OSEP Checklist

Byaghanim

Last Updated on December 15, 2023 by aghanim

OSEP/osep_checklistv2.md at main · In3x0rabl3/OSEP · GitHub

Web Application:

  • Unrestricted File upload (ASPX)
  • SQL Injection
  • Server Side Template Injection
  • RFI
  • LFI
  • Web Service
  • BruteForce
  • CVE
  • Phishing
  • Code Exec
  • BAD PDF

MSSQL:

  • Linked Servers
  • Priv Esc
  • Enable Shell
  • Code Exec
  • Relay netv2 hash

Privilege Escalation:

Windows

  • PowerUP
  • LinPeas
  • Creds in Config Files
  • SEimpersonation (PrintSpoofer,Spooler,etc)
  • ShadowCopy
  • Hivenightmare
  • Mimikatz
  • UAC
  • MSSQL
  • Listening Services
  • Kernel

Linux

  • Shared Library
  • Sudo
  • Groups
  • Listening Services
  • Ansible (Unix)
  • lse / Linpeas
  • JFROG

Lateral Movement:

  • LAPS
  • Unconstrained Delegation
  • Constrained Delegation
  • Resource Based Constrained Delegation
  • MSSQL Linked Servers
  • Pass the Ticket
  • Tickets in /tmp
  • Pass The Hash
  • Relay The Hash
  • Crack the Hash
  • RDP / SharpRDP
  • Web Application
  • Fileless Lateral Movement
  • Mimikatz
  • Ligolo-ng/chisel/Proxychains / Autoroute / SSH (Port Fowarding)
  • Bloodhound/SharpHound[.exe/.ps1]
  • JFROG
  • KEYTAB (Kerberos)
  • SSH
  • Ansible
  • SPOOLSS
  • Reuse of passwords (.\administrator NOT domain\administrator)
  • adPeas.ps1

Similar Posts

  • THM – Intro to pentesting – Fundamentals – Part 1

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsPenetration testing ethicsRules of Engagement (ROE)Penetration Testing MethodoligiesOSSTMMOWASPNIST Cybersecurity Framework 1.1NCSC CAFBlack box, White box, Grey box penetration testingBlack-Box testingGrey-box…

  • THM – Burp suite – Part 11

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsIntro  Proxy Target Definition TASKS  Tasks Tasks Tasks Tasks  Intro   Burp Suite is a framework of web appliccation pentesting tool. It is used to perform web app testing.   To install burp suite follow this guide. https://portswigger.net/burp/documentation/desktop/getting-started  Overview of Features  Proxy – What allows us to funnel traffic through Burp Suite for further analysis  Target – How we set the scope of our project. We can also use this to effectively create a…

  • THM – File Inclusion – Part 8

    Byaghanim

    Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsIntroductionWhat is File inclusion?Why do File inclusion vulnerabilities happen?What is the risk of File inclusion?Path TraversalPath traversalWhat function causes path…

  • Command And Control – C2 Framework

    Byaghanim

    Last Updated on October 3, 2024 by aghanim This is a list of Command and control (C2) servers that I’ve tested. Table Of ContentsCobalt StrikeCovenantInstallation and setupLisenersGruntsPowershell-Empire with StarkillerPoshC2GodGenesisMetasploitSliverLinks and tutorialInstallSliver and MetasploitBeacon vs sessionGenerating HTTP(S) Implants with certificateExtensions (Armory)CheatsheetExample getting beacon with msfBypassing defender with staged process hollowingHavoc C2InstallInstall the dependenciesUbuntu 20.04 / 22.04Kali…

  • THM – Network Services – Telnet – Part 5

    Byaghanim

    Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding telnet Enumerating Telnet Exploiting telnet  Understanding telnet  What is telnet?  Telnet is an application protocol which allows you, with the use of telnet client, to connect to and execute commands on a remote machine that’s hosting a telnet server.   The telnet client will establish a connection with the server. The client will then…