Archives: Certifications

Certifications

OffSec Certified Professional+ (OSCP+)

An OSCP has demonstrated the ability to use persistence, creativity, and perceptiveness to identify vulnerabilities and execute organized attacks under tight time constraints. They can:

* Use information gathering techniques to identify and enumerate targets running various operating systems and services
* Write scripts and tools to aid in the penetration testing process
* Analyze, correct, modify, cross-compile, and port public exploit code
* Conduct remote, local privilege escalation, and client-side attacks
* Identify and exploit XSS, SQL injection, and file inclusion vulnerabilities in web applications
* Leverage tunneling techniques to pivot between networks

OSCP holders have also shown they can think outside the box while managing both time and resources.

Certified Red Team Operator (CRTO)

Holders of the Red Team Operator badge have demonstrated their knowledge of adversary simulation, command & control, engagement planning and time management. They can perform each stage of an attack lifecycle from initial compromise, to full domain takeover, data hunting, and exfiltration; whilst being aware of OPSEC concerns and bypassing defences.

Hacker X

 

Hacker X Certification Modules

The Hacker X certification encompasses various modules that cover a wide range of hacking skills and techniques. Below is an overview of the modules included:

1. Know the OS

  • Learn about operating systems and their vulnerabilities.

2. Hack the MAC

  • Understand how to exploit weaknesses in Media Access Control (MAC) addresses.

3. Gathering Information

  • Discover techniques for collecting relevant information about targets or systems.

4. Surfing Anonymously

  • Explore methods to browse the internet while maintaining anonymity.

5. Hiding Messages

  • Learn techniques for concealing and transmitting hidden messages.

6. Social Media Hacking

  • Exploit vulnerabilities in social media platforms.

7. Credit & Debit Card Frauds

  • Dive into fraudulent activities related to credit and debit cards.

8. Keyboard Spying

  • Learn how to secretly capture and monitor keystrokes on target systems.

9. WiFi Hacking – WEP Cracking

  • Master wireless network hacking with a focus on cracking WEP encryption.

10. Network Spying

  • Understand techniques for monitoring and intercepting network traffic.

11. Database Hacking

  • Learn how to exploit database vulnerabilities and gain unauthorized access.

12. Android Hacking

  • Explore techniques for hacking Android operating systems and applications.

13. Bringing Down a Website

  • Discover methods to disrupt or disable websites through various attacks.

14. Cross-Site Scripting (XSS)

  • Learn how to exploit vulnerabilities in web applications by injecting malicious scripts.

15. Make Your Data Safe

  • Understand how to secure your data and protect it from unauthorized access.

16. Hacking Passwords

  • Master techniques for gaining unauthorized access to passwords and user accounts.

17. WordPress Scanning

  • Focus on scanning and identifying vulnerabilities in WordPress websites.

18. Vulnerability Scanning & Reporting

  • Learn how to scan systems and applications for vulnerabilities and report them effectively.

Certified Red Team Professional (CRTP)

Active Directory Attack Techniques

1. Active Directory Enumeration

  • Learn how to enumerate and gather information from an Active Directory environment, including identifying users, groups, and policies.

2. Local Privilege Escalation

  • Discover techniques for escalating privileges from a local user to a higher privilege level within a system.

3. Domain Privilege Escalation

  • Master various domain privilege escalation techniques, including:
    • Kerberoasting
    • Kerberos Delegation
    • Abusing Protected Groups
    • Abusing Enterprise Applications
    • And more advanced methods.

4. Domain Persistence and Dominance

  • Explore methods to maintain persistence and dominance within a domain environment using techniques like:
    • Golden and Silver Tickets
    • Skeleton Key Attacks
    • DSRM (Directory Services Restore Mode) Abuse
    • AdminSDHolder Exploitation
    • DCSync Attacks
    • Abusing Access Control Lists (ACLs)
    • Host Security Descriptor Exploits
    • And more techniques for gaining long-term control of a domain.

5. Forest Privilege Escalation

  • Learn techniques for escalating privileges across different forests within a domain, specifically focusing on:
    • Cross Trust Attacks
    • Inter-Forest Trust Exploitation

OffSec Certified Professional (OSCP)

  • Kali Linux
  • Network Vulnerability Scanning
  • Buffer Overflow Exploits
  • Exploitation
  • Client Side Attacks
  • Web Exploitation
  • Password Attacks
  • Pivoting
  • Antivirus Exploitation
  • Advanced Command Line
  • Practical Tools
  • Bash Scripting
  • Active Information Gathering
  • Passive Information Gathering
  • Vulnerability Scanning
  • Web Application Attacks
  • Windows Buffer Overflow
  • Linux Buffer Overflow
  • Locating Public Exploits
  • Fixing Public Exploits
  • File Transfers
  • Antivirus Evasion
  • Port Redirection
  • Tunneling
  • Active Directory Attacks
  • PowerShell Empire
  • Privilege Escalation
  • Metasploit
  • Port Scanning
  • Information Gathering

OffSec Wireless Professional (OSWP)

  • IEEE 802.11
  • Packets and Network Interaction
  • Aircrack-ng Essentials
  • Cracking WEP via a Client
  • Rogue Access Points
  • Wireless Network Types
  • Wi-Fi Encryption
  • Wireless Protected Setup (WPS)
  • Linux Wireless Tools, Drivers, and Stacks
  • Wireshark Essentials
  • bettercap Essentials
  • Kismet Essentials
  • Frames and Network Interaction
  • Cracking Authentication Hashes
  • Attacking WPS Networks
  • Attacking WPA Enterprise
  • Attacking Captive Portals