OSCP · Penetration Testing · Red Team

The Offensive
Security Handbook

749 pages, from your first nmap scan to Domain Admin. A consolidated, battle-tested reference for OSCP candidates and working penetration testers — enumeration, exploitation, privilege escalation, Active Directory, and pivoting, with the exact commands and the practitioner notes you only get from real engagements.

Prefer EU-tax-inclusive checkout? Buy on Polar →
Written by an OSCP + GIAC-certified red team lead — from a decade of notes.
kali@redwolf: ~/engagement
$ nmap -sCV -p- 10.10.10.5 445/tcp open microsoft-ds $ enum4linux-ng -A 10.10.10.5 # found: svc_backup / weak creds $ evil-winrm -i 10.10.10.5 -u svc_backup *Evil-WinRM* whoami /priv # SeImpersonate $ ./PrintSpoofer.exe -i -c cmd nt authority\system $ secretsdump.py -just-dc # -> DA Administrator:500:aad3b...:31d6cf...
749pages
20chapters
500+commands
OSCPaligned
What's inside

The whole kill chain, in one reference.

Twenty chapters covering methodology through Domain Admin — plus capstone walkthroughs, operator playbooks, and a MITRE ATT&CK index. Every chapter has objectives, hands-on commands, and a "common mistakes" section.

01Introduction & Command References
02Networking Fundamentals for Hackers
03Linux for Penetration Testers
04Windows Internals for Attackers
05Offensive Security Methodology
06OSCP Exam Strategy
07Enumeration
08Web Application Attacks
09Credential Attacks
10Linux Privilege Escalation
11Windows Privilege Escalation
12Active Directory Attacks
13Pivoting, Tunneling & Port Forwarding
14Post-Exploitation
15Cloud Security for Pentesters
16Tools Reference
17Capstone Walkthroughs
18Operator Playbooks
19Glossary
20MITRE ATT&CK Technique Index
Why this one

Not another scattered cheat-sheet.

> consolidated

One reference, not forty tabs

The scattered knowledge from a dozen free wikis, gists, and blog posts — curated, mapped, and in a logical order you can actually work through.

> exam-focused

Built around the OSCP path

A dedicated exam-strategy chapter, per-target methodology, prioritization, and a realistic prep timeline — the difference between knowing techniques and passing.

> battle-tested

Practitioner notes, not theory

The "try this first," "common gotcha," and "what an examiner looks for" asides that come from real engagements — the parts that save you at 3 a.m.

Look inside

See the real pages.

Handbook page: buffer overflow exploitation workflow with syntax-highlighted code
Ch 6 — exploitation workflow
Handbook page: OSCP exam prep timeline and recommended practice resources
Ch 6 — OSCP prep timeline
Handbook page: pivoting and tunneling decision tree
Ch 13 — pivoting decision tree
Free chapter

Try Chapter 1 before you buy.

The full introduction plus the essential command references — Linux, Netcat, PowerShell, Socat, and Bash. 34 pages, no email required.

Download the free chapter →
Who wrote it

From the operator's chair.

Johnathan Christopherson

OSCP · GPEN · GWAPT · GCIA

Red team lead with 10+ years in offensive security and enterprise testing. This handbook is a decade of real engagement notes — the references, workflows, and hard-won gotchas — organized into something you can actually study from and reach for mid-box.

Questions

Before you grab it.

Is this good for the OSCP specifically?

Yes — it's built around the OSCP path. There's a dedicated exam-strategy chapter (per-target methodology, prioritization, a prep timeline), plus the enumeration, privesc, and Active Directory depth the exam leans on. It's also a general pentest reference beyond the cert.

What format is it?

A 749-page PDF plus an EPUB edition, delivered instantly — through Gumroad, or via Polar if you'd prefer EU-tax-inclusive checkout. Syntax-highlighted code, running headers, and a full table of contents so you can jump to what you need mid-engagement.

How is it different from free resources like HackTricks?

Free wikis are excellent but scattered and reference-dumped. This is one curated, ordered, exam-aware reference with practitioner commentary — the "why" and "try this first," not just a wall of commands. The free chapter shows you the style.

What does "$29+" mean?

It's pay-what-you-want with a $29 minimum — pay more if it saved you time. And there's a free first chapter above if you want to try before you buy.

Is this legal / ethical?

It's for authorized security testing and education only. Every technique assumes you have written authorization for the systems you test. Unauthorized access is illegal.

Enumerate → Exploit → Escalate → Own

Everything from recon to Domain Admin.

749 pages · instant PDF + EPUB · pay-what-you-want from $29
Get the handbook
Prefer EU-tax-inclusive checkout? Buy on Polar →
Handbook · $29+ Get it