Commit Graph

492 Commits

Author SHA1 Message Date
Swissky
b7043cfedd Bug Hunting Methodology Update 2022-10-16 00:27:47 +02:00
llamasoft
78ff651643 Add Linux evasion to its own article
Linux evasion techniques were previously included as part of persistence,
but the number of techniques are varied enough where it likely should
be its own article.
2022-10-14 17:30:25 -04:00
Swissky
6479c3a400
Merge pull request #574 from sebch-/patch-5
Update Active Directory Attack.md
2022-10-12 21:43:44 +02:00
Seb
b809e104e6
Update Active Directory Attack.md 2022-10-12 21:24:47 +02:00
Seb
f18d4991ff
Update Active Directory Attack.md 2022-10-12 19:47:40 +02:00
Seb
5480c40098
Update Hash Cracking.md 2022-10-12 19:29:15 +02:00
Seb
ad5bbd49f1
Update Hash Cracking.md 2022-10-12 18:06:22 +02:00
Swissky
f7a74feaf7 Azure Tools Update 2022-10-12 18:03:49 +02:00
pop3ret
0530c19c88
Update Cloud - AWS Pentest.md 2022-10-09 16:03:33 -03:00
pop3ret
4b4a630085
Changed summary and chapters
Changed summary to include the cheatsheet and also changed the format of the cheatsheet to be the same as the original file
2022-10-09 16:01:14 -03:00
Swissky
522b55eec5
Update Cloud - AWS Pentest.md 2022-10-07 10:50:59 +02:00
pop3ret
00189411d4
Merge AWSome Pentesting into Cloud - AWS Pentest
Merge the notes with the existing one
2022-10-06 13:43:09 -03:00
Alexander Lübeck
576322d475 Fixed invalid hyperlink 2022-10-02 15:58:16 +02:00
Swissky
99a1304af9 Methodology and enumeration rework 2022-10-02 13:13:16 +02:00
Swissky
4ed3e3b6b9 Blind SSTI Jinja 2022-10-02 12:24:39 +02:00
Swissky
72a8556dc9 NodeJS Serialization 2022-09-23 11:21:29 +02:00
Swissky
2d30e22121 DPAPI - Data Protection API 2022-09-23 00:35:34 +02:00
Processus Thief
8d564ff78b update hekatomb to install with pip
hekatomb is now available on pypi to simplify its installation
2022-09-22 16:10:20 +02:00
Processus Thief
885f8bdb8f Adding Hekatomb.py to DPAPI credentials stealing
Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations.
Then it will download all DPAPI blob of all users from all computers.
Finally, it will extract domain controller private key through RPC uses it to decrypt all credentials.

More infos here : https://github.com/Processus-Thief/HEKATOMB
2022-09-20 16:56:07 +02:00
Swissky
b6e7210ee0
Merge pull request #501 from fantesykikachu/win-p3-revshell
Add Windows Python3 Reverse Shell
2022-09-06 23:23:50 +02:00
CravateRouge
dad7362da6
Update bloodyAD attacks 2022-09-06 19:13:34 +02:00
Swissky
191a72c57e Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2022-09-06 10:05:16 +02:00
Swissky
2be739ea4f Fixing TGS/ST 2022-09-06 10:03:49 +02:00
Swissky
bdc2d55dd9
Merge pull request #533 from 0xsyr0/patch-1
Quick fix for WSUS malicious patch
2022-09-04 20:54:17 +02:00
Swissky
9e2471a472 SCCM Network Account 2022-09-04 20:51:23 +02:00
Swissky
fae02107df Jetty RCE Credits 2022-09-04 14:24:16 +02:00
Swissky
811863501b ESC9 - No Security Extension 2022-09-03 12:07:24 +02:00
0xsry0
343d63f79f
Quick fix for WSUS malicious patch
Not sure if it is deprecated but by tackling the box Outdated on HTB, the command didn't worked with two `&&`. To concatenate  `"net user WSUSDemo Password123! /add ` and `net localgroup administrators WSUSDemo /add\""`, the `^&` is required.
