banging your head over one particular lab machine, this section may prove to be extremely valuable.

SNMP coverage hasn’t changed much. However, I found this now provides a better explanation of the protocol and the tools you'll use to further enumerate your targets. This module, I found, was much more concise with practical applications that you can use immediately.

The Vulnerability Scanning section is very helpful and immensely practical for field use. It serves as a great Nessus primer, and even covers common mistakes I see sysadmins encountering while learning how the scanner works. After this module, you'll have enough Nessus knowledge to perform basic tasks, and know how to customize your scans to adapt to specialized tasks, network limitations, and save time.