Windows Privilege Escalation for OSCP & Beyond!

share ›
‹ links

Below are the top discussions from Reddit that mention this online Udemy course.

Finding and exploiting Windows vulnerabilities and misconfigurations to gain an administrator shell

Reddemy may receive an affiliate commission if you enroll in a paid course after using these buttons to visit Udemy. Thank you for using these buttons to support Reddemy.

Taught by
Tib3rius ⁣

Reddit Posts and Comments

0 posts • 56 mentions • top 19 shown below

r/oscp • post
97 points • gthume
I passed!

I received the email this morning that I passed my OSCP exam! Thank you to everyone on this sub for providing so many useful resources! Here is how I prepared:


My Background:

I started prepping for PWK mid-January. At the time I was working helpdesk at a hospital, I have recently been promoted to desktop support. I had no linux or scripting experience prior to preparing for PWK. It was a steep learning curve, but completely doable.

I started PWK in March and failed my first exam attempt on June 15th. I did some more HTB retired machines and brushed up on priv esc skills and passed my second attempt on July 17th.


My Favorite Resources:

TibSec's Linux Privesc course:

TibSec's Windows Privesc course:

Best HTB write-ups around (I read these religiously):

Ippsec OSCP HTB Playlist:

HTB/Vulnhub OSCP like boxes:

Great blog:

Fantastic pentesting note-taking application and reverse shell payload generator:


Going Forward:

I want to become proficient in python, learn the ins-and-outs of active directory, and then prep for and enroll in the AWAE/OSWE course.

r/cybersecurity • comment
72 points • Howl50veride

You'll probably wanna get the OSCP. As that's an extremely valuable cert for Pentesters, possibly get the eJPT then go for the OSCP

First checkout this Guide/Review

  • The Journey to Try Harder: TJnull’s Preparation Guide for PEN-200 PWK/OSCP 2.0


Here are some hacking courses that are cheap and you can do on the side that will take you from zero to hero! The courses are in order I'd do and then I included hacking labs and their prices! TryHackMe is a much more friendly intro lab then could move to HTB.

Note: if you follow these guys on Twitter they post discount codes for their courses all the time, some are just pinned on their Twitter profile.

  • The Cyber Mentor - Ethical Hacking  -

  • Tib3rius - Windows Privilege Escalation for OSCP & Beyond!  -

  • The Cyber Mentor - Windows Privilege Escalation for Beginners  -

  • Tib3rius - Linux Privilege Escalation for OSCP & Beyond!  -

  • The Cyber Mentor - Linux Privilege Escalation for Beginners  -

Then do some Hacking Labs - Here are some Options

  • TryHackMe (THM) - $10/M -

  • HackTheBox (HTB) - $20/M -

  • VulnHub - $Free -

  • Virtual Hacking Labs (VHL) - $99/M -

  • Proving Grounds (PG) - $20/M -

List of Boxes to Hit


r/oscp • comment
6 points • HyperNono

Tiberius Windows privilege escalation 50% discount for few hours :

r/oscp • comment
2 points • TibSec

This is a self-promoting (doesn’t seem to be against the rules) but I have a Windows PrivEsc course on Udemy right now which is very well reviewed and will teach you everything you need to know for OSCP-level PrivEsc:

r/oscp • comment
4 points • kassandra_aco

I am assuming you want to understand the windows command line for the sake of privilege escalation and maybe as a goal for OSCP?

If you are looking for privilege escalation in windows.

If you want to have an overview of the Github link with a hands-on video explanation

P.S If you are looking for partners/groups to go ham on boxes. I am up for it. We seem to be at a similar level. PWK labs begin May 30th !

r/oscp • comment
1 points • CaptainMarmoo

Honestly dude, pretty much everyone who passes the oscp, in their write ups when they’re talking about windows priv esc say to buy this course from tib3rius

Having done this course (and his Linux one) I can say that I learned a lot. I would highly recommend this course.

As for his Linux course, I think that could be updated personally, but it still teaches the common priv esc attack vectors you will be expected to cover in the oscp, if you don’t want to buy this course I would recommend having a look into linpeas, winpeas and gtfobins as a good start for understanding the attack vectors that can be exploited (there are more entry points than that of which the two tools cover but it won’t be expected to know these obscure ones for the oscp exam)

r/oscp • comment
1 points • Vodlich

Not a ctf but from what I've read this is one of the best course :

r/oscp • comment
3 points • goonmax
r/oscp • post
16 points • Plotk1ne
My learning tips after passing on the 1st attempt

-1) My background

eJPT, eCPPT and hacked a few HTB machines

0) Exercises/lab report

Whether you do exercises and lab report is your personal choice. Since the 2020 update there are alot of exercises (\~90 sets if I remember correctly); taking you at least 15 days if you work hard on it.

