InfoSec

Directory map

Top-level notes

• Attacking DNS
• Attacking RDP
• Attacking SMB
• Cracking Protected Files and Archives
• Crawling
• Enumeration
• Laudanum
• robots.txt
• Shell Harnesses
• Shells and Payloads
• Well-Known URIs

Active Directory

• Active Directory — directory map, cheatsheets, summary

File transfers

• Linux
• Windows

File inclusion

• File inclusion — intro, LFI exploitation (traversal, prefixes, second-order), basic filter bypasses, PHP php://filter source disclosure, PHP data/input/expect wrappers and RCE prerequisites, RFI (HTTP/FTP/SMB), LFI chained with uploads (polyglot images, zip:// / phar://), log/session poisoning (access logs, sess_*, /proc), SSRF overlap, read vs execute

HTB

• Brute Forcing
• Enumeration Methodology (Footprinting)

Linux

• Linux Authentication

Pivoting, tunneling, and port forwarding

• Pivoting, Tunneling, and Port Forwarding
  • SSH Local Port Forwarding
  • SSH Dynamic Port Forwarding
  • SSH Remote Port Forwarding
  • Meterpreter Tunneling & Port Forwarding
  • DNS Tunneling with Dnscat2
  • SOCKS5 Tunneling with Chisel
  • ICMP Tunneling with ptunnel-ng

SQL

• SQL

Vulnerabilities

• CVE
• CVSS (Common Vulnerability Scoring System)

Windows

• Windows Authentication Process
• ADDS
• Attacking Windows Credential Manager
• Windows Logon Types
• Pass the Certificate (PtC)
• Pass the Hash (PtH)
• Pass the Ticket (PtT)

XSS (Cross-Site Scripting)

• XSS — types, labs, phishing, discovery, defacing, session hijacking, prevention
• XSS phishing — fake login forms, credential capture
• XSS discovery — scanners, payloads, code review
• XSS defacing — stored XSS, visual takeover
• XSS session hijacking — blind XSS, cookie stealing
• XSS prevention — validation, encoding, CSP, headers