Notes

OSEP Checklist

Byaghanim November 9, 2023December 15, 2023

OSEP/osep_checklistv2.md at main · In3x0rabl3/OSEP · GitHub

Web Application:

Unrestricted File upload (ASPX)
SQL Injection
Server Side Template Injection
RFI
LFI
Web Service
BruteForce
CVE
Phishing
Code Exec
BAD PDF

MSSQL:

Linked Servers
Priv Esc
Enable Shell
Code Exec
Relay netv2 hash

Privilege Escalation:

Windows

PowerUP
LinPeas
Creds in Config Files
SEimpersonation (PrintSpoofer,Spooler,etc)
ShadowCopy
Hivenightmare
Mimikatz
UAC
MSSQL
Listening Services
Kernel

Linux

Shared Library
Sudo
Groups
Listening Services
Ansible (Unix)
lse / Linpeas
JFROG

Lateral Movement:

LAPS
Unconstrained Delegation
Constrained Delegation
Resource Based Constrained Delegation
MSSQL Linked Servers
Pass the Ticket
Tickets in /tmp
Pass The Hash
Relay The Hash
Crack the Hash
RDP / SharpRDP
Web Application
Fileless Lateral Movement
Mimikatz
Ligolo-ng/chisel/Proxychains / Autoroute / SSH (Port Fowarding)
Bloodhound/SharpHound[.exe/.ps1]
JFROG
KEYTAB (Kerberos)
SSH
Ansible
SPOOLSS
Reuse of passwords (.\administrator NOT domain\administrator)
adPeas.ps1

Notes

THM – Windows Privilege Escalation – Part 16

Byaghanim January 2, 2022December 6, 2023

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsIntroductionInformation GatheringPermissionsUser enumerationCollection System InformationSearching filesCommand breakdown:Path LevelNetwork ConnectionsScheduled TasksDriversAntivirusTools of the tradeWinPEASPowerUpWindows Exploit SuggesterMetasploitVulnerable SoftwareDLL HijackingIntroduction to DLL FilesFinding DLL Hijacking VulnerabilitiesCreating a malicious DLL fileUnquoted Service…

Notes

THM – Principles of Security – Part 2

Byaghanim December 22, 2021January 25, 2022

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsPrinciples of PrivilegesSecurity Models ContinuedThe Bell-La Padula ModelBiba ModelThreat Modelling & Incident Response Principles of Privileges The levels of access given to individuals are determined on two primary…

Notes

THM – Subdomain Enumeration – Part 5

Byaghanim December 22, 2021January 25, 2022

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsBriefOSINT – SSL/TLS CertificatesSSL/TLS CertificatesOSINT – Search EngineSearch EnginesDNS BruteforceOSINT – Sublist3rAutomation Using Sublist3rVirtual Hosts Brief Subdomain enumeration is the process of finding valid subdomains for a domain….

Notes

THM – IDOR – Part 7

Byaghanim December 30, 2021January 25, 2022

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsWhat is an IDOR?An IDOR ExampleFinding IDORs in Encoded IDsEncoded IDsFinding IDORs and Hashed IDsHashed IDsFinding IDORs in Unpredictable IDsUnpredictable IDsWhere are IDORs locatedWhere are they located?A Practical IDOR ExampleWhat…

Notes

THM – File Inclusion – Part 8

Byaghanim December 30, 2021January 25, 2022

This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsIntroductionWhat is File inclusion?Why do File inclusion vulnerabilities happen?What is the risk of File inclusion?Path TraversalPath traversalWhat function causes path traversal vulnerabilities in PHP?Local File Inclusion – LFILocal…

Notes

THM – Web Fundamentals – Part 10

Byaghanim May 22, 2021January 25, 2022

Table Of ContentsHow Do We Load Websites? More HTTPS – Verbs and request formats Cookies How Do We Load Websites? Finding the server A DNS request is made initially. DNS is like a giant phone book that takes a URL and turns it into an IP. You dont have to remember the IP of websites. The IP address uniquely identifies each internet connected devices, like a web servere or your computer. They are formed of 4 groups of number, each 0-255 (x.x.x.x) and called an octect. Loading some content …

Similar Posts