SUMMARY.md

Table of contents

• Tactics, Techniques, and Procedures

☠️ Pentesting

• Fortress
  • Automation
  • Cisco
    • Cisco Adaptive Security Appliance
    • Cisco Smart Install
  • CMS
    • Drupal
    • Wordpress
  • Exchange
  • Office365
  • Okta
  • Outlook Web Access (OWA)
  • SSH
  • Subdomain Takeover
• Infrastructure
  • Active Directory
    • AD CS
    • Coercing Authentication
    • Credential Dumping
      • Cached Domain Credentials
      • Data Protection API (DPAPI)
      • Group Policy Preferences
      • LSA Secrets
      • LSASS Memory
      • NTDS
      • Security Account Manager (SAM)
      • Kerberos Tickets
      • Unsecured Credentials
      • WDigest
      • WiFi Profiles
    • Delegation Abuse
      • Constrained Delegation
      • Unconstrained Delegation
    • Domain Enumeration
    • Domain Dominance
      • Forge Golden Ticket
      • Forge Silver Ticket
      • Forge Trust Ticket
      • Skeleton Key
    • Group Policy Preferences
    • Kerberos
      • AS-REP Roasting
      • Kerberoasting
      • Kerberos Relaying
    • Lateral Movement
      • PowerShell
      • Windows Remote Management (WinRM)
    • Local Administrator Password Solution (LAPS)
    • NoPac
    • NTLMv1
    • Password Cracking
    • Password Policy
    • Password Spraying
    • Reconnaissance
    • Relaying
      • LDAP Relaying
      • SMB Relaying
    • Shadow Credentials
    • Zerologon
  • Database Management System (DBMS)
    • Microsoft SQL Server
  • Defense Evasion
    • Disable or Modify Tools
    • Disable Windows Event Logging
    • Impair Command History Logging
    • Timestomping
  • Low-Hanging Fruit
  • Networks
    • IPv6
    • LLMNR/NBT-NS Poisoning
    • Network Scanning
    • Network Sniffing
    • Segmentation Testing
    • Simple Network Management Protocol (SNMP)
    • Subnet Enumeration
    • Identifying Domain Information
  • Persistence
    • Create Account
    • Remote Desktop
    • Services
      • Service Privilege Escalation / Persistence
      • Systemd Service Persistence
    • Web Shell
    • DLL Hijacking
  • Pivoting
  • Privilege Escalation
    • Linux
      • Setuid and Setgid
    • Windows
      • Privilege Abuse
        • SeImpersonatePrivilege
        • SeLoadDriverPrivilege
      • Service Exploitation
• Initial Access
  • Phishing
    • Creating Templates
      • Leveraging AI During Template Creation
    • Payloads
      • Non-malicious Callback
      • Macros
• OSINT
  • Identifying Users
  • Network Information
  • Search Engines
• Web Applications
  • Access Control
  • APIs
    • Swagger API
  • Authentication
    • Account Takeover
  • Clickjacking
  • Cross Origin Resource Sharing (CORS)
  • Cross Site Request Forgery (CSRF)
  • Document Object Model (DOM)
  • File Upload
  • Google Dorking
  • GraphQL
  • HTTP Request Smuggling
  • Information Disclosure
  • Insecure Direct Object Reference (IDOR)
  • Injection Vulnerabilities
    • Cross-Site Scripting (XSS)
      • Blind Cross-Site Scripting
      • Finding Cross-Site Scripting
      • Stealing Cookies
      • XSS Payloads
    • CSV Injection
    • XML External Entity Injection (XXE)
    • LDAP Injection
    • NoSQL Injection
    • Server-Side Template Injection
    • SQL Injection
  • JSON Web Tokens (JWT)
  • Local File Inclusion (LFI)
  • OAuth
  • Open Redirection
  • Password Reset Poisoning
  • Prototype Pollution
  • Race Condition
  • Rate Limit Bypass
  • Remote Code Execution (RCE)
  • Remote File Inclusion (RFI)
  • Suspicious Parameters
  • Tooling
    • Burp Suite
      • Authentication / Proxy Issues
      • Intruder Attack Types
      • Match and Replace
      • Quality of Life
    • Misc Tooling
  • WAF Bypasses
  • WebSockets
  • Web Cache Deception
  • Web Cache Poisoning
• Wireless
  • WPA / WPA2
    • Alfa Troubleshooting
    • Enterprise
    • Personal
• Cloud
  • Amazon Web Services (AWS)
  • Microsoft Azure

🧨 Red Teaming

• C2
  • Cobalt Strike
  • Empire
  • Metasploit
    • Metasploit Datatabase
  • Mythic
  • Sliver
• Malware Dev
• Offensive Infrastructure
  • Cloud Fronting
  • Redirectors
  • OpSec
  • Phishing Infrastructure
  • Creating a Dropbox
• Offensive Tactics
• Philosophy

🦋 Bug Bounty

• Bug Bounty Tips & Tricks

📖 Resources

• Blog Posts and Goodies
• Checklists
• Offensive Security Notes
• Tooling Repository
• Active Directory Toolkit