# Pentesting - [Fortress](/pentesting/fortress.md): Notes on attacking the fortress (external perimiter) - [Automation](/pentesting/fortress/automation.md) - [Cisco](/pentesting/fortress/cisco.md) - [Cisco Adaptive Security Appliance](/pentesting/fortress/cisco/cisco-adaptive-security-appliance.md) - [Cisco Smart Install](/pentesting/fortress/cisco/cisco-smart-install.md) - [CMS](/pentesting/fortress/cms.md) - [Drupal](/pentesting/fortress/cms/drupal.md) - [Wordpress](/pentesting/fortress/cms/wordpress.md) - [Exchange](/pentesting/fortress/exchange.md) - [Office365](/pentesting/fortress/spray_microsoft.md): A list of tools and resources that I use for password spraying Microsoft products. - [Okta](/pentesting/fortress/okta.md) - [Outlook Web Access (OWA)](/pentesting/fortress/outlook-web-access-owa.md) - [SSH](/pentesting/fortress/ssh.md) - [Subdomain Takeover](/pentesting/fortress/subdomain-takeovers.md): MITRE ATT\&CK, Resource Development, Sub-technique T1584.001 - [Infrastructure](/pentesting/infrastructure.md) - [Active Directory](/pentesting/infrastructure/active-directory.md) - [AD CS](/pentesting/infrastructure/active-directory/ad-cs.md) - [Coercing Authentication](/pentesting/infrastructure/active-directory/coercing-authentication.md) - [Credential Dumping](/pentesting/infrastructure/active-directory/os-credential-dumping.md): MITRE ATT\&CK, Credential Access, ID TA0006 - [Cached Domain Credentials](/pentesting/infrastructure/active-directory/os-credential-dumping/cached-domain-credentials.md): MITRE ATT\&CK, Credential Access, Sub-technique T1003.005 - [Data Protection API (DPAPI)](/pentesting/infrastructure/active-directory/os-credential-dumping/data-protection-api-dpapi.md) - [Group Policy Preferences](/pentesting/infrastructure/active-directory/os-credential-dumping/group-policy-preferences.md): MITRE ATT\&CK, Credential Access, Sub-technique T1552.006 - [LSA Secrets](/pentesting/infrastructure/active-directory/os-credential-dumping/lsa-secrets.md): MITRE ATT\&CK, Credential Access, Sub-technique T1003.004 - [LSASS Memory](/pentesting/infrastructure/active-directory/os-credential-dumping/lsass-memory.md): MITRE ATT\&CK, Credential Access, Sub-technique T1003.001 - [NTDS](/pentesting/infrastructure/active-directory/os-credential-dumping/ntds.md) - [Security Account Manager (SAM)](/pentesting/infrastructure/active-directory/os-credential-dumping/security-account-manager-sam.md): MITRE ATT\&CK, Credential Access, Sub-technique T1003.002 - [Kerberos Tickets](/pentesting/infrastructure/active-directory/os-credential-dumping/kerberos-tickets.md): MITRE ATT\&CK, Credential Access, Technique T1558 - [Unsecured Credentials](/pentesting/infrastructure/active-directory/os-credential-dumping/unsecured_credentials-1.md): MITRE ATT\&CK, Credential Access, Technique T1552 - [WDigest](/pentesting/infrastructure/active-directory/os-credential-dumping/wdigest.md) - [WiFi Profiles](/pentesting/infrastructure/active-directory/os-credential-dumping/wifi-profiles.md) - [Delegation Abuse](/pentesting/infrastructure/active-directory/delegation-abuse.md) - [Constrained Delegation](/pentesting/infrastructure/active-directory/delegation-abuse/constrained-delegation.md) - [Unconstrained Delegation](/pentesting/infrastructure/active-directory/delegation-abuse/unconstrained-delegation.md) - [Domain Enumeration](/pentesting/infrastructure/active-directory/domain_enumeration.md) - [Domain Dominance](/pentesting/infrastructure/active-directory/domain-dominance.md) - [Forge Golden Ticket](/pentesting/infrastructure/active-directory/domain-dominance/create_golden_ticket.md): MITRE ATT\&CK, Credential Access, Technique T1558.001 - [Forge Silver Ticket](/pentesting/infrastructure/active-directory/domain-dominance/create-silver-ticket.md): MITRE ATT\&CK, Credential Access, Technique T1558.002 - [Forge Trust Ticket](/pentesting/infrastructure/active-directory/domain-dominance/forge-trust-ticket.md) - [Skeleton Key](/pentesting/infrastructure/active-directory/domain-dominance/skeleton_key.md) - [Group Policy