Offensive Security/OSEP Checklist

From Wiki Aghanim
Jump to navigationJump to search

OSEP/osep_checklistv2.md at main · In3x0rabl3/OSEP · GitHub


Web Application:


  • Unrestricted File upload (ASPX)


  • SQL Injection


  • Server Side Template Injection


  • RFI


  • LFI


  • Web Service


  • BruteForce


  • CVE


  • Phishing


  • Code Exec


  • BAD PDF


MSSQL:


  • Linked Servers


  • Priv Esc


  • Enable Shell


  • Code Exec


  • Relay netv2 hash


Privilege Escalation:


Windows


  • PowerUP


  • LinPeas


  • Creds in Config Files


  • SEimpersonation (PrintSpoofer,Spooler,etc)


  • ShadowCopy


  • Hivenightmare


  • Mimikatz


  • UAC


  • MSSQL


  • Listening Services


  • Kernel


Linux


  • Shared Library


  • Sudo


  • Groups


  • Listening Services


  • Ansible (Unix)


  • lse / Linpeas


  • JFROG


Lateral Movement:


  • LAPS


  • Unconstrained Delegation


  • Constrained Delegation


  • Resource Based Constrained Delegation


  • MSSQL Linked Servers


  • Pass the Ticket


  • Tickets in /tmp


  • Pass The Hash


  • Relay The Hash


  • Crack the Hash


  • RDP / SharpRDP


  • Web Application


  • Fileless Lateral Movement


  • Mimikatz


  • Ligolo-ng/chisel/Proxychains / Autoroute / SSH (Port Fowarding)


  • Bloodhound/SharpHound[.exe/.ps1]


  • JFROG


  • KEYTAB (Kerberos)


  • SSH


  • Ansible


  • SPOOLSS


  • Reuse of passwords (.\administrator NOT domain\administrator)


  • adPeas.ps1
Retrieved from "https://book.ghanim.no/index.php?title=Offensive_Security/OSEP_Checklist&oldid=1209"