SUMMARY.md

Table of contents

• OSCP guide

The Company

• Recoinnassance
  • Passive information gathering
• Enumeration/Scanning
  • Nmap Scanning
  • nc scanning
  • Windows scanning
  • Service enumeration
    • DNS - TCP/UDP 53
    • Finger
    • FTP
    • Kerberos - TCP/UDP 88
    • POP3
    • LDAP - TCP 389
    • MSRPC - TCP 135
    • MSSQL - TCP 1433
    • NetBIOS - 139 TCP
    • RPC - TCP 135
    • SMB - TCP 445
    • SNMP
    • SMTP
  • Check your egress open ports
  • Subdomain enumeration
• Web applications
  • Server-side topics
    • File upload vulnerabilities
  • Enumeration
  • Authentication bypass
  • Directory Traversal
  • Encoding Special Characters
  • IDOR
  • File inclusion
  • File upload
  • SSRF
  • XSS
  • OS Command injection (RCE)
  • Send email
  • SQLi
  • Wordpress
• Client Side Attacks
• SQL
• Password Attacks
• API
• SSTI
• Create user names from full names
• AWS
  • AWS Elastic Container Registry - ECR
• Steganography
• Encryption
• Exploitation
  • Metasploit
  • Getting a shell
  • Reverse shell
  • AV bypass
• Active Directory
  • Active Directory Components
  • Authentication Attacks
  • Initial attack vectors
  • Exploiting AD
  • BloodHound
  • Mimikatz
  • DSync rights
  • Login methods
  • Lateral movement
  • Active Directory Persistance
• Privilege escalation
  • Linux
    • Enumeration
    • Automated enumeration tools
    • Abusing Password Authentication
    • Sudo
    • SUID
    • Capabilities
    • Cron Jobs
    • PATH
    • NFS
  • Processes monitor
  • Windows
    • Enumerating Windows
    • Automated Enumeration
    • Service binary hijacking
    • Vulnerable software
    • DLL Hijacking
    • Unquoted Service Path
    • Token Impersonation
    • Quick Wins
    • Shells
    • NTDS
• Exfiltration
• Tunneling
• Post-explotation
• Buffer overflows
• Android
• Kubernetes
• Red Teaming
• APTs