SUMMARY.md

Table of contents

• Hacknetics
• Active Directory Management
  • How to Join a Windows 11 PC to a Domain
  • Allow RDP in the domain
• Active Directory AD Attacks
  • AD Enumeration Commands (LotL)
  • Credentialed AD Enumeration
  • AppLocker Bypasses
  • LLMNR/NBT-NS Poisoning
  • Password Spraying
  • Pentesting Kerberos
  • Kerberos cheatsheet
  • ACL Abuse
  • DCSync
  • Domain Trust Abuse
  • Miscellaneous AD Misconfigurations
  • Bloodhound
    • Bloodhound Cypher Queries
  • Bloodhound Python
  • Domain Controllers
  • Overpass The Hash/Pass The Key (PTK)
  • LAPS
  • Pass the Ticket - Linux
  • Pass the Certificate
  • Rubeus to Ccache
  • Silver Ticket
  • Golden Ticket
  • Abusing GPO Permissions
  • SharpGPOAbuse
  • SharpView PowerView
  • DonPapi
  • Enumerating Forests
  • NOPAC Priv esc
  • Modify Existing GPO
  • Group Policy Preferences (GPP)
  • Pre2k
  • NTLM_Relaying
  • Pass The Hash
• Buffer Overflows
  • Buffer Overflows
• C2 Frameworks
  • Sliver
  • Powershell Empire
    • IronPython Empire
  • Metasploit
    • Metasploit Basics
    • Custom MSF Resource Scripts
    • Meterpreter Device Survey
    • Paranoid Mode
    • MSF Tunneling
  • Pwncat-cs
  • Cobalt Strike
    • AppLocker Bypasses
    • BOFHound
    • Credentials
    • DCSync and Ticket Forgery
    • Enumeration
    • Forest and Trust Attacks
    • Impersonation
    • Kerberos Delegation
    • Lateral Movement
    • MSSQL Attacks
    • Persistence with CS
    • Privilege Escalation
    • PowerShell Shellcode Loader
  • Dcrat
    • Modules
    • Builder
    • Dcrat AV Evasion
    • C2 Comms
  • FFM Documentation
• covering-tracks
  • Linux Logging
  • Tor
  • Windows Log Clearing
  • Ghost Writing Binaries
  • Backdoor Linux Commands
• Exploit Development
  • ROP Finding the vulnerable function
  • Useful Tools for Exploit Dev
  • ropeme
  • Obtaining MSFT Patches for Analysis
  • Mutiny Fuzzer
  • GDB
• File Transfers
  • Transfering Files
    • PowerShell Transfers
    • Linux Transfers
    • Python Transfers
    • PHP Transfers
    • Ruby & Perl Transfers
    • SMB Transfers
    • FTP Transfers
    • Netcat Transfers
    • Windows Native Transfers
• Lateral Movement
  • Pivoting Enumeration
    • Proxychains and FoxyProxy
    • SSH Tunneling and Port Forwarding
    • Plink.exe
    • socat
    • Chisel
    • SShuttle
    • Ligolo-ng
    • SocksOverRDP
    • Ptunnel-ng
    • Rpivot
  • DNScat
  • IpTables bending traffic
  • netsh bending traffic
  • tun2socks
• Linux Privilege Escalation
  • Linux Privilege Escalation
  • Bash Jails
  • ssh agent
• Things I have Pwn'd before
  • Tomcat
  • Atlassian Confluence
  • Jenkins
  • WordPress
  • Joomla
  • Drupal
  • Splunk
  • PRTG Network Monitor
  • Prison Management System
  • GitLab
  • osTicket
  • Shellshock CGI
  • htmLawed
  • Tiny File Manager
  • eXtplorer
  • Apache ActiveMQ
  • Request Tracker (RT)
  • CMS Made Simple
  • CrushFTP
  • Erlang OTP SSH
  • Grafana
  • Apache Superset
  • Webmin
  • Cockpit
  • RaspAP
  • Exhibitor / ZooKeeper
  • Spring Boot Actuators
  • ttyd
  • rpc.py
  • js2py
  • pyLoad
  • Metabase
  • Mirth Connect
  • Pymatgen CIF Parser
  • aiohttp
  • Netdata
  • Gerapy
  • rConfig
  • XWiki
  • Backdrop CMS
  • Booked Scheduler
  • HP Power Manager
  • H2 Database
  • BaGet
  • Argus Surveillance DVR
  • Gitea
  • Gogs
  • Apache James Server
  • Haraka SMTP
  • OpenSMTPD
  • Openfire
  • LimeSurvey
  • Liferay
  • Laravel
  • Grav CMS
  • Codoforum
  • CS-Cart
  • Monstra CMS
  • SaltStack
  • Subrion CMS
  • OpenNMS
  • Sonatype Nexus Repository Manager
  • SonarQube
  • phpLiteAdmin
  • Camaleon CMS
  • Ghost CMS
  • Simple PHP Photo Gallery
  • Zenphoto
  • ZoneMinder
  • XAMPP
  • Wing FTP Server (Linux web client)
  • uftpd
  • FileZilla Server 0.9.60 beta
  • Remote Mouse
  • vm2 (Node.js sandbox)
  • DotNetNuke (DNN)
• Persistence
  • Linux Persistence
  • Windows Persistence
    • Assign Group Memberships
    • Guest Windows Account Persistence
    • WMI Persist With Event Filters
    • Backdoor Executable
    • Special Privileges and Security Descriptors
    • RID Hijacking
