Table of contents

Home

• About

1️⃣ Reconnaissance & Enumeration

• Enumeration
  • Enum Checklist
  • Initial Enumeration
• Nmap
  • Scan network With Nmap
  • Nmap Full Flag
  • Protocol Scan

2️⃣ Initial Access & Exploitation

• Attacking Common Applications
  • 1.Content Management Systems (CMS)
    • 1. WordPress - Discovery & Enumeration
    • 2. Attacking WordPress
    • 3. Joomla - Discovery & Enumeration
    • 4. Attacking Joomla
    • 5. Drupal - Discovery & Enumeration
    • 6. Attacking Drupal
  • 2. Servlet Containers and Software Development
    • 10. Attacking Jenkins
    • 7. Tomcat - Discovery & Enumeration
    • 8. Attacking Tomcat
    • Attacking Jenkins - Focused Commands & Key Points
  • 3. Infrastructure and Network Monitoring Tools
    • 11. Splunk - Discovery & Enumeration
    • 12. Attacking Splunk
    • 13.PRTG Network Monitor
  • 4. Customer Service Mgmt & Configuration Management
    • 14. osTicket
    • 15.Gitlab - Discovery & Enumeration
    • 16. Attacking GitLab
  • 5. Common Gateway Interfaces
    • 17. Attacking Tomcat CGI
    • 18. Attacking CGI Applications - Shellshock
  • 6. Thick Client Applications
    • 19. Attacking Thick Client Applications
    • 20.Exploiting Web Vulnerabilities in Thick-Client Applications
  • 7. Miscellaneous Applications
    • 21. ColdFusion - Discovery & Enumeration
    • ColdFusion Exploitation Guide
    • 23. IIS Tilde Enumeration
    • 24.Attacking LDAP
    • 25. Web Mass Assignment Vulnerabilities
    • 26.Attacking Applications Connecting to Services
    • 27.Other Notable Applications
  • 8. Closing Out
    • 28.Application Hardening
• Attacking Common Services
  • 1.Protocol Specific Attacks
  • 2.FTP
  • 3.SMB
  • 4.SQL Databases
  • 5.RDP
  • 6.DNS
  • 7.SMTP
• Web Attacks
  • 1. HTTP Verb Tampering
  • 2. Insecure Direct Object References (IDOR)
  • 3. XML External Entity (XXE) Injection
  • Web Attacks to the point
• Server-side Attacks
  • Server-Side Vulnerabilities
• Web Service & API Attacks
  • Web Service & API Attacks

3️⃣ Injection-Based Attacks

• Command Injections
• SQL Injection
• XSS

4️⃣ Authentication & Credential Attacks

• Broken Authentication
• Login Brute Forcing
• Password Attacks
• Password Cracking
• Session Security

