# Best Resources I Found During My OSCP Journey

## **Resources I Relied On During OSCP Prep**

When it comes to preparing for the **OSCP exam**, the number of resources out there can be both a blessing and a curse. If you’ve spent any time in the cybersecurity space, you know that everyone has their own list of guides, writeups, blogs, and tools they swear by. While that’s great, it can also feel a little overwhelming. With so many options, the real challenge becomes figuring out *which ones are worth your time*.

That was exactly the situation I found myself in. I collected recommendations from friends, colleagues, and the broader cybersecurity community. As I worked through them, I noticed something interesting: many of the resources overlapped or covered very similar content. But a few stood out—either because they explained concepts better or provided deeper insights into specific topics.

So, instead of dumping a massive list of links, I want to share **the resources that genuinely helped me** the most. Alongside each, I’ve noted what topic or area it’s particularly strong in. These may not be the only great resources out there, but they were the ones that clicked with me during my OSCP journey. Hopefully, they’ll save you some time and confusion.

Remember: the key is not to hoard every possible PDF, blog, or GitHub repo you come across. Instead, curate your toolkit wisely, focus on depth over breadth, and keep refining your notes as you go. The exam is as much about **clarity and methodical thinking** as it is about technical skills.

At the end of the day, make sure you have your **best resources ready in your toolkit for exam day**—they’ll be your compass when things get tough.

<figure><img src="https://3226903849-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FaKwXOzYgG7jDDDoVkYvX%2Fuploads%2FjLAgbZ6bNwVjRYAVoQfp%2Fgiphy.webp?alt=media&#x26;token=d21243e2-959e-4870-809c-f9d466637c59" alt=""><figcaption><p>Please ensure to take proper notes !!!</p></figcaption></figure>

***

### YouTube Playlists & Channels:

* **OSCP Practice Labs walkthrough (playlist)** — <https://www.youtube.com/watch?v=gY_9Dncjw-s&list=PLT08J44ErMmb9qaEeTYl5diQW6jWVHCR2>\
  Refer to this playlist for walkthroughs of the OSCP practice labs.
* **Hacking Active Directory — Beginner course (part 1) (HackerBlueprint)** — <https://www.youtube.com/watch?v=RxU0AANCesQ>
* **Hacking Active Directory — Beginner course (part 1) (TCMSecurityAcademy)** — <https://www.youtube.com/watch?v=VXxH4n684HE>
* **ippsec (YouTube channel)** — <https://www.youtube.com/@ippsec>\
  Excellent, deeply explained walkthrough videos for many Hack The Box machines.
* **BittenTech (YouTube channel)** — <https://www.youtube.com/@BittenTech>\
  Great content in **Hindi**—very helpful overall and has solid OSCP prep guidance.
* **TCM Security Academy (YouTube channel)** — <https://www.youtube.com/@TCMSecurityAcademy>\
  Detailed videos on many OSCP-relevant topics — highly recommended.

***

### Blogs & Comprehensive Guides:

* **0xdf — HTB walkthroughs** — <https://0xdf.gitlab.io/>\
  One of the best collections of HTB machine walkthrough blogs.
* **Windows Privilege Escalation Guide (Absolomb)** — <https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/>\
  Focused Windows privilege escalation techniques.
* **s0cm0nkey — Active Directory (Red / Offensive)** — <https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/red-offensive/active-directory>\
  Excellent Active Directory attack reference.
* **The Hacker Recipes — Impacket guide** — <https://tools.thehacker.recipes/impacket>\
  A solid guide to the Impacket library and its tools.
* **Total OSCP Guide (Sushant)** — <https://sushant747.gitbooks.io/total-oscp-guide/content/the_basics.html>\
  Notes and coverage of most OSCP topics.
* **Aditya’s OSCP notes & cheatsheets** — <https://aditya-3.gitbook.io/oscp>\
  Cheatsheets and commands organized by topic.
* **The Hacker Recipes (main site)** — <https://www.thehacker.recipes/>\
  Lots of content—useful for advanced AD attacks and network exploitation.
* **Ired.team — Kerberos & AD experiments** — <https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse>\
  Active Directory & Kerberos attack techniques.
* **WatchDogs Academy — Attacking Active Directory** — <https://watchdogsacademy.gitbook.io/attacking-active-directory>\
  Tools, commands and walkthroughs for AD attack paths.
* **GOAD (vulnerable AD lab by Orange Cyberdefense)** — <https://github.com/Orange-Cyberdefense/GOAD>\
  A pentest AD lab environment to practice typical attack techniques.
* **GOAD cross-reference (mayfly277)** — <https://mayfly277.github.io/>\
  Helpful companion/reference to GOAD.

