Red Teaming
A Detailed Guide on Evil-Winrm
Windows Privilege Escalation: Server Operator Group
MimiKatz for Pentester: Kerberos
Caldera: Red Team Emulation (Part 1)
Domain Escalation: Unconstrained Delegation
Domain Persistence: Silver Ticket Attack
Process Herpaderping (Mitre:T1055)
A Detailed Guide on HTML Smuggling
Process Doppelganging (Mitre:T1055.013)
Defense Evasion: Process Hollowing (T1055.012)
A Detailed Guide on AMSI Bypass
Windows Persistence: COM Hijacking (MITRE: T1546.015)
Lateral Movement: Remote Services (Mitre:T1021)
Lateral Movement: WebClient Workstation Takeover
Parent PID Spoofing (Mitre:T1134)
Indirect Command Execution: Defense Evasion (T1202)
Domain Escalation: Resource Based Constrained Delegation
Windows Persistence: Shortcut Modification (T1547)
Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints
Domain Persistence: Computer Accounts
Domain Persistence: Golden Certificate Attack
Covenant for Pentester: Basics
NTLM Downgrade Attack: Internal Monologue
Active Directory Enumeration: RPCClient
Active Directory Enumeration: BloodHound
Active Directory Enumeration: PowerView
Empire for Pentester: Active Directory Enumeration
Defense Evasion: Windows Event Logging (T1562.002)
Active Directory Pentesting: Lab Setup
PowerShell Empire for Pentester: Mimikatz Module
Port Forwarding & Tunnelling Cheatsheet
DNScat2: Application Layer C&C
AlienVault: Threat Hunting/Network Analysis
AlienVault: OSSEC (IDS) Deployment
AlienVault: End user Devices Integration-Lab Setup (Part 2)
Defense Evasion with obfuscated Empire
Threat Hunting: Velociraptor for Endpoint Monitoring (Part 2)
SIEM: Windows Client Monitoring with Splunk
Data Exfiltration using Linux Binaries
Threat Hunting: Velociraptor for Endpoint Monitoring
Incident Response: Windows Account Logon and logon Events
Incident Response: Windows Account Management Event (Part 2)
Incident Response: Windows Account Management Event (Part 1)
Incident Response- Linux Cheatsheet
Incident Response: Windows Cheatsheet
Defense Evasion: Alternate Data Streams
SIEM: Log Monitoring Lab Setup with Splunk
Threat Intelligence: MISP Lab Setup
Threat Hunting: Log Monitoring Lab Setup with ELK
Defense Evasion: Hide Artifacts
Remote Code Execution Using Impacket
Abusing Kerberos Using Impacket
Kerberoasting and Pass the Ticket Attack Using Linux
Evil-Winrm: Winrm Pentesting Framework
Domain Persistence: DC Shadow Attack
Domain Persistence AdminSDHolder
Abusing Microsoft Outlook 365 to Capture NTLM
Comprehensive Guide on Password Spraying Attack
Lateral Movement: Pass the Ticket Attack
Lateral Movement: Pass the Cache
Lateral Movement: Over Pass the Hash
Lateral Movement: Pass the Hash Attack
Lateral Movement on Active Directory: CrackMapExec
Deep Dive into Kerberoasting Attack
Domain Controller Backdoor: Skeleton Key
Domain Persistence: Golden Ticket Attack
Data Exfiltration using DNSSteal
RDP Session Hijacking with tscon
Credential Dumping: Windows Autologon Password
Credential Dumping: Fake Services
Credential Dumping: Domain Cache Credential
Credential Dumping: DCSync Attack
Credential Dumping: Local Security Authority (LSA|LSASS.EXE)
Credential Dumping: Phishing Windows Credentials
Credential Dumping: Applications
Credential Dumping: Security Support Provider (SSP)
Credential Dumping: Windows Credential Manager
Credential Dumping: Group Policy Preferences (GPP)
Windows Persistence: Port Monitors
Windows Persistence using Netsh
Windows Persistence using Bits Job
Windows Persistence using WinLogon
Windows Persistence: Accessibility Features
Windows Persistence: RID Hijacking
Windows Persistence using Application Shimming
Bypass Detection for Meterpreter Shell (Impersonate_SSL)
A Deep Drive on Proactive Threat Hunting
Threat Hunting – A proactive Method to Identify Hidden Threat
Evil SSDP: Spoofing the SSDP and UPnP Devices
Multiple Ways to Exploit Windows Systems using Macros
Windows for Pentester: BITSAdmin
Windows for Pentester: Certutil
Command and Control & Tunnelling via ICMP
Cloakify-Factory: A Data Exfiltration Tool Uses Text-Based Steganography
Data Exfiltration using PowerShell Empire
Get Meterpreter Session Alert over slack
Covert Channel: The Hidden Network
Command & Control: WebSocket C2
Command and Control with DropboxC2
Command & Control: Silenttrinity Post-Exploitation Agent
Command and Control Guide to Merlin
nps_payload: An Application Whitelisting Bypass Tool
GreatSct – An Application Whitelist Bypass Tool
Command and Control with HTTP Shell using JSRat
Koadic – COM Command & Control Framework
TrevorC2 – Command and Control
Generate Metasploit Payload with Ps1encode
Bypass Application Whitelisting using Weak Path Rule
Windows Exploitation: rundll32.exe
Windows Exploitation: regsvr32
Windows Exploitation: msiexec.exe
Windows Applocker Policy – A Beginner’s Guide
Multiple Ways to Exploiting Windows PC using PowerShell Empire
Empire GUI: Graphical Interface to the Empire Post-Exploitation Framework
OSX Exploitation with Powershell Empire
Windows Persistence with PowerShell Empire
Multiple Ways to Exploiting OSX using PowerShell Empire
Hi.
Can you write how to use Sqlmap for login in DVWA?
I know admin:password, but how get that with sqlmap?
Thanks.
Use the SQL exercise to get the password hash using sqlmap