2022-08-24 09:10:55 +02:00
Swissky
fbd7517e04 LFI2RCE - Picture Compression - SOCKS5 CS 2022-08-21 16:38:54 +02:00
Swissky
804920be62 Source Code Management 2022-08-18 10:43:01 +02:00
Swissky
6650c361e7 Capture a network trace with builtin tools 2022-08-15 15:02:29 +02:00
Adham Elmosalamy
1b2471265a
Typo fix 2022-08-08 16:08:55 +04:00
Swissky
7fe0a0475e Docker Escape cgroup 2022-08-05 12:26:31 +02:00
Swissky
835d6fffe0 Shadow Credentials 2022-08-05 12:00:41 +02:00
Swissky
52e255cb75
Merge pull request #520 from sebch-/patch-1
Update Active Directory Attack.md
2022-08-03 19:20:11 +02:00
Spidycodes
bb6c9ed172
typo 2022-08-02 21:48:07 +00:00
Seb
310338b279
Update Active Directory Attack.md
Find AD
2022-08-02 15:09:23 +02:00
Swissky
e386a110d9 Find DC 2022-07-27 17:23:30 +02:00
Swissky
fc8fadbb0c PR Guidelines + User Hunting + HopLa Configuration 2022-06-30 16:33:35 +02:00
fantesykikachu
f6c455d8f9 Windows Python3 Reverse Shell 2022-06-28 06:54:06 +00:00
Marwan Nour
36e417f129
Added DirtyPipe to kernel exploits
Fixed some links in the table of contents
2022-06-23 16:55:58 +02:00
Sh0ckFR
a4e43fb24c
Added Thread Stack Spoofer description 2022-06-22 12:11:49 +02:00
Sh0ckFR
4b07c91e7b
Added Sleep Mask Kit Link 2022-06-21 15:52:30 +02:00
Alexandre ZANNI
b831175f99
add english version of the article 2022-06-20 20:31:11 +02:00
Swissky
ad336b4d55 Privileged Access Management (PAM) Trust 2022-06-09 11:30:43 +02:00
Swissky
881c354b34 Pre-Created Computer Account 2022-06-08 12:14:11 +02:00
Swissky
0c7da8ec41 DNS Admins Group 2022-06-07 20:36:09 +02:00
Swissky
3066615cde LAPS Access + Pass the Cert + Writeable folder 2022-05-31 11:57:44 +02:00
NocFlame
bebc87887a
added link to hashcat 2022-05-25 10:09:09 +02:00
NocFlame
ca959ec806
Added missing parenthese 2022-05-25 10:04:41 +02:00
NocFlame
2ef501f883
replaced backslash with forwardslash in cmd syntax
As defined in cmd.exe /?
/C Carries out the command specified by string and then terminates
2022-05-25 09:55:05 +02:00
Swissky
5035ed0891 WSUS Exploitation 2022-05-15 21:22:39 +02:00
Swissky
4cf464cc96 Certifried CVE-2022-26923 2022-05-13 09:44:51 +02:00
Swissky
d09659b164
Merge pull request #496 from cmd-ctrl-freq/master
Update Cloud - AWS Pentest.md
2022-05-11 10:25:30 +02:00
Swissky
67457ec582 SCCM deployment + JSON uploads 2022-05-09 15:14:26 +02:00
David Fentz
d3a296486e
Update Cloud - AWS Pentest.md
Added a reference to Cloudgoat in the Training section of the AWS pentesting docs.
2022-05-05 08:48:55 -07:00
Moayad Almalat
8a6e8b8f05
Update Cobalt Strike - Cheatsheet.md
Update Cobalt Strike user Guide to the latest version.
2022-04-25 15:18:04 +02:00
Swissky
5a89c6a5ca Windows Management Instrumentation Event Subscription 2022-04-24 15:01:18 +02:00
Swissky
b0d05faded TruffleHog examples + Cortex XDR disable 2022-04-14 09:42:15 +02:00
Swissky
89f0b93d43 Elastic EDR + VM Persistence 2022-03-27 19:50:33 +02:00
Swissky
d40e055629 Golden GMSA + Scheduled Task 2022-03-15 11:15:44 +01:00
Swissky
4abd52697f MSSQL Agent Command Execution 2022-03-10 11:05:17 +01:00
Swissky
540d3ca399 Vajra + MSSQL hashes 2022-03-05 18:31:15 +01:00
Swissky
521975a05c AV Removal + Cobalt SleepKit 2022-03-01 23:01:25 +01:00
Swissky
3e3562e553 ESC3 - Misconfigured Enrollment Agent Templates + Certipy v2 2022-02-20 13:15:28 +01:00
Swissky
71dcfd5ca7 ADCS ESC7 Shell + Big Query SQL 2022-02-18 14:50:38 +01:00
brightio
d36f98b4ca
Update LinPEAS links 2022-01-31 12:16:29 +01:00
Swissky
0b5c5acb87 ESC7 - Vulnerable Certificate Authority Access Control 2022-01-30 23:41:31 +01:00
Eslam Salem
d7e357f53a fix rm bug in netcat reverseshell on OpenBSD & BusyBox 2022-01-29 17:19:30 +02:00
clem9669
05a77e06fc
Update Active Directory Attack.md
Updating the scanner modules for PingCastle.exe
2022-01-26 13:13:11 +00:00
Alexandre ZANNI
a397a3d643
add revshellgen and merge to tools section 2022-01-22 23:08:25 +01:00
Alexandre ZANNI
a077ceab7c
add tools section 2022-01-22 22:57:37 +01:00
clem9669
76ec08cfb4
Update Active Directory Attack.md
Correcting typo
Removing dead website
Adjusting techniques
2022-01-18 22:52:58 +01:00
Swissky
f0085e158b
Removing potential DMCA material 2022-01-05 22:22:08 +01:00
clem9669
4642dd44fc
Update Hash Cracking.md
Hey 👋 
Updating content with more information and more accurate resources.
