TarlogicSecurity

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

HarmJ0y

# PowerView's last major overhaul is detailed here: http://www.harmj0y.net/blog/powershell/make-powerview-great-again/
#   tricks for the 'old' PowerView are at https://gist.github.com/HarmJ0y/3328d954607d71362e3c

# the most up-to-date version of PowerView will always be in the dev branch of PowerSploit:
#   https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1

# New function naming schema:
#   Verbs:
#       Get : retrieve full raw data sets
#       Find : ‘find’ specific data entries in a data set

mubix

• How to Build a Successful Information Security Career (Daniel Miessler)
  • https://danielmiessler.com/blog/build-successful-infosec-career/#gs.DtVCbbw
• The First Steps to a Career in Information Security (Errata Security - Marisa Fagan)
  • http://blog.erratasec.com/2010/04/first-steps-to-career-in-information.html#.WFrbofkrIuU
• Hiring your first Security Professional (Peerlyst - Dawid Balut)
  • https://www.peerlyst.com/posts/hiring-your-first-security-professional-dawid-balut
• How to Start a Career in Cyber security
  • https://www.concise-courses.com/security/how-to-start-your-career/
• How to Get Into Information Security (ISC^2)
• https://www.isc2.org/how-to-get-into-information-security.aspx

unfo

How to pass the OSCP

1. Recon
2. Find vuln
3. Exploit
4. Document it

Recon

Unicornscans in cli, nmap in msfconsole to help store loot in database.

subfuzion

Common Options

-#, --progress-bar Make curl display a simple progress bar instead of the more informational standard meter.

-b, --cookie <name=data> Supply cookie with request. If no =, then specifies the cookie file to use (see -c).

-c, --cookie-jar <file name> File to save response cookies to.