SUMMARY.md

Table of contents

• ⚔️ Pentest Everything
• 🚩 Writeups
  • CyberSecLabs
    • Active Directory
      • Dictionary
      • Spray (WIP)
    • Linux
      • Shock
      • Pie
    • Windows
      • Brute
      • Deployable
      • Glass
      • Monitor
      • Sam
      • Secret
      • Stack
      • Unattended
      • Weak
  • HackTheBox
    • Active Directory
      • Active
      • Blackfield
      • Cascade
      • Forest
      • Intelligence
      • Mantis
      • Monteverde
      • Resolute
      • Return
      • Sauna
      • Search
    • Linux
      • Antique
      • Armageddon
      • Backdoor
      • Bashed
      • Cap
      • Cronos
      • Curling
      • Knife
      • Lame
      • Help
      • Horizontall
      • OpenAdmin
      • Poison
      • SolidState
      • Traceback
      • Trick
    • Windows
      • Access
      • Artic
      • Bastard
      • Bastion
      • Bounty
      • Devel
      • Heist
      • Jeeves
      • Jerry
      • Legacy
      • Love
      • Optimum
      • Remote
      • SecNotes
      • Servmon
      • Timelapse
      • Querier
  • PG Play | Vulnhub
    • Linux
      • BBSCute
      • BTRSys2.1
      • Born2root
      • BossPlayersCTF
      • Covfefe
      • Dawn
      • DC5
      • Funbox
      • FunboxEasy
      • FunBoxEasyEnum
      • HackerFest2019
      • Geisha
      • JISCTF
      • My-CMSMS
      • NoName
      • OnSystemShellDredd
      • Photographer
      • Potato
      • PyExp
      • Samurai
      • SunsetDecoy
      • SunsetMidnight
      • SunsetTwilight
      • Wpwn
  • PG Practice
    • Linux
      • ClamAV
      • Nibbles
      • Payday
      • Pelican
      • Peppo
      • Postfish
      • Pwned1
      • Snookums
      • Sirol
      • Sorcerer
      • Quackerjack
      • WebCal
      • Walla
      • ZenPhoto
      • Zino
    • Windows
      • Algernon
      • Compromised
      • Kevin
      • Helpdesk
      • Hutch
      • Jacko
      • Meathead
      • Metallus
      • Shenzi
      • Slort
      • UT99
  • TryHackMe
    • Linux
      • All in One
      • Archangel
      • Anonforce
      • Biblioteca
      • Cat Pictures
      • Chill Hack
      • CMesS
      • ColddBox
      • ConvertMyVideo
      • CyberHeroes
      • Cyborg
      • Dav
      • Fusion Corp
      • GamingServer
      • Gallery
      • Internal
      • Jacobtheboss
      • Kiba
      • LazyAdmin
      • Library
      • Madness
      • Marketplace
      • Mustacchio
      • NerdHerd
      • Oh My WebServer
      • Olympus
      • Plotted-TMS
      • Skynet
      • Startup
      • Surfer
      • Team
      • Tech_Supp0rt: 1
      • Tomghost
      • VulnNet
      • Undiscovered
      • Year of the Owl
    • Windows
      • Blueprint
      • Enterprise
      • Flatline
      • Quotient
      • RazorBlack
      • Relevant
      • USTOUN
      • VulnNet: Roasted
  • To Do
    • AllSignsPoint2Pwnage (WIP)
    • Hunit (WIP)
    • Escape (WIP)
    • Banzai (WIP)
    • Billyboss (WIP)
    • Fish
    • Ra
    • Roquefort (WIP)
• 💾 GitHub
• 🔵 PsMapExec
  • Change Log
  • BloodHound
  • Using Credentials
  • Cross Domain Usage
  • Methods
    • Command Execution
    • GenRelayList / SMB Signing
    • Inject
    • IPMI
    • Kerberoast
    • MSSQL
    • Session Hunter
    • Spray
  • Modules
    • Amnesiac
    • ConsoleHistory
    • Files
    • FileZilla
    • KerbDump
    • eKeys
    • LogonPasswords
    • LSA
    • NTDS
    • Notepad
    • NTLM
    • SAM
    • SCCM
    • SessionExec
    • SessionRelay
    • TGTDeleg
    • VNC
    • Wi-Fi
    • WinSCP
  • Target Acquisition

