resources
The curated list. Full annotated version coming — this is the skeleton.
labs (practice targets)
- HackTheBox — retired boxes with writeups
- OffSec Proving Grounds — closest thing to OSCP feel
- TryHackMe — structured learning paths for beginners
- Vulnhub — free, downloadable VMs
courses
- PWK (OSCP course itself) — mandatory, but not sufficient
- TCM Security’s PEH — great foundation
- IppSec’s YouTube — free, better than most paid courses
cheatsheets & references
- HackTricks — the bible
- PayloadsAllTheThings — for when you forget a payload (you will)
- GTFOBins — Linux privesc lookup
- LOLBAS — Windows equivalent
books
- The Web Application Hacker’s Handbook
- RTFM (Red Team Field Manual)
- Penetration Testing by Georgia Weidman
community
- OffSec Discord
- r/oscp subreddit
- NetSecFocus Slack
Full annotated list (what each is good for, when to use it) drops soon.