Preferences](/pentesting/infrastructure/active-directory/group-policy-preferences.md) - [Kerberos](/pentesting/infrastructure/active-directory/kerberos.md) - [AS-REP Roasting](/pentesting/infrastructure/active-directory/kerberos/as-rep-roasting.md) - [Kerberoasting](/pentesting/infrastructure/active-directory/kerberos/kerberoasting.md) - [Kerberos Relaying](/pentesting/infrastructure/active-directory/kerberos/kerberos-relaying.md) - [Lateral Movement](/pentesting/infrastructure/active-directory/lateral_movement.md): MITRE ATT\&CK, Lateral Movement, ID TA0008 - [PowerShell](/pentesting/infrastructure/active-directory/lateral_movement/exploitation_with_powershell.md): MITRE ATT\&CK, Execution, Technique T1059.001 - [Windows Remote Management (WinRM)](/pentesting/infrastructure/active-directory/lateral_movement/winrm.md): MITRE ATT\&CK, Lateral Movement, Sub-technique T1021.006 - [Local Administrator Password Solution (LAPS)](/pentesting/infrastructure/active-directory/local-administrator-password-solution-laps.md) - [NoPac](/pentesting/infrastructure/active-directory/nopac.md) - [NTLMv1](/pentesting/infrastructure/active-directory/ntlmv1.md) - [Password Cracking](/pentesting/infrastructure/active-directory/password_cracking.md): MITRE ATT\&CK, Credential Access, Sub-technique T1110.002 - [Password Policy](/pentesting/infrastructure/active-directory/password-policy.md) - [Password Spraying](/pentesting/infrastructure/active-directory/password-spraying.md): Methodology for performing password spraying attacks against active directory - [Reconnaissance](/pentesting/infrastructure/active-directory/reconnaissance.md) - [Relaying](/pentesting/infrastructure/active-directory/relaying.md) - [LDAP Relaying](/pentesting/infrastructure/active-directory/relaying/ldap-relaying.md) - [SMB Relaying](/pentesting/infrastructure/active-directory/relaying/smb-relaying.md) - [Shadow Credentials](/pentesting/infrastructure/active-directory/shadow-credentials.md) - [Zerologon](/pentesting/infrastructure/active-directory/zerologon.md) - [Database Management System (DBMS)](/pentesting/infrastructure/database-management-system-dbms.md) - [Microsoft SQL Server](/pentesting/infrastructure/database-management-system-dbms/sql-stored-procedures.md): Obtaining a shell after obtaining credentials to a Microsoft SQL Server. - [Defense Evasion](/pentesting/infrastructure/defense_evasion.md): MITRE ATT\&CK, Defense Evasion, ID TA0005 - [Disable or Modify Tools](/pentesting/infrastructure/defense_evasion/disable_antivirus.md): MITRE ATT\&CK, Defense Evasion, Sub-technique T1562.001 - [Disable Windows Event Logging](/pentesting/infrastructure/defense_evasion/disable-windows-event-logging.md): MITRE ATT\&CK, Defense Evasion, Sub-technique T1562.002 - [Impair Command History Logging](/pentesting/infrastructure/defense_evasion/impair-command-history-logging.md): MITRE ATT\&CK, Defense Evasion, Sub-technique T1562.003 - [Timestomping](/pentesting/infrastructure/defense_evasion/timestomping.md) - [Low-Hanging Fruit](/pentesting/infrastructure/easy_hacks.md): Easy ways to get a shell - [Networks](/pentesting/infrastructure/networks.md) - [IPv6](/pentesting/infrastructure/networks/ipv6.md) - [LLMNR/NBT-NS Poisoning](/pentesting/infrastructure/networks/poisoning-with-responder.md) - [Network Scanning](/pentesting/infrastructure/networks/network-scanning.md): MITRE ATT\&CK, Discovery, Technique T1046 - [Network Sniffing](/pentesting/infrastructure/networks/network-sniffing.md): MITRE ATT\&CK, Discovery, Technique T1040 - [Segmentation Testing](/pentesting/infrastructure/networks/segmentation_testing_notes.md): When performing segmentation tests for PCI compliance, there aside from my Nmap scans there are a few things I've wanted to keep jotted down. This section contains my notes. - [Simple Network Management Protocol (SNMP)](/pentesting/infrastructure/networks/simple-network-management-protocol-snmp.md) - [Subnet Enumeration](/pentesting/infrastructure/networks/subnet-enumeration.md) - [Identifying Domain