🗒️Best Resources I Found During My OSCP Journey

Resources I Relied On During OSCP Prep

When it comes to preparing for the OSCP exam, the number of resources out there can be both a blessing and a curse. If you’ve spent any time in the cybersecurity space, you know that everyone has their own list of guides, writeups, blogs, and tools they swear by. While that’s great, it can also feel a little overwhelming. With so many options, the real challenge becomes figuring out which ones are worth your time.

That was exactly the situation I found myself in. I collected recommendations from friends, colleagues, and the broader cybersecurity community. As I worked through them, I noticed something interesting: many of the resources overlapped or covered very similar content. But a few stood out—either because they explained concepts better or provided deeper insights into specific topics.

So, instead of dumping a massive list of links, I want to share the resources that genuinely helped me the most. Alongside each, I’ve noted what topic or area it’s particularly strong in. These may not be the only great resources out there, but they were the ones that clicked with me during my OSCP journey. Hopefully, they’ll save you some time and confusion.

Remember: the key is not to hoard every possible PDF, blog, or GitHub repo you come across. Instead, curate your toolkit wisely, focus on depth over breadth, and keep refining your notes as you go. The exam is as much about clarity and methodical thinking as it is about technical skills.

At the end of the day, make sure you have your best resources ready in your toolkit for exam day—they’ll be your compass when things get tough.

YouTube Playlists & Channels:

• OSCP Practice Labs walkthrough (playlist) — https://www.youtube.com/watch?v=gY_9Dncjw-s&list=PLT08J44ErMmb9qaEeTYl5diQW6jWVHCR2 Refer to this playlist for walkthroughs of the OSCP practice labs.

• Hacking Active Directory — Beginner course (part 1) (HackerBlueprint) — https://www.youtube.com/watch?v=RxU0AANCesQ

• Hacking Active Directory — Beginner course (part 1) (TCMSecurityAcademy) — https://www.youtube.com/watch?v=VXxH4n684HE

• ippsec (YouTube channel) — https://www.youtube.com/@ippsec Excellent, deeply explained walkthrough videos for many Hack The Box machines.

• BittenTech (YouTube channel) — https://www.youtube.com/@BittenTech Great content in Hindi—very helpful overall and has solid OSCP prep guidance.

• TCM Security Academy (YouTube channel) — https://www.youtube.com/@TCMSecurityAcademy Detailed videos on many OSCP-relevant topics — highly recommended.

Blogs & Comprehensive Guides:

• 0xdf — HTB walkthroughs — https://0xdf.gitlab.io/ One of the best collections of HTB machine walkthrough blogs.

• Windows Privilege Escalation Guide (Absolomb) — https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/ Focused Windows privilege escalation techniques.

• s0cm0nkey — Active Directory (Red / Offensive) — https://s0cm0nkey.gitbook.io/s0cm0nkeys-security-reference-guide/red-offensive/active-directory Excellent Active Directory attack reference.

• The Hacker Recipes — Impacket guide — https://tools.thehacker.recipes/impacket A solid guide to the Impacket library and its tools.

• Total OSCP Guide (Sushant) — https://sushant747.gitbooks.io/total-oscp-guide/content/the_basics.html Notes and coverage of most OSCP topics.

• Aditya’s OSCP notes & cheatsheets — https://aditya-3.gitbook.io/oscp Cheatsheets and commands organized by topic.

• The Hacker Recipes (main site) — https://www.thehacker.recipes/ Lots of content—useful for advanced AD attacks and network exploitation.

• Ired.team — Kerberos & AD experiments — https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse Active Directory & Kerberos attack techniques.

• WatchDogs Academy — Attacking Active Directory — https://watchdogsacademy.gitbook.io/attacking-active-directory Tools, commands and walkthroughs for AD attack paths.

• GOAD (vulnerable AD lab by Orange Cyberdefense) — https://github.com/Orange-Cyberdefense/GOAD A pentest AD lab environment to practice typical attack techniques.

• GOAD cross-reference (mayfly277) — https://mayfly277.github.io/ Helpful companion/reference to GOAD.

Cheat-Sheets:

• Netrunners (command shortcut tool) — https://www.netrunners.in/ Fill in variables and get ready-to-run commands — handy during labs and exam.

• Active Directory Exploitation Cheat Sheet (GitHub) — https://github.com/S1ckB0y1337/Active-Directory-Exploitation-Cheat-Sheet

• Haax Cheatsheet — https://cheatsheet.haax.fr/

• WADComs (interactive Windows/AD cheat sheet) — https://wadcoms.github.io/ Curated offensive tools and corresponding commands for Windows/AD.

• 0xsyr0 — OSCP checklist / repo — https://github.com/0xsyr0/oscp All-in-one OSCP checklist.

