#notes https://www.cnblogs.com/keepmoving1113/tag/OSCP/ https://hausec.com/pentesting-cheatsheet/ https://highon.coffee/blog/penetration-testing-tools-cheat-sheet https://github.com/wwong99/pentest-notes/blob/master/oscp_resources/OSCP-Survival-Guide.md https://noobsec.net/oscp-cheatsheet/ https://www.netsecfocus.com/oscp/2019/03/29/The_Journey_to_Try_Harder-_TJNulls_Preparation_Guide_for_PWK_OSCP.html https://www.reddit.com/r/oscp/comments/824v7z/oscp_exam_taking_fraud/ https://github.com/OlivierLaflamme/Cheatsheet-God https://johntuyen.com/personal/2019/05/25/personal-oscpcheatsheet.html https://github.com/tbowman01/OSCP-PWK-Notes-Public https://bitvijays.github.io/index.html #OOB https://omercitak.com/out-of-band-attacks-en/ #SQL inj https://medium.com/bugbountywriteup/out-of-band-oob-sql-injection-87b7c666548b https://portswigger.net/web-security/sql-injection/cheat-sheet #BOF https://medium.com/@princerohit8800/buffer-overflow-exploiting-slmail-email-server-f90b27459911 https://www.nccgroup.com/uk/about-us/newsroom-and-events/blogs/2016/june/writing-exploits-for-win32-systems-from-scratch/ https://bufferoverflows.net/castripper-2-50-70-buffer-overflow-exploitation-mona-py-rop-chain/ https://github.com/V1n1v131r4/OSCP-Buffer-Overflow https://vulp3cula.gitbook.io/hackers-grimoire/exploitation/buffer-overflow https://medium.com/@notsoshant/windows-exploitation-dealing-with-bad-characters-quickzip-exploit-472db5251ca6 https://github.com/xChockax/Buffer-Overflow #pviot https://medium.com/@mkumarcyber/hacking-oscp-cheatsheet-ef63c43f919c https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html https://sushant747.gitbooks.io/total-oscp-guide/content/port_forwarding_and_tunneling.html https://www.ired.team/offensive-security-experiments/offensive-security-cheetsheets https://0xdf.gitlab.io/2019/01/28/pwk-notes-tunneling-update1.html https://cd6629.gitbook.io/oscp-notes/oscp-cheatsheet-unfinished https://www.fireeye.com/blog/threat-research/2019/01/bypassing-network-restrictions-through-rdp-tunneling.html https://www.puckiestyle.nl/pivot-with-chisel/ https://www.offensive-security.com/metasploit-unleashed/proxytunnels/ https://www.hackingarticles.in/comprehensive-guide-on-ssh-tunneling/ https://github.com/deepzec/Win-PortFwd https://www.howtoforge.com/port-forwarding-with-rinetd-on-debian-etch https://www.hackingarticles.in/comprehensive-guide-to-port-redirection-using-rinetd/ https://netsec.ws/?p=272 https://medium.com/@rootbg/ssl-backend-behind-varnish-382dc7842123 #priv esc [ win ] http://www.fuzzysecurity.com/tutorials/16.html https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List https://tryhackme.com/room/windows10privesc https://github.com/ohpe/juicy-potato https://decoder.cloud/2020/05/11/no-more-juicypotato-old-story-welcome-roguepotato/ [unix] https://tryhackme.com/room/linuxprivesc # SMB & netbios https://www.hackercoolmagazine.com/smb-enumeration-with-kali-linux-enum4linuxacccheck-smbmap/ https://www.hackingarticles.in/a-little-guide-to-smb-enumeration/ https://www.hackingarticles.in/smb-penetration-testing-port-445/ https://www.hackingarticles.in/3-ways-scan-eternal-blue-vulnerability-remote-pc/ https://www.hackingarticles.in/password-crackingsmb/ http://www.hackingarticles.in/netbios-and-smb-penetration-testing-on-windows/ https://www.hackingarticles.in/penetration-testing-in-smb-protocol-using-metasploit/ https://www.hackingarticles.in/multiple-ways-to-connect-remote-pc-using-smb-port/ https://www.hackingarticles.in/hack-remote-windows-pc-using-dll-files-smb-delivery-exploit/ #snmp https://www.hackingarticles.in/snmp-lab-setup-and-penetration-testing/ https://bond-o.medium.com/cisco-snmp-secrets-e4b731b19737 https://oscp.infosecsanyam.in/untitled/snmp-enumeration # FTP & telnet https://www.hackercoolmagazine.com/hacking-ftp-telnet-and-ssh-metasploitable-tutorials/ # AD Attack Performing domain recon using PS https://stealthbits.com/blog/performing-domain-reconnaissance-using-powershell/ Attack mapping with bloodhound https://stealthbits.com/blog/local-admin-mapping-bloodhound/ Extracting passwd hashes https://stealthbits.com/blog/extracting-password-hashes-from-the-ntds-dit-file/ Pass-the-hash attacks with mimikatz https://stealthbits.com/blog/passing-the-hash-with-mimikatz/ https://www.youtube.com/watch?v=V3BkyAcYjPU&feature=emb_logo https://github.com/incredibleindishell/Windows-AD-environment-related https://github.com/cyberheartmi9/Active-Directory-Exploitation-Cheat-Sheet https://blog.ropnop.com/practical-usage-of-ntlm-hashes/ #antivirus ev remote process memory injection reflective dll injection process hollowing inline hooking powershell in memory injection https://medium.com/@benoit.sevens/arbitrary-code-guard-cd74c30f8dfe https://medium.com/@ozan.unal/process-injection-techniques-bc6396929740 https://www.elastic.co/blog/ten-process-injection-techniques-technical-survey-common-and-trending-process https://medium.com/csg-govtech/process-injection-techniques-used-by-malware-1a34c078612c https://blog.f-secure.com/memory-injection-like-a-boss/ https://www.ired.team/offensive-security/code-injection-process-injection/reflective-dll-injection#resolving-import-address-table https://www.ired.team/offensive-security/code-injection-process-injection/pe-injection-executing-pes-inside-remote-processes #bypass powershell exe policy https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/ #kerberoast attack https://www.pentestpartners.com/security-blog/how-to-kerberoast-like-a-boss/ https://www.secura.com/blog/kerberoasting-exploiting-kerberos-to-compromise-microsoft-active-directory https://pentestlab.blog/2018/06/12/kerberoast/ https://www.redteamsecure.com/research/guide-to-kerberoasting https://github.com/nidem/kerberoast https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/ https://www.harmj0y.net/blog/powershell/kerberoasting-without-mimikatz/ https://hausec.com/2017/10/21/domain-penetration-testing-using-bloodhound-crackmapexec-mimikatz-to-get-domain-admin/amp/ #Zerologon https://medium.com/@jayaye15/zerologon-exploit-cve-2020-1472-e70ca7cd610c # Resource http://strongcourage.github.io/2020/05/03/enum.html