Notes

OSEP Checklist

Byaghanim November 9, 2023December 15, 2023

Last Updated on December 15, 2023 by aghanim

OSEP/osep_checklistv2.md at main · In3x0rabl3/OSEP · GitHub

Web Application:

Unrestricted File upload (ASPX)
SQL Injection
Server Side Template Injection
RFI
LFI
Web Service
BruteForce
CVE
Phishing
Code Exec
BAD PDF

MSSQL:

Linked Servers
Priv Esc
Enable Shell
Code Exec
Relay netv2 hash

Privilege Escalation:

Windows

PowerUP
LinPeas
Creds in Config Files
SEimpersonation (PrintSpoofer,Spooler,etc)
ShadowCopy
Hivenightmare
Mimikatz
UAC
MSSQL
Listening Services
Kernel

Linux

Shared Library
Sudo
Groups
Listening Services
Ansible (Unix)
lse / Linpeas
JFROG

Lateral Movement:

LAPS
Unconstrained Delegation
Constrained Delegation
Resource Based Constrained Delegation
MSSQL Linked Servers
Pass the Ticket
Tickets in /tmp
Pass The Hash
Relay The Hash
Crack the Hash
RDP / SharpRDP
Web Application
Fileless Lateral Movement
Mimikatz
Ligolo-ng/chisel/Proxychains / Autoroute / SSH (Port Fowarding)
Bloodhound/SharpHound[.exe/.ps1]
JFROG
KEYTAB (Kerberos)
SSH
Ansible
SPOOLSS
Reuse of passwords (.\administrator NOT domain\administrator)
adPeas.ps1

Notes

THM – OWASP Top 10 – Part 12
Byaghanim May 22, 2021January 25, 2022

Last Updated on January 25, 2022 by aghanim Table Of ContentsIntro [Severity 1] Injection[Severity 1] OS Command Injection[Severity 1] Command Injection Practical [Severity 2] Broken Authentication[Severity 2] Broken Authentication Practical [Severity 3] Sensitive Data exposure (Introduction) [Severity 3] Sensitive Data exposure (Supporting material 1) [Severity 3] Sensitive Data exposure (Supporting material 2) [Severity 3] Sensitive Data exposure (Challenge)[Severity 4] XML External…

Read More THM – OWASP Top 10 – Part 12
Notes

THM – NMAP Documentation and Commands – Part 13
Byaghanim January 1, 2022January 25, 2022

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsNMAP Live Host DiscoveryNMAP Basic Port ScansTCP FlagsTimingsSummaryNMAP Advanced Port ScansNMAP Post Port Scans NMAP Live Host Discovery Scan Type…

Read More THM – NMAP Documentation and Commands – Part 13
Notes

THM – How Websites Work – Part 9
Byaghanim May 22, 2021January 25, 2022

Last Updated on January 25, 2022 by aghanim Table Of ContentsHow websites work HTML JavaScript Sensitive Data Exposure HTML Injection How websites work When you visit a website, your browser makes a request to a web server asking for information about the page you’re visiting and will respond with data that your browser uses to show you the page; a web server is…

Read More THM – How Websites Work – Part 9
Notes

THM – Walking An Application – Part 3
Byaghanim December 22, 2021January 25, 2022

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsIntroductionExploring The WebsiteViewing the Page SourceHow do I view the Page Source?Let’s view some Page Source!Developer Tools – InspectorDeveloper ToolsInspectorDeveloper…

Read More THM – Walking An Application – Part 3
Notes

THM – SQL Injection – Part 12
Byaghanim January 1, 2022January 25, 2022

Last Updated on January 25, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsWhat is a database?What are tables?Columns:ROWS:What is SQL?What is SQL Injection?What does it look like?Article 2 is locked as privateIn-Band…

Read More THM – SQL Injection – Part 12
Notes

THM – Linux Privilege Escalation – Part 15
Byaghanim January 2, 2022September 28, 2022

Last Updated on September 28, 2022 by aghanim This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsLinux Privilege escalation checklistEnumerationhostnameuname -a/proc/version/etc/issueps Commandenvsudo -llsId/etc/passwdhistoryifconfignetstatfind CommandFind files:General Linux CommandsAutomated Enumeration ToolsPrivilege Escalation: Kernel ExploitsHint/notes Privilege Escalation: SudoLeverage LD_PRELOADPrivilege Escalation:…

Read More THM – Linux Privilege Escalation – Part 15

Similar Posts