How To Hack The Box To Your OSCP Part 3

Master over 50 tactics, techniques and procedures, used by Red Teams and bad actors, all mapped to MITRE ATT&CK.
How To Hack The Box To Your OSCP Part 3
File Size :
3.74 GB
Total length :
5h 21m



Vonnie Hudson


Last update




How To Hack The Box To Your OSCP Part 3

What you’ll learn

How modern adversaries breach public facing webservers
How to weoponize benign applications with exploits
How to evade AV and EDR with advanced shellcode loaders
How attackers move laterally, create reverse tunnels and expand influence on the victim network
How to think in terms of MITRE ATT&CK and understand the vernacular.
How to test and validate SQLi, XSS, SSTI and more

How To Hack The Box To Your OSCP Part 3


Hack The Box VIP Account


Are you ready to level up your game?Ready for the hardest boxes to hack?Want a challenge without feeling overwhelmed or confused?I finally did it. I finally decided to create the last series in my three part collection on pwning Hack The Box machines.There are tons of free write-ups and Youtube videos on-line that will show you how to breach a box but almost none of them break down the process step by step.And almost none of them include all the commands as a tidy reference.And even fewer map all attacks to the MITRE ATT&CK Matrix.What I’ve done is taken you on a journey into my mind as I help you understand how an expert hacker thinks. You will get the behind-the-curtain view into my thought process as I think through difficult scenarios and carefully step through each obstacle until the box is pwned.In addition, after we pop the box, we’ll take a step back and understand what vulnerabilities led to the initial intrusion vector by exploring host logs, vulnerable application source code and event logs.I’ve prepared everything you need for learning success in one convenient package.So, I’m going to ask again – are you ready to level up your game?You are about to learn the following tools and techniques from an offensive perspective:MITRE ATT&CK Enterprise Framework TTPs pingnmaprpcdumprpcclientsmbmapsmbclientcrackmapexecwhatwebWappalyzercurlopensslgowitnessBurp ProxyBurp Embedded Chromium BrowserferoxbusterwfuzzWeb Application Attacks: SQLiWeb Application Attacks: Reflected XSSWeb Application Attacks: SSTIPolyglot PayloadsWeb Application Attacks: Command InjectionReverse Shells: PowershellReverse Shells: Powershell UpgradeReverse Shells: NetcatReverse Shells: MeterpeterReverse Shells: PSExecReverse Shells: NoPACBase64 Encoded Powershell PayloadsrlwrapPEASS-ngBlue Team: wmicBlue Team: tasklistBlue Team: Get-WmiObjectCSRsChiselProxyChainsFoxyProxy SOCKS ProxiestsharkresponderhashcatLateral MovementResource Development: Commando VM!Resource Development: Exploit Testing and Maldoc creationDefense Evasion: charlotteDefense Evasion: MeterpretercertutilSharpCollectionPowerViewRubeusCertifydate (sounds lame but we actually use it in a way you’ve never seen before)Detection Engineering: Log ReviewSecure Coding Principles: Source Code ReviewIf this doesn’t excite you, you are not the right person for this course.  But if you’re ready to freggin’ have a blast and take your learning and skills to beast mode click Buy Now and let’s begin!


Section 1: Press Play

Lecture 1 How To Get Started

Lecture 2 MITRE ATT&CK Enterprise Matrix

Section 2: Beginning Recon

Lecture 3 (T1082) PING + NMAP

Lecture 4 (T1592) RPC

Lecture 5 SMB

Lecture 6 Web

Section 3: Payload Development

Lecture 7 (T1203) SQLi + Reflected XSS

Lecture 8 (T1059.003) SSTI

Lecture 9 (T1059.001) RCE: Powershell

Lecture 10 Windows Reverse Shell Upgrade

Lecture 11 (T1105) RCE: Netcat

Section 4: Exploration

Lecture 12 (T1552) Privesc: PEASS-ng

Lecture 13 (T1057) Discovery: Native Windows Commands

Lecture 14 Background Concept: Certificate Signing Requests

Section 5: Pivoting

Lecture 15 (T1572) Tunneling: Reverse Proxy

Lecture 16 (TA0006) Credential Access

Lecture 17 (T1110.002) Password Cracking

Lecture 18 (T1135) Lateral Movement

Section 6: Resource Development

Lecture 19 (T1583.004) Commando VM: Setup

Lecture 20 (T1039) Commando VM: Exploit Testing

Lecture 21 (T1587.001) Commando VM: Exploit Testing 2

Section 7: Defense Evasion

Lecture 22 (T1204.002) Meterpreter + AV Bypass

Lecture 23 Container Escape + Exploration

Section 8: Stage + Compromise

Lecture 24 (T1105) Ingress Tool Transfer

Lecture 25 Compromise: ADCS

Lecture 26 Compromise: NoPAC CVE

Section 9: Post Pop Exploration

Lecture 27 (T1021.001) Enable RDP + Impair Defenses

Lecture 28 IIS Log + ASP Web App Source Code Review



Intermediate to Advanced Red Team Operators,Intermediate to Advanced Penetration Testers,Security Conscious Software Developers,Blue Team SOC Analysts,Blue Team Threat Hunters,Cybersecurity Managers (wanting to understand initial intrusions and mitigations)

Course Information:

Udemy | English | 5h 21m | 3.74 GB
Created by: Vonnie Hudson

You Can See More Courses in the IT & Software >> Greetings from

New Courses

Scroll to Top