On one side, if you do quick maths you'll realize it's easy to be stuck at 65 or 67.5 points in the exam so it's good to secure passing score. On the other side, time spent doing the exercises could be better spent in the labs rooting boxes.

Personally I didn't do exercises/lab report because I wanted to focus on the labs. I didn't even read all the PDF. Lab is the place where you really learn things.

1) Rooting boxes

Root as many boxes as you can in the PWK labs.

I rooted around 35-40 boxes, skipping dependent boxes/AD boxes/client-side attacks boxes. More importantly than rooting boxes: take notes about what you learned rooting each boxes and the mistakes you did. The thing to keep in mind when taking notes about a box is that they should help you overcome the difficulties you encountered doing the box, when facing a similar box. Also don't spend too much time on a single box if you don't find the entry point: use PWK forum and discord communities to get hints. I never spent more than 2-3 hours without asking for hints.

2) TJNull OSCP-like boxes list

I personnally only did \~8 boxes from the HTB list and none from the vulnhub one but these are really good resource to help you prepare for the exam.

3) Write an enumeration methodology

From all your pwned box in PWK labs/HTB & vulnhub lists, write an enumeration methodology and personal tips to not fall in the same traps as the ones you falled into.

This is crucial. You should have a methodical way of enumerating boxes and their services.

4) Privilege escalation

I recommend taking those two udemy courses:

They are truly awesome and help you have a good methodology to enumerate boxes for privilege escalation vectors.

5) Tooling

For enumeration: You can use autorecon by tib3rius: I personnally made my own bash enumeration script to add more enumeration commands and to use the commands I prefer but this tool helped me alot in the labs.

For privilege escalation: winPEAS,,, linpeas,,,... (follow the two udemy courses and you should be fine)

6) Exam

Take your time. Be methodical and enumerate everything you can, you'll end up finding the way in. As people use to say: "don't leave any stone unturned".

You'll be most probably blocked at some points in the exam. Don't panick and review your methodology: what did you miss? what could you try?

As people already said there are "lots of rabbit holes in the exam", meaning you'll get alot of things to enumerate and that's why you should be as methodical as you can.

During my exam my focus dropped dramatically after \~15 hours in, also due to the fact that I couldn't sleep the night before. I took regular breaks (around 5 minutes every hour, and a longer break to eat).

One thing I wasn't expecting in the exam is that the proctoring software took alot of resources on my computer (streaming 3 screens and a webcam). You should take that into account because when I launched my enumeration script at the beginning of the exam my CPU peaked regularly at 100% because of this proctoring software running in parallel. That didn't lead to freezing or other problems but my computer was clearly pushed.

7) Report

Don't underestimate the time needed to write your report: I took \~7 hours to make it while I thought I would be done in 2-3 hours. You really don't want to write you report in a hurry like I did. My advice would be to sleep some hours after the exam and immediately start writing your report afterwards. I used offensive security templates.

I wish you the best of luck. If I did it, so can you!

r/netsecstudents • comment
2 points • VirtualViking3000

Tib3rius on Udemy

r/tryhackme • comment
1 points • rbl00

Two courses that are highly recommended and will give you what your looking for:

If you follow the cyber mentor on Twitter or join his discord you can often find discounts for anything at the TMC Academy

Also, the Udemy one is from Tib3rius, he’s well-known great content .

r/oscp • comment
2 points • 6969xYeetusDatFeetus

Udemy courses that are often recommended (and that I personally recommend):

Also I have heard good things about The Cyber Mentor's courses but I haven't taken them; they also have privesc classes:

r/tryhackme • comment
2 points • yelenz

First finish Hackthebox academy free 'Windows Fundamentals' module.

Then search 'VbScrub' on YouTube. His 'Tutorials' playlist talks about basic windows vulnerabilities.

Then take look at privilege escalation:


First is longer, more beginner friendly. Second is aimed at intermediate people.

At this point you should be able to root easy and medium boxes/machines.

r/oscp • comment
2 points • Table_Inside

I started in pentesting by taking this course which covered techniques from enumeration to privilege escalation :

Then I have done Tib3rius Windows Privesc course , which has been an awesome resource to power up my windows pentesting skills

r/oscp • comment
3 points • WasZurHecke

Yes, i acutally would recommend to start with HTB or TryHackMe since VIP access is really cheap (8-11 € per month). I did it the other way around and it probaly was a waste of ressources and time to be honest. All in all i did around 120 boxes on different platforms before taling the exam.