Everything

• Buffer Overflow Guide
• Everything Active Directory and Windows
  • Active Directory Enumeration
  • ADCS
    • Enumeration - Certificate Authority
    • ESC1
    • ESC2
  • Access Token Manipultion
    • Token Impersonation
    • Create Process with Token
    • 🔨 Make and Impersonate Token
    • Parent PID Spoofing
    • 🔨 SID-History Injection
  • Adversary-in-the-Middle
    • 🔨 LDAP Relay
    • 🔨 LLMNR
    • 🔨 RDP MiTM
    • 🔨 SMB Relay
  • Credential Access
    • Brute Force
      • Password Spraying
    • Credential Dumping
      • LSASS Memory
      • Security Account Manager (SAM)
      • NTDS
      • LSA Secrets
      • Cached Domain Credentials
      • DCSync
        • 🔨 DCSync Attack
    • Credentials from Password Stores
      • Credentials from Web Browsers
      • Windows Credential Manager
    • Unsecured Credentials
      • Credentials In Files
      • Credentials in Registry
      • Group Policy Preferences
        • 🔨 GPP Passwords
    • 🔨 Modify Authentication Process
      • Domain Controller Authentication: Skeleton Key
      • Reversible Encryption
    • Steal or Forge Kerberos Tickets
      • AS-REP Roasting
      • Golden Ticket
      • Kerberoasting
      • Silver Ticket
      • S4U2Self
      • Ticket Aquisition
      • Constrained Delegation
      • Unconstrained Delegation
  • Collection
    • Clipboard Data
    • Audio Capture
  • Defense Evasion
    • Disable and Bypass Defender
    • Impair Defenses
      • Disable Windows Event Logging
      • Impair Command History Logging
      • Disable or Modify System Firewall
    • Indicator Removal
      • Clear Windows Event Logs
      • Clear Command History
      • File Deletion
      • Network Share Connection Removal
      • Timestomp
  • Input Capture
    • Keylogging
  • Lateral Movement
    • PowerShell Remoting
    • Alternate Authentication Material
      • Pass The Hash
      • Pass the Ticket
      • Pass the Password
  • File Execution Methods
  • File Transfer Techniques
  • Forced Coercion
    • URL File Attack
  • LAPS
  • Network Sniffing
  • Persistence
    • AdminSDHolder
    • BITS Jobs
    • Create Account
      • Local Account
      • Domain Account
      • Cloud Account
    • Create or Modify System Process
      • Windows Service
    • Custom SSP
    • DSRM
    • 🔨 Persistence Notes
    • Skeleton Key Attack
  • Privilege Escalation
    • Privilege Escalation Checklist
    • DnsAdmin
    • Registry
      • Always Install Elevated
      • AutoRuns
    • Service Exploits
      • Insecure Service Permissions
  • SCCM / MECM
    • Recon
    • CRED-1 - PXE Abuse
    • CRED-2 - Policy Request Credentials
    • CRED-3 - WMI Local Secrets
    • CRED-4 - CIM Repository
    • CRED-5 - MSSQL Database
    • ELEVATE-2 - Client Push
    • TAKEOVER-2
  • Tools
    • BloodHound
• Everything Linux
  • File Transfer Techniques
  • Linux Privilege Escalation Techniques
  • Privilege Escalation Checklist
  • Shell Upgrades
• Everything OSINT
  • Discovering Email Addresses
  • Dork Tools
  • Image OSINT
  • Metadata OSINT
  • Password OSINT
  • Phone Number OSINT
  • Search Engine Operators
  • Social Media OSINT Tools
  • OSINT CTFs
  • OSINT VM
  • Username OSINT
• Everything Web
  • Command Injection
  • Enumeration
  • File Upload
  • Sub Domain Enumeration
  • XSS
• Host Discovery
• Pivoting and Portforwarding
• Ports
  • Nmap Commands for port discovery
  • Port 21 | FTP
  • Port 25 | SMTP
  • Port 53 | DNS
  • Port 88 | Kerberos
  • Ports 111 | 32771 | rpcbind
  • Port 123 | NTP
  • Ports 137 | 138 | 139 | NetBIOS
  • Ports 139 | 445 | SMB
  • Ports 161 | 162 | SNMP
  • Port 389 | LDAP
  • Ports 1099 | Java RMI
  • Ports 2049 | NFS
  • Port 3389 | RDP
  • Ports 8080 | 8180 | Apache Tomcat
• PowerShell
  • Constrained Language Mode
  • Download and Execution Methods
  • Resources
  • Restricted Mode

Resources

• Cheat Sheets
  • Default Passwords
  • Kerberoast
  • Mimikatz
  • Powerup
• Hashcat Word lists and Rules
• Metasploit Modules
• Misc Snippets
• GTFOBins
• LOLBAS
• WADCOMS
• Reverse Shell Generator
• OSINT Tools
• Weakpass

---

• Password Filter DLL
• Dork Cheatsheet