Source Good tools Malware forums/channels/discord Test payload against AV Defcon – Writing custom backdoor payloads with C# GitHub – mvelazc0/defcon27_csharp_workshop: Writing custom backdoor payloads with C# – Defcon 27 Workshop Step by Step for obfuscating code AV Evasion MindMap – From Start to finish (AV) Anti-Virus – The Hacker Recipes […]
Notes
42 posts
This is notes from Holo room. https://www.tryhackme.com/room/hololive Covenant Installation and setup From the Covenant GitHub, “Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraft easier, and serve as a collaborative command and control platform for […]
This is notes taken from the THM room ‘Wreath’, which is a great room for learning Active Directory and pivoting. https://www.tryhackme.com/room/wreath And from other sources. Summary What is pivoting? Pivoting is the art of using access obtained over one machine to exploit another machine deeper in the network. It is […]
These are my notes from the Active Directory networks at TryHackMe, as well as notes from other sources. Inspo: E’s methodology, https://zer1t0.gitlab.io/posts/attacking_ad/, https://bitbin.it/SKZrPTcu/, https://book.hacktricks.xyz/windows-hardening/active-directory-methodology Work in progress LOLBAS – Living off the land https://lolbas-project.github.io/ WADComs – Very useful cheatsheet https://wadcoms.github.io/ Icebreaker GitHub – DanMcInerney/icebreaker: Gets plaintext Active Directory credentials if […]
Buffers are memory storage regions that temporarily hold data while it is being transferred from one location to another. A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to […]
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Introduction Privilege escalation will require you to follow a methodology similar to the one given below: Information Gathering Permissions icacls – Displays or modifies discretionary […]
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Linux Privilege escalation checklist https://book.hacktricks.xyz/linux-hardening/linux-privilege-escalation-checklist Enumeration hostname The hostname command will return the hostname of the target machine. Although this value can easily be changed or have […]
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Metasploit: Introduction The main components of the Metasploit Framework can be summarized as follows; msfconsole: The main command-line interface. Modules: supporting modules such as exploits, […]
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. NMAP Live Host Discovery Scan Type Example Command ARP Scan sudo nmap -PR -sn MACHINE_IP/24 ICMP Echo Scan sudo nmap -PE -sn MACHINE_IP/24 ICMP Timestamp […]
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. What is a database? A database is a way of electronically storing collections of data in an organised manner. A database is controlled by a […]
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. What is Command Injection? Command injection is the abuse of an application’s behaviour to execute commands on the operating system, using the same privileges that […]
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. XSS Payloads What is a payload? In XSS, the payload is the JavaScript code we wish to be executed on the target computer. There are […]
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. What is an SSRF? SSRF stands for Server-Side Request Forgery. It’s a vulnerability that allows a malicious user to cause the webserver to make an […]
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Introduction What is File inclusion? In some scenarios, web applications are written to request access to files on a given system, including images, static text, […]