SUMMARY.md

Summary

CS By GB - PenTips

• Welcome to CSbyGB's Pentips

Networking, Protocols and Network pentest

• Basics
• DNS
• FTP
• HTTP & HTTPS
• IMAP
• IPMI
• MSSQL
• MYSQL
• NFS
• Oracle TNS
• POP3
• RDP
• RPC
• Rservices
• Rsync
• SMB
• SMTP
• SNMP
• SSH
• Winrm
• WMI

Ethical Hacking - General Methodology

• Introduction
• Information Gathering
• Scanning & Enumeration
• Exploitation (basics)
• Password Attacks
• Post Exploitation
• Lateral Movement
• Proof-of-Concept
• Post-Engagement
• MITRE ATT&CK

External Pentest

• External Pentest

Web Pentesting

• Introduction to HTTP and web
• Enumeration
• OWASP Top 10
• General Methodo & Misc Tips
• Web Services and API
• Vunerabilities and attacks
  • Clickjacking
  • CORS (Misconfigurations)
  • CSRF
  • SSRF
  • Bypass captcha
  • Template Injection (client and server side)
  • MFA bypass
• Exposed git folder
• Docker exploitation and Docker vulnerabilities
• Websockets

Mobile App Pentest

• Android
• IOS

Wireless Pentest

• Wireless pentest

Cloud Pentest

• Cloud Pentest
• Google Cloud Platform
• AWS

Thick Client Pentest

• Thick Client

Hardware Pentest

• ATM
• IoT

Secure Code Review

• Secure code review
• Java notes for Secure Code Review

AI Pentest

• MITRE ATLAS
• OWASP ML and LLM

Checklist

• Web Application and API Pentest Checklist
• Linux Privesc Checklist
• Mobile App Pentest Checklist

Tools

• Burpsuite
• Android Studio
• Frida
• CrackMapExec
• Netcat and alternatives
• Nmap
• Nuclei
• Evil Winrm
• Metasploit
• Covenant
• Mimikatz
• Passwords, Hashes and wordlist tools
• WFuzz
• WPScan
• Powershell Empire
• Curl
• Vulnerability Scanning tools
• Payload Tools
• Out of band Servers
• STEWS
• Websocat

VM and Labs

• General tips
• Setup your pentest lab

Linux

• Initial Foothold
• Useful commands and tools for pentest on Linux
• Privilege Escalation
  • Kernel Exploits
  • Password and file permission
  • Sudo
  • SUID
  • Capabilities
  • Scheduled tasks
  • NFS Root Squashing
  • Services
  • PATH Abuse
  • Wildcard Abuse
  • Privileged groups
  • Exploit codes Cheat Sheet

Windows

• Offensive windows
• Enumeration and general Win tips
• Privilege Escalation
• Active Directory
• Attacking Active Directory
  • LLMNR Poisoning
  • SMB Relay Attacks
  • Shell Access
  • IPv6 Attacks
  • Passback Attacks
  • Abusing ZeroLogon
• Post-Compromise Enumeration
  • Powerview or SharpView (.NET equivalent)
  • AD Manual Enumeration
  • Bloodhound
  • Post Compromise Enumeration - Resources
• Post Compromise Attacks
  • Pass the Password / Hash
  • Token Impersonation - Potato attacks
  • Kerberos
  • GPP/cPassword Attacks
  • URL File Attack
  • PrintNightmare
  • Printer Bug
  • AutoLogon exploitation
  • Always Installed Elevated exploitation
  • UAC Bypass
  • Abusing ACL
  • Unconstrained Delegation
• Persistence
• AV Evasion
• Weaponization
• Useful commands in Powershell, CMD and Sysinternals
• Windows Internals

Programming

• Python programming
• My scripts
• Kotlin

Binary Exploitation

• Assembly
• Buffer Overflow - Stack based - Winx86
• Buffer Overflow - Stack based - Linux x86