***

### Cheat-Sheets:

* **Netrunners (command shortcut tool)** — <https://www.netrunners.in/>\
  Fill in variables and get ready-to-run commands — handy during labs and exam.
* **Active Directory Exploitation Cheat Sheet (GitHub)** — <https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet>
* **Haax Cheatsheet** — <https://cheatsheet.haax.fr/>
* **WADComs (interactive Windows/AD cheat sheet)** — <https://wadcoms.github.io/>\
  Curated offensive tools and corresponding commands for Windows/AD.
* **0xsyr0 — OSCP checklist / repo** — <https://github.com/0xsyr0/oscp>\
  All-in-one OSCP checklist.
* [https://s4thv1k.com/posts/oscp-cheatsheet/](https://s4thv1k.com/posts/oscp-cheatsheet/https://fuzzysecurity.com/tutorials/16.htmlhttps://github.com/TCM-Course-Resources)
* [https://fuzzysecurity.com/tutorials/16.html](https://s4thv1k.com/posts/oscp-cheatsheet/https://fuzzysecurity.com/tutorials/16.htmlhttps://github.com/TCM-Course-Resources)
* [https://github.com/TCM-Course-Resources](https://s4thv1k.com/posts/oscp-cheatsheet/https://fuzzysecurity.com/tutorials/16.htmlhttps://github.com/TCM-Course-Resources)

***

### Paid Courses:

* **TCM Security courses (recommended):**
  * Windows Privilege Escalation for Beginners
  * Linux Privilege Escalation for Beginners
  * Movement, Pivoting and Persistence
  * Practical Ethical Hacking - The Complete Course
* **\[PEN1] Complete Offensive Pentesting for Beginners — BittenTech (recommended)**
* **Active Directory Pentesting Full Course - Red Team Hacking** by Security Gurus on Udemy
* **HTB Certified Penetration Testing Specialist (HTB CPTS)** - Coursework By HackTheBox

***

### Labs and Machines:

* Hack The Box (HTB) (TJ Null Checklist)
* TryHackMe (THM)
* Vulnhub Machines
* OffSec Proving Grounds

***

### Tools I Relied On While Preparing for and Taking the OSCP

**Note-taking & Documentation**

* **Obsidian** – Markdown-based knowledge management.
* **GitBook** – Clean documentation platform for structured notes.

#### **Virtualization & Lab Setup**

* **VMware Workstation / Fusion** – Robust virtualization with snapshots.

#### **Information Gathering & Recon**

* **Nmap** – Network scanning & enumeration.
* **RustScan** – Fast port scanner (works with Nmap).
* **Amass** – DNS enumeration.
* **Gobuster / Feroxbuster** – Directory & file brute forcing.

#### Exploitation & Frameworks

* **Metasploit Framework** – Controlled exploitation (**Note**: restricted during OSCP exam).
* **Searchsploit** – Offline exploit search from Exploit-DB.
* **Impacket** – Powerful Python tools for Windows exploitation.
* **Evil-WinRM** – Best for Windows post-exploitation.

