Pentest və SOC Cheat Sheet
  • Reconnaissance
  • Post-Explotation
    • Linux Post-Explotation
      • Linux Local Enumeration
      • Linux Privilege Escalation
      • Dumping and cracking hashes on Linux
      • Linux Persistence
    • Windows Post-Explotation
      • Windows Local Enumeration
      • Windows Privilege Escalation
      • Windows Persistence
  • Network Services Pentesting
    • 21-Pentesting FTP
    • 22-Pentesting SSH
    • 23-Pentesting Telnet
    • 53-Pentesting DNS
    • 25,465,587-Pentesting SMTP
    • 110,995-Pentesting POP
    • 139,445-Pentesting SMB
    • 3306-Pentesting MySQL
    • 3389-Pentesting RDP
    • 1433-Pentesting MSSQL-Microsoft SQL Server
    • 389,636,3268,3269-Pentesting LDAP
  • Web Pentesting
    • Broken Access Control
      • Praktiki nümunə
    • OS Command Injection
      • Praktiki nümunə
    • SQL Injection
      • Praktiki nümunə
    • Cross-Site-Scripting (XSS)
      • Praktiki nümunə
    • File Upload
      • Praktiki nümunə
    • Directory Traversal və Path Traversal
      • Praktiki nümunə
    • CSRF
    • XXE
    • Clickjacking
      • Praktiki nümunə
    • SSRF
      • Praktiki nümunə
    • JWT (Json Web Token)
      • Praktiki nümunə
    • Local&Remote File İnclusion
      • Praktiki nümunə
      • Local File inclusion ilə reverse shell almaq
    • 401&403 Bypass
    • Login Bypass
    • Open Redirect
    • Unicode Injection
    • Security Misconfiguration
    • CRLF injection
    • LDAP Injection
    • Cookies Hacking
    • Cross site WebSocket hijacking (CSWSH)
    • SSTI (Server Side Template Injection)
    • CSTI (Client Side Template Injection)
    • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
    • Registration & Takeover Vulnerabilities
    • Regular expression Denial of Service - ReDoS
    • Reset/Forgotten Password Bypass
    • SAML Hücumları
    • Reverse Tab Nabbing
    • Web Tool - WFuzz
    • XPATH enjeksiyonu
    • Server-Side Includes (SSI) Injection
    • Edge Side Inclusion Injection (ESII)
    • Race Condition
    • PostMessage
    • Parameter Pollution
    • Cache Poisoning and Cache Deception
    • Captcha Bypass
  • AD Pentesting
    • Domain Enumeration
      • PowerView ilə enumeration
      • AD Module ilə enumeration
      • BloodHound ilə enumeration
        • On Site BloodHound
      • Using Adalanche
        • Remote adalanche
      • Useful Enumeration Tools
    • Local Privilege Escalation
      • Useful Local Priv Esc Tools
      • UAC Bypass
    • Lateral Movement
      • Powershell Remoting
      • Mimikatz
      • Remote Desktop Protocol
      • URL File Attacks
      • Useful Tools
    • Domain Privilege Escalation
      • Kerberoast
      • ASREPRoast
      • Password Spray Attack
      • Force Set SPN
      • Abusing Shadow Copies
      • List and Decrypt Stored Credentials using Mimikatz
      • Unconstrained Delegation
      • Constrained Delegation
      • Resource Based Constrained Delegation
      • DNSAdmins Abuse
      • Abusing Active Directory-Integraded DNS (ADIDNS) poisoning
      • Abusing Backup Operators Group
      • SID History Abuse
      • Active Directory Certificate Services
    • Domain Persistence
      • Golden Ticket Attack
      • Silver Ticket Attack
      • Skeleton Key Attack
      • DSRM Abuse
      • DCsync Attack
    • Cross Forest Attacks
      • Trust Tickets
      • Abuse MSSQL Servers
      • Breaking Forest Trusts
  • SOC - Cheat Sheet
    • SOC Nədir?
    • SOC Komponentləri Nələrdir?
    • SOC Checklist
    • SIEM
      • Splunk Qurulması və Konfiqurasiyası
    • IDS/IPS
    • Firewall
    • Firewall qurulması və konfiqurasiyası
    • EDR/XDR
    • SOAR
    • Windows Commands for SOC analysts
      • GUI Programs in Windows
      • Event Viewer
      • Task Scheduler
      • Group Policy Editor
      • Device Manager
      • Task Manager
      • Registry Manager
    • Linux Commands for SOC analysts
    • LOLBAS Apps and Commands
      • Apps and Commands
Powered by GitBook