2022-01-05 18:25:31 +00:00
Swissky
dfe830d183 RODC - Read Only Domain Controller Compromise 2022-01-04 21:11:26 +01:00
Swissky
b5df6e1447 ESC6 - EDITF_ATTRIBUTESUBJECTALTNAME2 + Golden Certificate 2022-01-01 20:42:58 +01:00
Swissky
c9ef8f7f49 Graftcp Cheatsheet 2021-12-29 18:16:26 +01:00
Swissky
8411a0640d ESC4 - Access Control Vulnerabilities 2021-12-29 15:00:22 +01:00
Swissky
27768783ff Merge branch 'master' of https://github.com/swisskyrepo/PayloadsAllTheThings 2021-12-29 14:52:20 +01:00
Swissky
e3fb516747 MAQ + WEBDAV 2021-12-29 14:48:42 +01:00
Alexandre ZANNI
a430cfcc4e
update PowerGPOAbuse task command 2021-12-22 16:09:07 +01:00
Swissky
0d6d6049ce AD + Log4shell + Windows Startup 2021-12-16 09:52:51 +01:00
Swissky
5714b9c9d7 samAccountName spoofing + Java RMI 2021-12-13 20:42:31 +01:00
Swissky
10974722b1 BloodHound Custom Queries + MSSQL CLR 2021-12-12 23:04:35 +01:00
CravateRouge
8da5f36f85
Add alternatives for AD ACL abuse from Linux 2021-11-15 17:36:05 +01:00
Swissky
3366f5eaac
Merge pull request #445 from NirLevy98/reverse_shell_delete-unused-imports
Delete unused import
2021-11-07 21:16:37 +01:00
Swissky
7d9dd6806e Powershell Cheatsheet 2021-11-06 19:14:47 +01:00
Swissky
1c8067a150 Relaying with WebDav Trick + Shadow Credential 2021-10-30 21:04:23 +02:00
Swissky
e3373dd108 UnPAC The Hash + MachineKeys.txt 2021-10-26 21:56:39 +02:00
Swissky
1a3058f40c Device Code Phish 2021-10-24 20:07:46 +02:00
Nir
4207479cce Delete unused imports 2021-10-16 11:33:38 +03:00
Markus
6584df310f
Update Windows - Persistence.md
Add example to `disable windows defender` which uses MpCmdRun.exe to reset the current definitions. I recently used this and it was sufficient, that defender did not recognize previously flagged malicious files. It is quite helpful in case, that Set-MpPreference is not present or that the attacker is not allowed to adjust the service.
2021-10-14 08:53:25 +02:00
marcan2020
39a89e937a
Update breakout techniques
- Add a section on unassociated protocols
- Add paths to access filesystem via the address bar
- Fix Stick Keys link
- Fix Task Manager shortcut
- Add reference to HackTricks
2021-10-11 13:53:19 -04:00
Markus
d1345b0016
Update Hash Cracking Methodology
Add some structure to add additional tools.
Fix some typo.
Add online resources for cracking password hashes.
2021-10-11 17:08:46 +02:00
Swissky
883c35a9e5 Hash Cracking v0.1 2021-10-10 23:05:01 +02:00
p0dalirius
09b1b8984a Update Active Directory Attack.md 2021-10-06 09:05:49 +02:00
p0dalirius
8045496946 Update Active Directory Attack.md 2021-10-06 08:59:13 +02:00
p0dalirius
19b4bee7a0 Update Active Directory Attack.md 2021-10-06 08:54:16 +02:00
p0dalirius
e0b8bee5a6 Update Active Directory Attack.md 2021-10-06 08:45:44 +02:00