Similar Posts
THM – Cross-site scripting (XSS) – Part 10
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsXSS PayloadsWhat is a payload?Proof of ConceptSession StealingKey LoggerExampleBusiness LogicReflected XSSExample ScenarioPotential ImpactHow to test for Reflected XSSStored XSSExample ScenarioHow to test for Stored XSSDOM Based XSSWhat is…
THM – Windows Exploitation Basics – Part 17
This is a continued series where I document my path through different tryhackme courses. I recommend everyone that wants to learn cyber security to subscribe to tryhackme.com and take the courses there. Table Of ContentsWindows file system and permissions explainedUnderstanding the authentication process Windows file system and permissions explained What is the file system? It…
THM – Content Discovery – Part 4
This is my notes from the Junior Pentesting course at TryHackMe. This course takes you through the basics and some advanced topics regarding penetration testing. Table Of ContentsWhat is content Discovery?Manual Discovery – Robots.txtRobots.txtManual Discovery – FaviconFaviconManual Discovery – Sitemap.xmlSitemap.xmlManual Discovery – HTTP HeadersHTTP HeadersManual Discovery – Framework StackFramework StackOSINT – Google Hacking/DorkingGoogle Hacking /…
Malware Development
Work in Progress Table Of ContentsCoursesSources Courses SEKTOR7 Institute https://maldevacademy.com/ EvasionEDR By Matt Hand Sources URL Description Category https://github.com/NUL0x4C/HellShell HellShell GitHub repository Penetration Testing https://www.corelan.be/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/#weapon Exploit writing tutorial on Corelan.be Exploit Development https://www.corelan.be/ Corelan.be website Cybersecurity https://github.com/Krypteria/AtlasLdr AtlasLdr GitHub repository Malware Analysis https://labs.jumpsec.com/obfuscating-c2-during-a-red-team-engagement/ Article on obfuscating C2 during Red Team engagement Red Teaming https://github.com/matterpreter/DefenderCheck DefenderCheck…
Active Directory – Notes, Methodology, Cheatsheet
These are my notes from the Active Directory networks at TryHackMe, as well as notes from other sources. Inspo: Work in progress Table Of ContentsReferences MatrixLOLBAS – Living off the landWADComs – Very useful cheatsheetIcebreakerAD MethodologyMindmap – Nr 1Mindmap – Nr 2Active Directory TheoryObject Permission (ACE, DACL, SIDs…)KerberosKerberos Authentication graphMicrosoft’s Kerberos Delegation SolutionsExploiting Kerberos Delegation:Difference…
Command And Control – C2 Framework
This is a list of Command and control (C2) servers that I’ve tested. Table Of ContentsCovenantInstallation and setupLisenersGruntsPowershell-Empire with StarkillerPoshC2GodGenesisMetasploitSliverInstallSliver and MetasploitBeacon vs sessionExtensions (Armory)CheatsheetExample getting beacon with msfBypassing defender with staged process hollowingHavoc C2InstallInstall the dependenciesUbuntu 20.04 / 22.04Kali and other Debian based Distros only.Debian 10/11Building the TeamserverBuilding the ClientClient Covenant Installation and setup…