#### Privilege Escalation & Enumeration

* **LinPEAS / WinPEAS** – Automated privilege escalation checks.
* **LinEnum** – Linux enumeration script.
* **Seatbelt** – Windows security checks.
* **PowerUp** – Windows privilege escalation script.

\[Linux]

* **SUID / binary abuse references:** GTFOBins & `find / -perm -4000`.&#x20;
* **Capability checks:** getcap & capsh.&#x20;
* **Cron / systemd checks:** manual cron inspection & systemctl (check writable scripts).&#x20;
* **SSH key discovery / reuse:** search for id\_rsa & authorized\_keys.&#x20;
* **Kernel/exploit lookup (labs only):** Searchsploit & Exploit-DB.&#x20;

\[Windows]

* **AD & enum tools:** PowerView & SharpHound.&#x20;
* **Credential harvesting:** Mimikatz & Rubeus (Kerberos).&#x20;
* **Local escalation helpers:** JuicyPotato / RottenPotatoNG & SharpPotato.&#x20;
* **Service abuses:** sc.exe (query) & checking unquoted service paths.&#x20;
* **Token / pass-the-hash / lateral exec:** Impacket (psexec, wmiexec) & CrackMapExec.&#x20;

#### Scripting & Automation

* **Python / Bash / PowerShell** – Custom script writing.
* **AutoRecon** – Automated enumeration tool (must be careful with exam restrictions).
* **CrackMapExec** – Post-exploitation automation.

#### Password Cracking & Wordlists

* **John the Ripper** – Classic password cracker.
* **Hashcat** – GPU-accelerated password cracking.
* **SecLists** – Huge collection of wordlists for brute force & discovery.
* **RockYou.txt** – Essential wordlist.

#### Pivoting & Lateral Movement

* **SOCKS / Proxying:** OpenSSH (ssh -D) & ProxyChains.
* **Port forwarding:** OpenSSH (ssh -L / -R) & rinetd.
* **TCP/UDP tunnels:** socat & Chisel.
* **HTTP(S) tunnels / reverse tunnels (labs only):** Ngrok & LocalTunnel.
* **Encrypted VPN tunnels:** WireGuard & OpenVPN.
* **Reverse shell tunnels / lightweight relay:** Metasploit Meterpreter (socks) & socat (labs).
* **Windows-forwarding / simple TCP proxy:** Portfwd (Meterpreter) & PowerShell Remoting (WinRM) with SSH.
* **SMB/Windows lateral tools:** Impacket (smbserver, psexec, wmiexec) & CrackMapExec (CME).
* **AD mapping for pivot planning:** SharpHound / BloodHound.

***

### Miscellaneous Repos & Writeups

* **kernel-exploits (lucyoa)** — <https://github.com/lucyoa/kernel-exploits>
* **WindowsExploits (abatchy17)** — <https://github.com/abatchy17/WindowsExploits>
* **windows-kernel-exploits (SecWiki)** — <https://github.com/SecWiki/windows-kernel-exploits>
* **OSCPRepo (rewardone) — outdated but useful reference** — <https://github.com/rewardone/OSCPRepo>
* **How not to fail OSCP (Anurag Mewar)** — <https://anuragmewar.medium.com/how-not-to-fail-oscp-on-your-first-attempt-ad-special-b0819523e3>
* **Hack your OSCP certification (yan1x0s)** — <https://yan1x0s.medium.com/hack-your-oscp-certification-ba29317c72ff>
* **Relevant tweet (Harshleen Chawla)** — <https://x.com/harshleenchawl2/status/1859563782797918613?t=7-lLGXreWHw0O-tWmt817g&s=08>

***

## Conclusion

These courses, YouTube channels, and labs are my personal recommendations — they worked for me and helped me pass the OSCP. There may be other excellent resources out there, so do your own R\&D and build a toolkit that fits your learning style. If you have questions or want further help, feel free to email me or connect on LinkedIn or any other social platform — I’m happy to share tips and support your journey. Good luck, and happy hacking !!!

***

***

***

**`Hacker's Mantra:`**` ``We do not seek to destroy. We seek to create a better world. — Anonymous`


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.rootkid.in/exam-prep-notes/offsec-certified-professional-oscp-pen-200-notes/best-resources-i-found-during-my-oscp-journey.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.