Information](/pentesting/infrastructure/networks/identifying-domain-information.md) - [Persistence](/pentesting/infrastructure/persistence.md): MITRE ATT\&CK, Persistence, ID TA0003 - [Create Account](/pentesting/infrastructure/persistence/create-account.md): MITRE ATT\&CK, Persistence, Technique T1136 - [Remote Desktop](/pentesting/infrastructure/persistence/remote-desktop.md) - [Services](/pentesting/infrastructure/persistence/services.md) - [Service Privilege Escalation / Persistence](/pentesting/infrastructure/persistence/services/service-privilege-escalation-persistence.md) - [Systemd Service Persistence](/pentesting/infrastructure/persistence/services/systemd-service-persistence.md): MITRE ATT\&CK, Persistence, Sub-technique T1543.002 - [Web Shell](/pentesting/infrastructure/persistence/web-shell.md): MITRE ATT\&CK, Persistence, Sub-technique T1505.003 - [DLL Hijacking](/pentesting/infrastructure/persistence/dll-hijacking.md) - [Pivoting](/pentesting/infrastructure/protocol-tunneling.md): MITRE ATT\&CK, Command and Control, Technique T1572 - [Privilege Escalation](/pentesting/infrastructure/privilege_escalation.md): MITRE ATT\&CK, Privilege Escalation, ID TA0004 - [Linux](/pentesting/infrastructure/privilege_escalation/linux.md): List of commonly used escalation tools for Linux systems - [Setuid and Setgid](/pentesting/infrastructure/privilege_escalation/linux/setuid-and-setgid.md): MITRE ATT\&CK, Privilege Escalation, Sub-technique T1548.001 - [Windows](/pentesting/infrastructure/privilege_escalation/windows.md): List of commonly used escalation tools for Windows systems - [Privilege Abuse](/pentesting/infrastructure/privilege_escalation/windows/abusing-privileges.md) - [SeImpersonatePrivilege](/pentesting/infrastructure/privilege_escalation/windows/abusing-privileges/seimpersonateprivilege.md) - [SeLoadDriverPrivilege](/pentesting/infrastructure/privilege_escalation/windows/abusing-privileges/seloaddriverprivilege.md): Privilege escalation using the load and unload device drivers policy (SeLoadDriverPrivilege). - [Service Exploitation](/pentesting/infrastructure/privilege_escalation/windows/service-exploitation.md): Basic commands when abusing services to elevate privileges after being identified with a tool such as WinPEAS. - [Initial Access](/pentesting/initial_access.md): MITRE ATT\&CK, Initial Access, ID TA0001 - [Phishing](/pentesting/initial_access/phishing.md): MITRE ATT\&CK, Initial Access, Technique T1566 - [Creating Templates](/pentesting/initial_access/phishing/creating_templates.md) - [Leveraging AI During Template Creation](/pentesting/initial_access/phishing/creating_templates/leveraging-ai-during-template-creation.md) - [Payloads](/pentesting/initial_access/phishing/payloads.md) - [Non-malicious Callback](/pentesting/initial_access/phishing/payloads/non-malicious-callback.md) - [Macros](/pentesting/initial_access/phishing/payloads/macros.md) - [OSINT](/pentesting/osint.md) - [Identifying Users](/pentesting/osint/gather-victim-identity-information.md): MITRE ATT\&CK, Reconnaissance, Technique T1589 - [Network Information](/pentesting/osint/gather-victim-network-information.md): MITRE ATT\&CK, Reconnaissance, Technique T1590 - [Search Engines](/pentesting/osint/search-engines.md): MITRE ATT\&CK Reconnaissance, Technique T1596 - [Web Applications](/pentesting/web-applications.md) - [Access Control](/pentesting/web-applications/access-control.md) - [APIs](/pentesting/web-applications/apis.md) - [Swagger API](/pentesting/web-applications/apis/swagger-api.md) - [Authentication](/pentesting/web-applications/authentication.md) - [Account Takeover](/pentesting/web-applications/authentication/account-takeover.md) - [Clickjacking](/pentesting/web-applications/clickjacking.md) - [Cross Origin Resource Sharing (CORS)](/pentesting/web-applications/cross-origin-resource-sharing-cors.md) - [Cross Site Request Forgery (CSRF)](/pentesting/web-applications/cross-site-request-forgery-csrf.md) - [Document Object Model (DOM)](/pentesting/web-applications/document-object-model-dom.md) - [File