How to Hack The Box To Your OSCP (The Extra Boxes) is an advanced, hands-on offensive security course designed to make you feel confident as a real cybersecurity professional. This course focuses on modern attacker tradecraft, real-world tooling, and building the perfect hacking lab used by Red Teamers and penetration testers.
Unlike traditional walkthrough-based courses, this training teaches you how attackers actually think, operate, and chain techniques together. Every attack is grounded in real scenarios and mapped to MITRE ATT&CK, helping you bridge the gap between theory, labs, and real-world engagements.
What You’ll Learn
- How to execute 20+ MITRE ATT&CK Tactics, Techniques & Procedures (TTPs)
- Hands-on use of 30+ modern offensive security tools
- How to build and configure a professional-grade hacking environment
- Real attacker workflows from reconnaissance to impact and persistence
- How to finally feel confident explaining and executing cyber attacks
Course Content
3 sections • 26 lectures • 4h 14m total length
Hacking Lab & Environment Setup
- VMWare Workstation
- Kali Linux & Windows 11 Pro
- CommandoVM integration
- Connecting Kali & CommandoVM to Hack The Box
- PimpMyKali, VS Code, TMUX, Docker
Attack Methodology & Tradecraft
- Reconnaissance & resource development
- Credential access and initial access techniques
- Privilege escalation (insecure deserialization, token impersonation)
- Discovery, static code analysis, and lateral movement
- Impact, persistence, and post-exploitation
Detection Engineering & Defense
- Initial access detection analysis
- Weak password detection
- Kerberoasting and Silver Ticket detection
- JuicyPotatoNG analysis
- Threat hunting and mitigation strategies
Tools & Techniques Covered
ping, nmap, rustscan, whatweb, Wappalyzer, Burp Browser, feroxbuster, kerbrute, ldapsearch, crackmapexec, smbclient, hashcat, GetUserSPNs, ticketer, netcat, PowerShell reverse shells, winPEAS, evil-winrm, Wireshark, ysoserial, JuicyPotatoNG, and many more.
Requirements
- Hack The Box VIP Account
- Laptop or workstation capable of running multiple VMs
- Basic familiarity with Linux and Windows environments
Who This Course Is For
- New SOC Analysts
- New Penetration Testers
- New Red Teamers
- Blue Team Defenders
- Help Desk Analysts transitioning into cybersecurity
- Network & System Administrators moving into security roles
- Cybersecurity Managers wanting to understand real attack paths
This course is the missing link between labs, certifications, and real-world confidence. By the end, you won’t just know tools—you’ll understand attacker workflows, detection gaps, and how real compromises actually happen.
Serious skills. Real confidence. No fluff.
