Notes

OSEP Checklist

Byaghanim November 9, 2023December 15, 2023

Last Updated on December 15, 2023 by aghanim

OSEP/osep_checklistv2.md at main · In3x0rabl3/OSEP · GitHub

Web Application:

Unrestricted File upload (ASPX)
SQL Injection
Server Side Template Injection
RFI
LFI
Web Service
BruteForce
CVE
Phishing
Code Exec
BAD PDF

MSSQL:

Linked Servers
Priv Esc
Enable Shell
Code Exec
Relay netv2 hash

Privilege Escalation:

Windows

PowerUP
LinPeas
Creds in Config Files
SEimpersonation (PrintSpoofer,Spooler,etc)
ShadowCopy
Hivenightmare
Mimikatz
UAC
MSSQL
Listening Services
Kernel

Linux

Shared Library
Sudo
Groups
Listening Services
Ansible (Unix)
lse / Linpeas
JFROG

Lateral Movement:

LAPS
Unconstrained Delegation
Constrained Delegation
Resource Based Constrained Delegation
MSSQL Linked Servers
Pass the Ticket
Tickets in /tmp
Pass The Hash
Relay The Hash
Crack the Hash
RDP / SharpRDP
Web Application
Fileless Lateral Movement
Mimikatz
Ligolo-ng/chisel/Proxychains / Autoroute / SSH (Port Fowarding)
Bloodhound/SharpHound[.exe/.ps1]
JFROG
KEYTAB (Kerberos)
SSH
Ansible
SPOOLSS
Reuse of passwords (.\administrator NOT domain\administrator)
adPeas.ps1

Notes

THM – Active Directory Basics – Part 18
Byaghanim September 29, 2021January 25, 2022

Last Updated on January 25, 2022 by aghanim This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Table Of ContentsIntroductionPhysical Active DirectoryThe ForestUsers + GroupsTrusts + PoliciesActive Directory Domain Services + Authentication…

Read More THM – Active Directory Basics – Part 18
Notes

THM – NMAP The Network Mapper – Part 2
Byaghanim April 4, 2021January 25, 2022

Last Updated on January 25, 2022 by aghanim Table Of ContentsIntroductionNmap switchesOverview Introduction When a computer runs a network service, it opens a networking construct called a “port” to receive the connection. Ports are necessary for making multiple requests or having multiple services available. For example, when you load several webpages at once in a web browser,…

Read More THM – NMAP The Network Mapper – Part 2
Notes

THM – NMAP Documentation and Commands – Part 13
Byaghanim January 1, 2022January 25, 2022

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsNMAP Live Host DiscoveryNMAP Basic Port ScansTCP FlagsTimingsSummaryNMAP Advanced Port ScansNMAP Post Port Scans NMAP Live Host Discovery Scan Type…

Read More THM – NMAP Documentation and Commands – Part 13
Notes

THM – Network Services – SMB – Part 3
Byaghanim April 4, 2021January 25, 2022

Last Updated on January 25, 2022 by aghanim Table Of ContentsUnderstanding SMB Enumerating SMB Exploiting SMB Understanding SMB SMB – Server Message Block Protocol – is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network. Servers make file systems and other resources available to clients on the network. Client computers may have their own hard disks, but they also want access to the shared file systems and printers on the servers. The SMB protocol is known as a…

Read More THM – Network Services – SMB – Part 3
Notes

THM – IDOR – Part 7
Byaghanim December 30, 2021January 25, 2022

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsWhat is an IDOR?An IDOR ExampleFinding IDORs in Encoded IDsEncoded IDsFinding IDORs and Hashed IDsHashed IDsFinding IDORs in Unpredictable IDsUnpredictable IDsWhere are…

Read More THM – IDOR – Part 7
Notes

THM – Authentication Bypass – Part 6
Byaghanim December 22, 2021January 25, 2022

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsUsername EnumerationBrute ForceLogical FlawWhat is a Logical Flaw?Logical Flaw ExampleLogic Flaw PracticalCookie TamperingPlain TextHashingEncoding Username Enumeration A helpful exercise to…

Read More THM – Authentication Bypass – Part 6

Similar Posts