Skip to content

Instantly share code, notes, and snippets.

@Spy0x7
Forked from cyberheartmi9/OSCP-prep
Created February 27, 2022 09:24
Show Gist options
  • Save Spy0x7/3d3410c5288fdf8d0da7f07b5507c035 to your computer and use it in GitHub Desktop.
Save Spy0x7/3d3410c5288fdf8d0da7f07b5507c035 to your computer and use it in GitHub Desktop.
#notes
https://www.cnblogs.com/keepmoving1113/tag/OSCP/
https://hausec.com/pentesting-cheatsheet/
https://highon.coffee/blog/penetration-testing-tools-cheat-sheet
https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md
https://noobsec.net/oscp-cheatsheet/
https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html
https://www.reddit.com/r/oscp/comments/824v7z/oscp_exam_taking_fraud/
https://github.com/OlivierLaflamme/Cheatsheet-God
https://johntuyen.com/personal/2019/05/25/personal-oscpcheatsheet.html
https://github.com/tbowman01/OSCP-PWK-Notes-Public
#OOB
https://omercitak.com/out-of-band-attacks-en/
#SQL inj
https://medium.com/bugbountywriteup/out-of-band-oob-sql-injection-87b7c666548b
https://portswigger.net/web-security/sql-injection/cheat-sheet
#BOF
https://medium.com/@princerohit8800/buffer-overflow-exploiting-slmail-email-server-f90b27459911
https://www.nccgroup.com/uk/about-us/newsroom-and-events/blogs/2016/june/writing-exploits-for-win32-systems-from-scratch/
https://bufferoverflows.net/castripper-2-50-70-buffer-overflow-exploitation-mona-py-rop-chain/
https://github.com/V1n1v131r4/OSCP-Buffer-Overflow
https://vulp3cula.gitbook.io/hackers-grimoire/exploitation/buffer-overflow
https://medium.com/@notsoshant/windows-exploitation-dealing-with-bad-characters-quickzip-exploit-472db5251ca6
https://github.com/xChockax/Buffer-Overflow
#pviot
https://medium.com/@mkumarcyber/hacking-oscp-cheatsheet-ef63c43f919c
https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html
https://sushant747.gitbooks.io/total-oscp-guide/content/port_forwarding_and_tunneling.html
https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets
https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html
https://cd6629.gitbook.io/oscp-notes/oscp-cheatsheet-unfinished
https://www.fireeye.com/blog/threat-research/2019/01/bypassing-network-restrictions-through-rdp-tunneling.html
https://www.puckiestyle.nl/pivot-with-chisel/
https://www.offensive-security.com/metasploit-unleashed/proxytunnels/
https://www.hackingarticles.in/comprehensive-guide-on-ssh-tunneling/
https://github.com/deepzec/Win-PortFwd
https://www.howtoforge.com/port-forwarding-with-rinetd-on-debian-etch
https://www.hackingarticles.in/comprehensive-guide-to-port-redirection-using-rinetd/
https://netsec.ws/?p=272
https://medium.com/@rootbg/ssl-backend-behind-varnish-382dc7842123
#priv esc
[ win ]
http://www.fuzzysecurity.com/tutorials/16.html
https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List
https://tryhackme.com/room/windows10privesc
https://github.com/ohpe/juicy-potato
https://decoder.cloud/2020/05/11/no-more-juicypotato-old-story-welcome-roguepotato/
[unix]
https://tryhackme.com/room/linuxprivesc
# SMB & netbios
https://www.hackercoolmagazine.com/smb-enumeration-with-kali-linux-enum4linuxacccheck-smbmap/
https://www.hackingarticles.in/a-little-guide-to-smb-enumeration/
https://www.hackingarticles.in/smb-penetration-testing-port-445/
https://www.hackingarticles.in/3-ways-scan-eternal-blue-vulnerability-remote-pc/
https://www.hackingarticles.in/password-crackingsmb/
http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows/
https://www.hackingarticles.in/penetration-testing-in-smb-protocol-using-metasploit/
https://www.hackingarticles.in/multiple-ways-to-connect-remote-pc-using-smb-port/
https://www.hackingarticles.in/hack-remote-windows-pc-using-dll-files-smb-delivery-exploit/
#snmp
https://www.hackingarticles.in/snmp-lab-setup-and-penetration-testing/
https://bond-o.medium.com/cisco-snmp-secrets-e4b731b19737
https://oscp.infosecsanyam.in/untitled/snmp-enumeration
# FTP & telnet
https://www.hackercoolmagazine.com/hacking-ftp-telnet-and-ssh-metasploitable-tutorials/
# AD Attack
Performing domain recon using PS
https://stealthbits.com/blog/performing-domain-reconnaissance-using-powershell/
Attack mapping with bloodhound
https://stealthbits.com/blog/local-admin-mapping-bloodhound/
Extracting passwd hashes
https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/
Pass-the-hash attacks with mimikatz
https://stealthbits.com/blog/passing-the-hash-with-mimikatz/
https://www.youtube.com/watch?v=V3BkyAcYjPU&feature=emb_logo
https://github.com/incredibleindishell/Windows-AD-environment-related
https://github.com/cyberheartmi9/Active-Directory-Exploitation-Cheat-Sheet
https://blog.ropnop.com/practical-usage-of-ntlm-hashes/
#antivirus ev
remote process memory injection
reflective dll injection
process hollowing
inline hooking
powershell in memory injection
https://medium.com/@benoit.sevens/arbitrary-code-guard-cd74c30f8dfe
https://medium.com/@ozan.unal/process-injection-techniques-bc6396929740
https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process
https://medium.com/csg-govtech/process-injection-techniques-used-by-malware-1a34c078612c
https://blog.f-secure.com/memory-injection-like-a-boss/
https://www.ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection#resolving-import-address-table
https://www.ired.team/offensive-security/code-injection-process-injection/pe-injection-executing-pes-inside-remote-processes
#bypass powershell exe policy
https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/
#kerberoast attack
https://www.pentestpartners.com/security-blog/how-to-kerberoast-like-a-boss/
https://www.secura.com/blog/kerberoasting-exploiting-kerberos-to-compromise-microsoft-active-directory
https://pentestlab.blog/2018/06/12/kerberoast/
https://www.redteamsecure.com/research/guide-to-kerberoasting
https://github.com/nidem/kerberoast
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/
https://hausec.com/2017/10/21/domain-penetration-testing-using-bloodhound-crackmapexec-mimikatz-to-get-domain-admin/amp/
#Zerologon
https://medium.com/@jayaye15/zerologon-exploit-cve-2020-1472-e70ca7cd610c
# Resource
http://strongcourage.github.io/2020/05/03/enum.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment