OSCP Prep

CTF / Boot-to-Root VMs

• VulnHub
• OWASP Security Shepherd
• OWASP Broken Web Application Project
• Metasploitable - VM to test your Metasploit skills
• challenge.synacor.com: a text adventure game. Lots of programming chals, ASM especially

Shellcoding / Exploits / Reverse Engineering

• paraschetal.in / Writing your own shellcode
• A great primer on Buffer Overflow
• Exploit-Exercises.com
• Overthewire.org / Shell-based CTF-style games
• Shell-Storm.org - a huge Shellcodes database!

Courses / Training

• Open Security Training
• SEED Project

Website Reconnaissance Tools & Techniques

• BuiltWith
• Joomla Security Scanner
• Check Joomla version without hacking
• BlindElephant Web Application Fingerprinter
• ChromeSniffer Plus

Scanning

SQL Injection

• Beyond SQLi: Obfuscate and Bypass
• Exploiting hard filtered SQL Injections
• SQL Injection Cheat Sheet

Access & Escalation

• LFISuite - Totally Automatic LFI Exploiter (+ Reverse Shell) and Scanner

Data Exfiltration

Assault

Obfuscation

Programming

Python

• Pygments - python syntax highlighter

Lists / Payloads / Fuzzers

• danielmiessler/SecLists