OSCP Training Log
Notes and methodology from my OSCP / PEN-200 study sessions.
- Linux PrivEsc — Abusing sudo, Weak Permissions & Custom Binaries2026-06-17
A Linux privesc methodology run — container awareness, sudo -l and Baron Samedit (CVE-2021-3156), weak file-permission hunting, and reversing a custom SUID/sudo binary for a shell.
- Linux PrivEsc — Writable /etc/passwd, SetUID Binaries & Capabilities2026-06-16
Abusing a writable /etc/passwd to land a root user, then escalating via SUID binaries and Linux capabilities — with GTFOBins as the lookup index for both.
- Privilege Escalation via Scheduled Tasks (Windows)2026-06-08
Abusing Windows Scheduled Tasks — the three-question enumeration model and binary/script/DLL replacement — to escalate from a low-priv user to a privileged context.
- Windows Service Privilege Escalation — Three Vectors2026-06-04
A methodology writeup of the three classic Windows service privesc paths — binary hijacking, DLL hijacking, and unquoted service paths — and the UAC integrity-level gotcha that bites you afterwards.
- PowerShell logging artifacts & Windows local enumeration2026-06-02
Hunting passwords and flags in PowerShell logs (Script Block Logging, PSReadline history, transcripts) and automating enumeration with winPEAS and Seatbelt.