    • Task Scheduler
    • Hijacking File Associations
    • Abusing Services
    • Logon Triggered Persistence
    • MSSQL Enabling xp cmdshell
    • Sticky Keys
    • Using Web Shells
    • Startup / Registry / SharPersist
• Recon and Enumeration
  • Assessment organization
  • Engagement types (black / grey / white box)
  • Exploit Research
  • Pentesting DNS
  • Pentesting Kerberos
  • Pentesting FTP
  • Pentesting Email
  • Pentesting phpMyAdmin
  • Pentesting SMB
  • Pentesting Redis
  • Pentesting Squid
  • Banner Grabbing
  • Pentesting Rsync
  • Pentesting MsSql
  • Pentesting PostgreSQL
  • Scanning
  • Pentesting SNMP
  • Pentesting TFTP
  • Pentesting IPsec/IKE
  • Pentesting Java RMI/JMX
  • Pentesting NFS
  • Pentesting LDAP
  • Pentesting Finger
  • User Recon
  • Vulnerability Scanning
  • Pentesting RDP
  • Pentesting MySQL
  • Pentesting Oracle TNS
  • Pentesting IPMI
  • Pentesting R-Services
  • Pentesting WinRM
  • Credential Hunting - Network
  • IIS Short name scanning
• resources
  • resources
  • CS/Software Engineer Resources
• shells
  • Shells
  • web-shells
    • PHP Web Shells
    • wwwolf's PHP web shell
    • Node.js Webshell
    • Aspx Webshell
    • Neo-reGeorg Webshell
  • curlshell
  • Restricted Shell Escapes
  • OpenSSL Encrypted Shell
  • Stabilizing Shells
  • PowerShell Shells
• tool-guides
  • Afrog
  • Asymmetric File Encrypt and Decrypt
  • Aws Buckets
  • Burp Suite
  • cewl-crunch
  • curl
  • Creating a Custom Wordlist
  • Encoding & Decoding
  • evil-winrm
  • Git
  • gobuster
  • Hashcat
  • Hydra User Guide
  • John
  • Medusa
  • Linux Basics
  • Mimikatz
  • netcat
  • Nmap
  • nuclei
  • OWASP ZAP
  • SQLMap
  • PowerView
  • r2
  • tcpdump
  • T-Shark User Guide
  • tmux
  • ssh
  • Vim
  • Wireshark
  • kwp
  • KeePass KeeThief
  • FileCryptography.psm1
  • Impacket Pastable Commands
  • feroxbuster
  • ffuf
  • NetExec
  • gs-netcat
  • Scarecrow
  • torsocks
• Web Path
  • Web Reconnaissance
  • API Attacks
  • GraphQL Attacks
  • Broken Authentication
  • Bug Bounty Hunting
  • Mass Assignment
  • File Upload Attacks
  • Testing for LFI
  • Testing for RFI
  • Testing for SQL
  • Testing for XSS
  • XXE Injection
  • SSRF
  • SSTI
  • SSI & XSLT Injection
  • Authentication Bypass
  • Cmd Injection
  • Javascript Vulnerabilities
  • Web Servers
  • JWT Tokens
  • Adobe Coldfusion
  • NoSQL Injection
  • vhost Enumeration
• Wifi/Bluetooth/ZigBee/SDR/SmartCards
  • Wifi Capture Filters
  • Bluetooth Basics
  • Wifi Overview
  • Bettercap Bluetooth / Wifi
  • Aircrack-ng
  • Airdecap-ng
  • Aireplay-ng
  • RTL-SDR Radio
  • Bluetooth Low Energy
  • Smart Cards
  • Airodump-ng Airgraph-ng
  • gqrx
• Windows
  • Windows Privilege Escalation
  • Windows Privilege Abuse
  • Windows Credential Hunting
  • DLL Injection & Hijacking
  • Citrix / Restricted Desktop Breakout
  • powershell-cheatsheet
  • Anti-Virus Evasion
  • Windows Registry
  • exploits
    • printspoofer
  • Windows Kernel Vulnerabilities
  • Windows Defender
  • AMSI Bypasses
  • pktmon Packet Capture Windows
  • Powershell Constrained Language Mode
  • Windows Survey
  • Windows World Writeable Dirs
  • netsh
• firewalls
  • iptables
  • ufw
  • netsh advfirewall
• Malware Analysis
  • Malware Analysis Fundamentals
  • Packer Identification by File section names
  • Analyzing Malicious Documents
  • In Depth Malware Analysis
  • Reversing Malicious Code
• Infrastructure Development
  • SSL Cert Generation
  • Pfsense
    • OpenVPN Server on Pfsense
  • Proxmox OVA Import
• EDR
  • Velociraptor EDR
• Host Forensics
  • Windows Host Forensics
  • Windows NT Versions
  • Windows Logs
• Cloud
  • AWS
  • Kubernetes Pentesting
  • Firebase
• OSINT
  • Spiderfoot
  • Shodan Dorks
• Random
• Linux
  • awk
  • cut
  • grep
  • sort
  • Cups CVE2024
• Windows Malware Development
  • Phishing
  • Win32 API
  • Processes Threads Handles
    • Message Box Example (Basic)
    • CreateProcess Example (Basic)
• Golang
• Mikrotik
  • Implementing a Password Reset Function for Persistent Access in MikroTik RouterOS
  • Cleaner Wrasse
• Firmware Reversing