• https://s4thv1k.com/posts/oscp-cheatsheet/

• https://fuzzysecurity.com/tutorials/16.html

• https://github.com/TCM-Course-Resources

Paid Courses:

• TCM Security courses (recommended):

  • Windows Privilege Escalation for Beginners

  • Linux Privilege Escalation for Beginners

  • Movement, Pivoting and Persistence

  • Practical Ethical Hacking - The Complete Course

• [PEN1] Complete Offensive Pentesting for Beginners — BittenTech (recommended)

• Active Directory Pentesting Full Course - Red Team Hacking by Security Gurus on Udemy

• HTB Certified Penetration Testing Specialist (HTB CPTS) - Coursework By HackTheBox

Labs and Machines:

• Hack The Box (HTB) (TJ Null Checklist)

• TryHackMe (THM)

• Vulnhub Machines

• OffSec Proving Grounds

Tools I Relied On While Preparing for and Taking the OSCP

Note-taking & Documentation

• Obsidian – Markdown-based knowledge management.

• GitBook – Clean documentation platform for structured notes.

Virtualization & Lab Setup

• VMware Workstation / Fusion – Robust virtualization with snapshots.

Information Gathering & Recon

• Nmap – Network scanning & enumeration.

• RustScan – Fast port scanner (works with Nmap).

• Amass – DNS enumeration.

• Gobuster / Feroxbuster – Directory & file brute forcing.

Exploitation & Frameworks

• Metasploit Framework – Controlled exploitation (Note: restricted during OSCP exam).

• Searchsploit – Offline exploit search from Exploit-DB.

• Impacket – Powerful Python tools for Windows exploitation.

• Evil-WinRM – Best for Windows post-exploitation.

Privilege Escalation & Enumeration

• LinPEAS / WinPEAS – Automated privilege escalation checks.

• LinEnum – Linux enumeration script.

• Seatbelt – Windows security checks.

• PowerUp – Windows privilege escalation script.

[Linux]

• SUID / binary abuse references: GTFOBins & find / -perm -4000.

• Capability checks: getcap & capsh.

• Cron / systemd checks: manual cron inspection & systemctl (check writable scripts).

• SSH key discovery / reuse: search for id_rsa & authorized_keys.

• Kernel/exploit lookup (labs only): Searchsploit & Exploit-DB.

[Windows]

• AD & enum tools: PowerView & SharpHound.

• Credential harvesting: Mimikatz & Rubeus (Kerberos).

• Local escalation helpers: JuicyPotato / RottenPotatoNG & SharpPotato.

• Service abuses: sc.exe (query) & checking unquoted service paths.

• Token / pass-the-hash / lateral exec: Impacket (psexec, wmiexec) & CrackMapExec.

Scripting & Automation

• Python / Bash / PowerShell – Custom script writing.

• AutoRecon – Automated enumeration tool (must be careful with exam restrictions).

• CrackMapExec – Post-exploitation automation.

Password Cracking & Wordlists

• John the Ripper – Classic password cracker.

• Hashcat – GPU-accelerated password cracking.

• SecLists – Huge collection of wordlists for brute force & discovery.

• RockYou.txt – Essential wordlist.

Pivoting & Lateral Movement

• SOCKS / Proxying: OpenSSH (ssh -D) & ProxyChains.

• Port forwarding: OpenSSH (ssh -L / -R) & rinetd.

• TCP/UDP tunnels: socat & Chisel.

• HTTP(S) tunnels / reverse tunnels (labs only): Ngrok & LocalTunnel.

• Encrypted VPN tunnels: WireGuard & OpenVPN.

• Reverse shell tunnels / lightweight relay: Metasploit Meterpreter (socks) & socat (labs).

• Windows-forwarding / simple TCP proxy: Portfwd (Meterpreter) & PowerShell Remoting (WinRM) with SSH.

• SMB/Windows lateral tools: Impacket (smbserver, psexec, wmiexec) & CrackMapExec (CME).

• AD mapping for pivot planning: SharpHound / BloodHound.

Miscellaneous Repos & Writeups

• kernel-exploits (lucyoa) — https://github.com/lucyoa/kernel-exploits

• WindowsExploits (abatchy17) — https://github.com/abatchy17/WindowsExploits

• windows-kernel-exploits (SecWiki) — https://github.com/SecWiki/windows-kernel-exploits

• OSCPRepo (rewardone) — outdated but useful reference — https://github.com/rewardone/OSCPRepo

• How not to fail OSCP (Anurag Mewar) — https://anuragmewar.medium.com/how-not-to-fail-oscp-on-your-first-attempt-ad-special-b0819523e3

• Hack your OSCP certification (yan1x0s) — https://yan1x0s.medium.com/hack-your-oscp-certification-ba29317c72ff

• Relevant tweet (Harshleen Chawla) — https://x.com/harshleenchawl2/status/1859563782797918613?t=7-lLGXreWHw0O-tWmt817g&s=08

Conclusion

These courses, YouTube channels, and labs are my personal recommendations — they worked for me and helped me pass the OSCP. There may be other excellent resources out there, so do your own R&D and build a toolkit that fits your learning style. If you have questions or want further help, feel free to email me or connect on LinkedIn or any other social platform — I’m happy to share tips and support your journey. Good luck, and happy hacking !!!

Hacker's Mantra: We do not seek to destroy. We seek to create a better world. — Anonymous