syllabus

File Transfers

File Transfers
File Transfers One-liners
HTTP Put Server
FTP Server – File Transfers
SMB Server – File Transfers

Tunnel - Port Forwarding

Tunnel – Port Forwarding
Ligolo-ng
Ligolo-ng – 2
Chisel TCP UDP tunnel
SSH Tunneling

Linux Privilege Escalation

Linux Privilege Escalation
Kernel Exploitation
Network Details
Applications & Services Details
Applications & Services Details – 2
Creating a Linux service with systemd
Password Mining
Password Mining – Configuration Files
User Home Directory Enumeration
Permissions on critical system files
SUID Privilege Escalation
SUID Privilege Escalation – 2
Path Hijacking Path Abusing
Exploiting Shared Library Misconfigurations
SUDO Privilege Escalation
Custom Binary and Scripts
Custom Binary Scripts – 2
Exploitation (SUDO and LD_PRELOAD)
Exploiting Capabilities for Privilege Escalation
cap_net_raw+ep and cap_dac_read_search
cap_sys_admin+ep
Cron Jobs & Systemd Timers
Wildcard Injection * Expansion
NFS Root Squashing
LinPEAS

Windows Privilege Escalation

Windows Shell
Basic Windows Commands
Basic Windows Commands – 2
Managing File and Folder Permissions in Windows
Understanding the ACL Entries
Windows Booting Files
net user
Net Services Suite
Service Controller Utility Commands
Windows Firewall Management
Windows Registry Commands
User and Network Enumeration
Windows Kernel Exploits
MS14-058 – ‘TrackPopupMenu’ Local Privilege Escalation
Windows Certificate Dialog Elevation of Privilege Vulnerability (CVE-2019-1388)
Generating Hash Files from SAM and SYSTEM
Active Directory Domain – NTDS.DIT
FileZilla Server Password Recovery
Password in Windows Registry
PowerShell Command History
Impersonation and Potato Attacks
Juicy Potato
GodPotato Exploit
Dynamic Link Library Hijacking (DLL Hijacking)
Unquoted Service Path Vulnerability
Insecure Service Permissions (binPath)
AlwaysInstallElevated Exploitation
AlwaysInstallElevated Exploitation – 2
Autorun – Registry Persistence
UAC Bypass
Cmdkey and Runas Command
WinPEAS

Offensive Active Directory

Offensive Active Directory
Active Directory Pentest Lab Setup
Permanently disable Windows Defender in Windows 11
Active Directory Setup
Assume Breach Methodology
Tunneling in AD Network
Port Scanner Tools on AD
Dynamic Port Forwarding chisel
LDAP (Lightweight Directory Access Protocol) – Enumeration
Anonymous Bind – ldapsearch
Fuse HTB
BloodHound
PowerView.ps1
BloodHound.py
Active Directory ACL Abuse
Kerberos Enumeration
Kerberoasting Attack
Kerberoasting vs AS-REP Roasting
Ligolo-ng listener_add
LLMNR NBT-NS Poisoning in Windows Domain Environments
Mimikatz Usage and Execution
Kerberoasting with Mimikatz
Golden Ticket Attack
Silver Ticket Attack

PreviousShutDown and Reboot Options in Windows

Last updated 18 days ago