red team cheatsheet

Recon Elevation of Privileges General Kerberoast – For kerberos to work, times have to be within 5 minutes between attacker and victim. Juicy Potato Exploit https://github.com/ohpe/juicy-potato/releases Pick one CLSID from here according to your system https://github.com/ohpe/juicy-potato/tree/master/CLSID Required tokens SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege Stored Credential Impersonating Tokens with meterpreter Lateral Movement PsExec, SmbExec, WMIExec, RDP, PTH in general. … Read more

Red Teaming Toolkit Collection

Red Teaming/Adversary Simulation Toolkit [√] please join our telegram channel Telegram Channel Reconnaissance Active Intelligence Gathering EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. https://github.com/ChrisTruncer/EyeWitness AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. https://github.com/jordanpotti/AWSBucketDump AQUATONE is a set … Read more

Privilege Escalation cheatsheet

Windows Kernel Exploits system info -> look up missing kb’s systeminfo | findstr /B /C:”OS Name” /C:”OS * Version” sherlock -> Find-AllVulns PowerShell 0xsp Mongoose Common Kernel Exploits [MS16-014](https://www.exploit-db.com/exploits/40039) – applies to: Windows 7 SP1 x86 [MS16-016](https://www.exploit-db.com/exploits/39432) – ‘WebDAV’ applies to Windows 7 SP1 x86 (Build 7601) [MS16-032](https://www.exploit-db.com/exploits/39719) – applies to: Windows 7 x86/x64, Windows … Read more