5️⃣ Privilege Escalation

• Windows Privilege Escalation
  • Priv Esc
  • 1.Getting the Lay of the Land
    • 1.Situational Awareness
    • 2.Initial Enumeration
    • 3.Communication with Processes
  • 2.Windows User Privileges
    • 4.Windows Privileges Overview
    • 5.SeImpersonate and SeAssignPrimaryToken
    • 6. SeDebugPrivilege
    • Exploiting SeTakeOwnershipPrivilege
  • 3.Windows Group Privileges
    • 10.DnsAdmins
    • 11. Hyper-V Administrators
    • Key Concepts:
    • Key Concepts:
    • 8. Windows Built-in Groups
    • Exploiting Event Log Readers Group for Security Log Access
  • 4.Attacking the OS
    • 14.User Account Control
    • 15.Weak Permissions
    • 16.Kernel Exploits
    • 17.Vulnerable Services
    • 18.DLL Injection
  • 5.Credential Theft
    • 19.Credential Hunting
    • 20. Other Files
    • 21.Further Credential Theft
  • 6.Restricted Environments
    • 22. Citrix Breakout
  • 7.Additional Techniques
    • 23. Interacting with Users
    • 24.Pillaging
    • 25.Miscellaneous Techniques
  • 8.Dealing with End of Life Systems
    • Key Points:
    • 27.Windows Server
    • 28.Windows Desktop Versions
• Linux Privilege Escalation
  • Linux Hardening
  • Linux Priv Esc to quick check the system
  • 1.Information Gathering
    • 1.Environment Enumeration
    • 2.Linux Services & Internals Enumeration
    • 3.Credential Hunting
  • 2.Environment-based Privilege Escalation
    • 4.Path Abuse
    • 5.Wildcard Abuse
    • 6.Escaping Restricted Shells
  • 3.Permissions-based Privilege Escalation
    • 10.Capabilities
    • 7. Special Permissions
    • 8.Sudo Rights Abuse
    • 9.Privileged Groups
  • 4.Service-based Privilege Escalation
    • 11.Vulnerable Services
    • 12.Cron Job Abuse
    • LXC Privilege Escalation Techniques
    • 14. Docker
    • 15.Kubernetes
    • 16.Logrotate
    • 17.Miscellaneous Techniques
  • 5.Linux Internals-based Privilege Escalation
    • 18.Kernel Exploits
    • 19.Shared Libraries
    • 20. Shared Object Hijacking
    • 21.Python Library Hijacking
  • 6.Recent 0-Days
    • 22.Sudo
    • 23.Polkit
    • 24.Dirty Pipe
    • 25.Netfilter
• Active Directory Enumeration & Attacks
  • 0. AD Pentest
    • 1. Active Directory Penetration Test Checklist
    • 11
    • AD All Types of attacks
    • AD FULL
    • AD Pentest
    • AD
    • Active Directory Delegation
    • Active Directory Exploitation Attacks – Full List
    • Active Directory Exploitation ke Advanced Concepts
    • Beyond Active Directory
  • 1.Initial Enumeration
    • Core Principles:
    • 2.Initial Enumeration of the Domain
    • Active Directory Basic Command
  • 2.Sniffing out a Foothold
    • 3. LLMNR-NBT-NS Poisoning - from Linux
    • 4.LLMNR-NBT-NS Poisoning - from Windows
  • 3.Sighting In, Hunting For A User
    • Password Spraying Commands and Techniques
    • 6.Enumerating & Retrieving Password Policies
    • 7.Password Spraying - Making a Target User List
  • 4.Spray Responsibly
    • 8. Internal Password Spraying - from Linux
    • DomainPasswordSpray - Active Directory Password Spraying
  • 5.Deeper Down the Rabbit Hole
    • 10. Enumerating Security Controls
    • 11. Credentialed Enumeration - from Linux
    • 12.Credentialed Enumeration - from Windows
    • 13. Living Off the Land
  • 6.Cooking with Fire
    • 14.Kerberoasting - from Linux
    • 15. Kerberoasting - from Windows
    • Kerberoasting Attack Step by Step Guide
    • Kerberoasting Attack Steps and Commands
  • 7.An ACE in the Hole
    • 16.Access Control List (ACL) Abuse Primer
    • 17. ACL Enumeration
    • 18. ACL Abuse Tactics
    • 19. DCSync
  • 8.Stacking The Deck
    • Privileged Access Enumeration and Exploitation
    • 21.Kerberos Double Hop Problem
    • NoPac, PrintNightmare, and PetitPotam Exploits
    • 23.Miscellaneous Misconfigurations
  • 9.Why So Trusting
    • 24.Domain Trusts Primer
    • 25.Attacking Domain Trusts - Child - Parent Trusts - from Windows
    • 26. Attacking Domain Trusts - Child - Parent Trusts - from Linux
  • 10.Breaking Down Boundaries
    • 27.Attacking Domain Trusts - Cross-Forest Trust Abuse - from Windows
    • 28.Attacking Domain Trusts - Cross-Forest Trust Abuse - from Linux
  • 11.Defensive Considerations
    • 29.Hardening Active Directory
    • 30.Additional AD Auditing Techniques

6️⃣ Post-Exploitation & Persistence

• Shells and payloads
• Upgrading TTY Shell
• Using the Metasploit Framework
• File Inclusion
  • 1.File Disclosure
    • 1.Local File Inclusion (LFI)
    • 2. Basic Bypasses
    • 3. PHP Filters
  • 2.Remote Code Execution
    • 4. PHP Wrappers
    • 5. Remote File Inclusion (RFI)
    • 6. LFI and File Uploads
    • 7. Log Poisoning
  • 3.Automation and Prevention
    • 8. Automated Scanning
    • 9. File Inclusion Prevention
• File Transfer
• File Upload Attacks

7️⃣ Lateral Movement & Network Pivoting

• Ligolo-ng
• Pivoting, Tunneling, and Port Forwarding

---

• Tips
  • CPTS Tips