OSINT

• OSINT
• Create an OSINT lab
• Sock Puppets
• Search engines
• OSINT Images
• OSINT Email
• OSINT Password
• OSINT Usernames
• OSINT People
• OSINT Social Media
• OSINT Websites
• OSINT Business
• OSINT Wireless
• OSINT Tools
• Write an OSINT report

Pentester hardware toolbox

• Flipper Zero
• OMG cables
• Rubber ducky

Post Exploitation

• File transfers between target and attacking machine
• Maintaining Access
• Pivoting
• Cleaning up

Reporting

• How to report your findings

Red Team

• Red Team
• Defenses Enumeration
• AV Evasion

Writeups

• Hackthebox Tracks
  • Hackthebox - Introduction to Android Exploitation - Track
• Hackthebox Writeups
  • Hackthebox - Academy
  • Hackthebox - Access
  • Hackthebox - Active
  • Hackthebox - Ambassador
  • Hackthebox - Arctic
  • Hackthebox - Awkward
  • Hackthebox - Backend
  • Hackthebox - BackendTwo
  • Hackthebox - Bastard
  • Hackthebox - Bastion
  • Hackthebox - Chatterbox
  • Hackthebox - Devel
  • Hackthebox - Driver
  • Hackthebox - Explore
  • Hackthebox - Forest
  • Hackthebox - Good games
  • Hackthebox - Grandpa
  • Hackthebox - Granny
  • Hackthebox - Inject
  • Hackthebox - Jeeves
  • Hackthebox - Jerry
  • Hackthebox - Lame
  • Hackthebox - Late
  • Hackthebox - Love
  • Hackthebox - Mentor
  • Hackthebox - MetaTwo
  • Hackthebox - Monteverde
  • Hackthebox - Nibbles
  • Hackthebox - Optimum
  • Hackthebox - Paper
  • Hackthebox - Photobomb
  • Hackthebox - Poison
  • Hackthebox - Precious
  • Hackthebox - Querier
  • Hackthebox - Resolute
  • Hackthebox - RouterSpace
  • Hackthebox - Sauna
  • Hackthebox - SecNotes
  • Hackthebox - Shoppy
  • Hackthebox - Soccer
  • Hackthebox - Steamcloud
  • Hackthebox - Toolbox
  • Hackthebox - Updown
• TryHackme Writeups
  • TryHackMe - Anonymous
  • TryHackMe - Blaster
  • TryHackMe - CMesS
  • TryHackMe - ConvertMyVideo
  • TryHackMe - Corridor
  • TryHackMe - LazyAdmin
  • TryHackMe - Looking Glass
  • TryHackMe - Nahamstore
  • TryHackMe - Overpass3
  • TryHackMe - OWASP Top 10 2021
  • TryHackMe - SimpleCTF
  • TryHackMe - SQL Injection Lab
  • TryHackMe - Sudo Security Bypass
  • TryHackMe - Tomghost
  • TryHackMe - Ultratech
  • TryHackMe - Vulnversity
  • TryHackMe - Wonderland
• Vulnmachines Writeups
  • Web Labs Basic
  • Web Labs Intermediate
  • Cloud Labs
• Mobile Hacking Lab
  • Mobile Hacking Lab - Lab - Config Editor
  • Mobile Hacking Lab - Lab - Strings
• Portswigger Web Security Academy Writeups
  • PS - DomXSS
• OWASP projects and challenges writeups
  • OWASP MAS Crackmes
• Vulnerable APIs
  • Vampi
  • Damn Vulnerable Web Service
• Various Platforms
  • flAWS 1&2

Digital skills

• How to make a gitbook
• Marp
• Linux Tips
• Docker
• VSCodium
• Git Tips
• Obsidian

Durable skills

• Durable skills wheel/Roue des compétences durables

Projects

• Projects
  • Technical Projects
  • General Projects

Talks

• My Talks about Web Pentest
• My talks about Android Application hacking
• Other of my talks and Podcast

Resources

• A list of random resources