Cheatsheet

OSINT

• Useful Tools & Online Services
• Backlinks Checker

Network

• Network Reconnaissance

• Password Spraying

• Connections

  • Plink with RDP
  • SSH Tunneling + SSHuttle and Chisel

• ARP Poisoning

  • Bettercap

• Sniffing

  • Passive Mode in Kali

• Data Exfiltration

  • Windows - Archiving and Compression
  • Windows - bitsadmin
  • Windows-Linux - Curl & SimpleHTTPServerwithUpload
  • Windows-to-Linux - Powershell to Samba

Infrastructure Setup

• Nginx Reverse Proxy to Dradis & Eyewitness
• Simple Python & Go Packages
• Git Commands
• Non-Privileged Port Binding
• Systemctl with Normal User Privileges
• Connection Check
• OpenVPN
• Process and network connetion monitoring
• SSH Config Template
• Create a swapfile
• OpenSSH Server on Windows Server

Linux

• Download and install apt, pip3 packages and dependencies offline

Web

• Web Reconnaissance

• Burp Suite

  • Persistent Automated Collaborator
  • Broken Authentication Checks
  • Chromium Proxy Setup
  • Extensions
• Node.js
• Deserialization
• SSTI
• XXE Injection
• XSS
• SQL Injection
• Whitebox

Windows

• Initial Foothold

• Post-Exploitation

• Misc

  • Domain User Tracking
  • Pop calc and alike

• Shells

• Evasion

Password Cracking

• Hashcat Cheatsheet
• Hashcat Practical Ruleset

OSCP

• General OSCP Cheatsheet

• Buffer Overflow

  • General Methodology
  • Egghunting - Basic

  • Skeleton Script

  • Fuzzing Scripts

    • Simple Fuzz
    • Vuln Fuzzer

  • Completed Scripts

    • Brainpan

• Custom Scripts

  • Autorecon Mods

Useful commands

• Linux
• Windows
• Code Review & Regex
• Mobile Application Security Testing
• Python Tips
• Go
• JQ Tips
• WinDbg

Methodologies

• Pentesting Sharepoint

Wordlists

• Wordlist Sources

Woah I'm Blue!

• Ransomware
• Deception Tips
• Logging.md

---

Last update: March 29, 2023