Authoritative References List: OSCP+ – OffSec Support Portal

Authoritative References List: OSCP+

May 05, 2025 13:10
Updated

The PEN-200 (Penetration Testing with Kali Linux) study guide is the only Authoritative References guide.

Domain 1: Identifying Vulnerabilities (12%)
Domain 2: Exploiting Systems (11%)
Domain 3: Escalating Privileges (18%)
Domain 4: Active Directory (26%)
Domain 5: Documenting Findings (33%)

Domain 1: Identifying Vulnerabilities (12%)

Task 1: Remote System Enumeration

Pen-200 Reference: Chapter 6 - Information Gathering
6.3.2TCP/UDP Port Scanning Theory (p. 138)
6.3.3Port Scanning with Nmap (p. 141)

Task 2: Remote Services Enumeration

Pen-200 Reference: Chapter 6 - Information Gathering
6.3.4 SMB Enumeration (p. 152)
6.3.5 SMTP Enumeration (p. 155)
6.3.6 SNMP Enumeration (p. 157)

Task 3: Map to a Vulnerability Database

Pen-200 Reference: Chapter 12 - Locating Public Exploits
12.2 Online Exploit Resources (p. 352)
12.3 Offline Exploit Resources (p. 358)
12.4 Exploiting a Target (p. 364)

Task 4: Identify Common Vulnerabilities

Pen-200 Reference: Chapter 7 - Vulnerability Scanning
7.2 Vulnerability Scanning with Nessus (p. 167)
7.3 Vulnerability Scanning with Nmap (p. 195)

Domain 2: Exploiting Systems (11%)

Task 1: Locate Vulnerability/Misconfiguration

Pen-200 Reference: Chapter 13 - Fixing Exploits
13.1 Fixing Memory Corruption Exploits (p. 371)
13.2 Fixing Web Exploits (p. 387)

Task 2: Modify Proof of Concept (PoC) or Execute Attack Path

Pen-200 Reference: Chapter 8 - Introduction to Web Application Attacks
8.2.4 Security Testing with Burp Suite (p. 204)
8.3.3 Enumerating and Abusing APIs (p. 226)

Task 3: Achieve Low-Privileged Access

Pen-200 Reference: Chapter 9 - Common Web Application Attacks
9.3 File Upload Vulnerabilities (p. 269)
9.4 Command Injection (p. 279)

Task 4: Upgrade to Interactive Shell

Pen-200 Reference: Chapter 20 - The Metasploit Framework
20.2 Using Metasploit Payloads (p. 654)
20.3 Performing Post-Exploitation with Metasploit (p. 667)

Domain 3: Escalating Privileges (18%)

Task 1: Local System Enumeration

Pen-200 Reference: Chapter 16 - Windows Privilege Escalation
16.1 Enumerating Windows (p. 473)
Pen-200 Reference: Chapter 17 - Linux Privilege Escalation
17.1 Enumerating Linux (p. 529)

Task 2: Local Services Enumeration

Pen-200 Reference: Chapter 16 - Windows Privilege Escalation
16.2 Leveraging Windows Services (p. 500)

Task 3: Locate Vulnerability/Misconfiguration

Pen-200 Reference: Chapter 16 - Windows Privilege Escalation
16.3 Abusing Other Windows Components (p. 521)
Pen-200 Reference: Chapter 17 - Linux Privilege Escalation
17.4 Insecure System Components (p. 555)

Task 4: Identify Privilege Escalation Path

Pen-200 Reference: Chapter 17 - Linux Privilege Escalation
17.2 Exposed Confidential Information (p. 547)

Task 5: Achieve High-Privileged Access

Pen-200 Reference: Chapter 17 - Linux Privilege Escalation
17.5 Wrapping Up (p. 563)

Domain 4: Active Directory (26%)

Task 1: Domain Enumeration

Pen-200 Reference: Chapter 21 - Active Directory Introduction and Enumeration
21.1 Active Directory - Introduction (p. 690)
21.2 Manual Enumeration (p. 692)

Task 2: Account Enumeration

Pen-200 Reference: Chapter 21 - Active Directory Introduction and Enumeration
21.4 Active Directory - Automated Enumeration (p. 730)

Task 3: Lateral Movement

Pen-200 Reference: Chapter 23 - Lateral Movement in Active Directory
23.1 Active Directory Lateral Movement Techniques (p. 778)

Task 4: Identify and Exploit Common AD Vulnerabilities

Pen-200 Reference: Chapter 22 - Attacking Active Directory Authentication
22.2 Performing Attacks on Active Directory Authentication (p. 757)

Task 5: Achieve High-Privileged Domain Access

Pen-200 Reference: Chapter 23 - Lateral Movement in Active Directory
23.2 Active Directory Persistence (p. 797)

Domain 5: Documenting Findings (33%)

Task 1: Document Root Cause

Pen-200 Reference: Chapter 5 - Report Writing for Penetration Testers
5.2 Writing Effective Technical Penetration Testing Reports (p. 101)

Task 2: Document Steps to Reproduce

Pen-200 Reference: Chapter 5 - Report Writing for Penetration Testers
5.2.6 Technical Findings and Recommendations (p. 107)

Powered by Zendesk