SUMMARY.md

Table of Contents

⚒️ Pentest

• C2
  • Covenant
  • Empire
  • Metasploit
  • PoshC2
  • Sliver
• Infrastructure
  • AD
    • ACL Abuse
    • AD CS Abuse
      • dNSHostName Spoofing (Certifried)
      • ESC1
      • ESC4
      • ESC8
    • ADIDNS Abuse
    • Attack Trusts
    • AV / EDR Evasion
      • .NET Reflective Assembly
      • AMSI Bypass
      • Application Whitelist Bypass
      • AppLocker Bypass
      • CLM Bypass
      • Defender
      • ETW Block
      • Execution Policy Bypass
      • KIS / KES
      • Mimikatz
      • UAC Bypass
    • Authentication Coercion
    • Credentials Dump
      • From Memory
        • lsass.exe
        • svchost.exe
      • Credential Phishing
      • DPAPI
      • KeePass
      • Linux
      • LSA
      • NPLogonNotify
      • NTDS
      • Password Filter
      • RDP
      • RPC
      • SAM
    • DCSync
    • Delegation Abuse
      • Constrained
      • Resource-based Constrained
      • Unconstrained
    • Discovery
    • DnsAdmins
    • Dominance
    • GPO Abuse
    • Kerberos
      • Kerberos Relay
      • Roasting
    • Key Credentials Abuse
    • LAPS
    • Lateral Movement
      • Overpass-the-Hash
      • Pass-the-Hash
      • Pass-the-Ticket
      • RDP
      • RPC
      • RunAs
      • SMB
      • SPN-jacking
      • WinRM / PSRemoting
      • WMI
    • LDAP
    • NTLM
      • NTLM Relay
      • NTLMv1 Downgrade
    • Password Spraying
    • Post Exploitation
    • PrivExchange
    • Privileges Abuse
      • SeBackupPrivilege
      • SeImpersonatePrivilege
        • Potatoes
        • PrintSpoofer
    • RID Cycling
    • SCCM Abuse
    • SMB
    • RPC
    • Token Manipulation
    • User Hunt
    • WSUS
    • Zerologon
  • DevOps
    • Ansible
    • Artifactory
    • Containerization / Orchestration
    • GitLab
    • Jenkis
  • DBMS
    • FireBird
    • MS SQL
    • MySQL / MariaDB
    • Oracle
    • Redis
    • SQLite
  • Authentication Brute Force
  • File Transfer
  • IPMI
  • Kiosk Breakout
  • Low-Hanging Fruits
  • LPE
  • Networks
    • L2
      • ARP Spoofing
      • DHCPv6 Spoofing
      • LLMNR / NBNS Poisoning
      • SNACs Abuse
      • VLAN Hopping
    • NAC Bypass
    • Scanning
    • SIP / VoIP
    • Sniff Traffic
  • NFS
  • Persistence
  • Pivoting
  • Post Exploitation
  • SNMP
  • TFTP
  • VNC
• Misc
  • OSCP BOF
  • RE
• OSINT
  • Shodan
• Password Brute Force
  • Generate Wordlists
• Perimeter
  • 1C
  • ADFS
  • Cisco
  • DNS
  • Exchange
  • Information Gathering
  • IPSec
  • Java RMI
  • Lync & Skype for Business
  • NTP
  • Outlook
  • OWA
  • SharePoint
  • SMTP
  • SSH
  • Subdomain Takeover
• Shells
  • Reverse Shells
  • Web Shells
• Web
  • 2FA Bypass
  • LFI / RFI
  • SOP / CORS
  • SQLi
  • WAF
  • WordPress
  • XSS
• Wi-Fi
  • WPA / WPA2
    • Enterprise
    • Personal

⚔️ Red Team

• Basics
• Cobalt Strike
• Infrastructure
• Malware Development
  • API Hashing
  • API Hooking
  • BOF / COFF
  • Code Injection
    • DLL Injectors
    • Process Hollowing
    • Process Injectors
    • Shellcode Runners
  • D/Invoke
  • DLL Hijacking
  • Nim
  • Sandbox Evasion
  • Shellcodes
  • Syscalls
  • Windows API
• SE
  • Phishing
    • HTML Smuggling
    • MS Office

⚙️ Admin

• Git
• Linux
  • Kali
• Networking
  • DHCP Server & Linux Hotspot
  • Quick Configurations
  • Routing
  • WireGuard
• Virtualization
  • Docker
  • Hyper-V
  • VirtualBox
  • VMWare
• Windows