Upload](/pentesting/web-applications/file-upload.md) - [Google Dorking](/pentesting/web-applications/google-dorking.md) - [GraphQL](/pentesting/web-applications/graphql.md) - [HTTP Request Smuggling](/pentesting/web-applications/http-request-smuggling.md) - [Information Disclosure](/pentesting/web-applications/information-disclosure.md) - [Insecure Direct Object Reference (IDOR)](/pentesting/web-applications/insecure-direct-object-reference-idor.md) - [Injection Vulnerabilities](/pentesting/web-applications/injection-vulnerabilities.md) - [Cross-Site Scripting (XSS)](/pentesting/web-applications/injection-vulnerabilities/cross-site-scripting.md) - [Blind Cross-Site Scripting](/pentesting/web-applications/injection-vulnerabilities/cross-site-scripting/blind-cross-site-scripting.md) - [Finding Cross-Site Scripting](/pentesting/web-applications/injection-vulnerabilities/cross-site-scripting/finding-cross-site-scripting.md) - [Stealing Cookies](/pentesting/web-applications/injection-vulnerabilities/cross-site-scripting/stealing-cookies.md) - [XSS Payloads](/pentesting/web-applications/injection-vulnerabilities/cross-site-scripting/xss-payloads.md) - [CSV Injection](/pentesting/web-applications/injection-vulnerabilities/csv-injection.md) - [XML External Entity Injection (XXE)](/pentesting/web-applications/injection-vulnerabilities/external-entity-injection-xxe.md) - [LDAP Injection](/pentesting/web-applications/injection-vulnerabilities/ldap-injection.md) - [NoSQL Injection](/pentesting/web-applications/injection-vulnerabilities/nosql-injection.md) - [Server-Side Template Injection](/pentesting/web-applications/injection-vulnerabilities/server-side-template-injection.md) - [SQL Injection](/pentesting/web-applications/injection-vulnerabilities/sql-injection.md) - [JSON Web Tokens (JWT)](/pentesting/web-applications/json-web-tokens-jwt.md) - [Local File Inclusion (LFI)](/pentesting/web-applications/local-file-inclusion-lfi.md) - [OAuth](/pentesting/web-applications/oauth.md) - [Open Redirection](/pentesting/web-applications/open-redirection.md) - [Password Reset Poisoning](/pentesting/web-applications/password-reset-poisoning.md) - [Prototype Pollution](/pentesting/web-applications/prototype-pollution.md) - [Race Condition](/pentesting/web-applications/race-condition.md) - [Rate Limit Bypass](/pentesting/web-applications/rate-limit-bypass.md) - [Remote Code Execution (RCE)](/pentesting/web-applications/remote-code-execution-rce.md) - [Remote File Inclusion (RFI)](/pentesting/web-applications/remote-file-inclusion-rfi.md) - [Suspicious Parameters](/pentesting/web-applications/suspicious-parameters.md) - [Tooling](/pentesting/web-applications/tooling.md) - [Burp Suite](/pentesting/web-applications/tooling/burp-suite.md): Notes around using and performing testing with Burp Suite - [Authentication / Proxy Issues](/pentesting/web-applications/tooling/burp-suite/authentication-proxy-issues.md) - [Intruder Attack Types](/pentesting/web-applications/tooling/burp-suite/intruder_attack_types.md): Brief descriptions of each attack type in Burp Suite Intruder. - [Match and Replace](/pentesting/web-applications/tooling/burp-suite/match-and-replace.md) - [Quality of Life](/pentesting/web-applications/tooling/burp-suite/quality-of-life.md) - [Misc Tooling](/pentesting/web-applications/tooling/misc-tooling.md) - [WAF Bypasses](/pentesting/web-applications/waf-bypasses.md) - [WebSockets](/pentesting/web-applications/websockets.md) - [Web Cache Deception](/pentesting/web-applications/web-cache-deception.md) - [Web Cache Poisoning](/pentesting/web-applications/web-cache-poisoning.md) - [Wireless](/pentesting/wireless.md) - [WPA / WPA2](/pentesting/wireless/wpa-wpa2.md) - [Alfa Troubleshooting](/pentesting/wireless/wpa-wpa2/alfa-troubleshooting.md) - [Enterprise](/pentesting/wireless/wpa-wpa2/enterprise.md) - [Personal](/pentesting/wireless/wpa-wpa2/personal.md) - [Cloud](/pentesting/cloud.md) - [Amazon Web Services (AWS)](/pentesting/cloud/amazon-web-services-aws.md) - [Microsoft Azure](/pentesting/cloud/microsoft-azure.md)