I took these two courses and i can recommend them without any hesitation. (Tiberius posts a discount code on his twitter every month with which you can get the course for 14.99$ each, which is a steal imho)

Linux Privilege Escalation: Privilege Escalation:

As for VHL. I just bought a month of access. If you are a beginner or did not do the offsec labs, think about buying a longer period and safe on the offsec labs. Their PDF guide is really nice imho and they have around 42 machines with various difficulties. (Also they have hint panel for around 25 of them, so if you are stuck you don't need to lurk around in forums and decipher cryptic hints. This is very helpful, especially if you are just starting and need to learn the ropes.

I'll update my post to include this TryHackMe room that really boosted my time for the BOF in the exam. Took me roughly around 45 Minutes to an hours, so i can really recommend to train BOF there. (The ones in the exam will be very very similar if not the same) (Also it's free!)

BOF on TryHackMe:

r/oscp • comment
1 points • planet-express-212

Passed the OSCP with extra Help with 3 Udemy Course: Privilege Escalation is vital, and these 2 Udemy Courses are highly recommened for anybody pursing OSCP or other similar penetration testing endeavors: Windows Privilege Escalation for OSCP & Beyond!

Linux Privilege Escalation for OSCP & Beyond!

For Layer 7/Application Layer attacks check out: Website Hacking / Penetration Testing & Bug Bounty Hunting

r/oscp • comment
2 points • FalconSpy

While failing obviously sucks, try to take it as a learning experience.

I failed my exam twice before finally passing on the third attempt. All of my experiences can be found via

If your methodology and priv esc are your weak areas, take a look at the following resources:


Priv esc:

As others have probably mentioned there is TryHackMe and Virtual Hacking Labs as well for extra practice.

r/cybersecurity • comment
3 points • xzieus

Hey there! Just coming back to this post after thinking about it for a while.

I noticed that a lot of suggestions are pointing you towards tryhackme, hackthebox, cybrary and such. Lots of these are offensive in nature, and -- although the 'sexy' part of security -- may not reflect the best route to learn "IT/Cyber Security" (Cybrary is a wide net though and covers much).

I'll give you my thoughts on what would help:

  • The Basics
  • NOTE: Many of these can be covered in "intro" security courses, and help give you a good foundation. Many of the topics won't be "technical" but more of a general nature.These will help you get started and "speak the language", but won't get you the technical skills required.Below are some things that is good to know and follow up on -- these are general "buckets" of topics:
  • Resources:
  • Conceptual: The CIA Triad: Confidentiality, Integrity, Availability: Learn what these are, how to think of systems/data/etc in terms of CIA, and their nuances. This helps you think about systems in terms of impact. THIS is important because many bug bounty hunters can not properly explain the impact of the bugs they find. This provides a common vocabulary for communicating impact and risk. This doesn't only help BB hunters, but also IT and security professionals explain and classify systems. Many intro courses will cover this if you look for it -- You can start by reading up online, but Cybrary or Udemy have many courses that cover this.
  • Conceptual: Risk: Spend some time learning about risk and how organizations deal with it -- how risk is communicated and what actions can be taken. Another pitfall of BB hunters (and others) is to think that their newly-found bug needs to be fixed RIGHT NOW. This is in contrast with how organizations handle risk and deal with things internally. Summary: Most org's #1 concern is NOT security and stopping operations to fix something isn't always an option. Many intro courses will cover this if you look for it. Again, reading online or via Cybrary or Udemy.
  • Technical: Basic IT Skills: MANY ways to get this -- from setting up your own networks at home (a home lab), getting a job in a call center, getting a job in IT, developer work helps indirectly (setting up dev boxes, etc.). You can take a course or two, but this will need to be more hands-on than other topics -- for obvious reasons. Try a combined course-lab setup for best results if you go the course route.
  • Technical: Basic Dev Skills: If you want to go the developer route, I suggest picking a language and going through some tutorials. Python is a popular choice as a first programming language and has many tutorials available. It helps to have a small project that you want to make in the language -- be it a game, or simple script -- just something to make you apply your knowledge. I use my dev skills nearly every day directly or indirectly in red team engagements (and its prep). It helps inform you how things might be working behind the scenes -- an intuition in a way. It also helps you make your own tools to solve problems you face. You won't always have a tool made for you and sometimes you'll have to know how to make them yourself.


It's important to find out what you like doing. Both IT and Security are enormous fields, and there is just too much to learn for any one person -- that's why we have teams. Many people specialize. So if you, say, don't like dev work, that's ok. You don't NEED it for IT or Security. It may help along the way at certain points, but there are MANY paths to the same destination. MAKE SURE that you enjoy the bulk of what you do (yes, there will be hard/bad parts). This isn't "find a job you live and you'll never work again" advice, this is "don't burn out" advice.

Pace yourself.


If you're interested, here are some more resources that may help you out -- depending on your areas of interest: