# Pentest - [C2](https://ppn.snovvcra.sh/pentest/c2.md) - [Cobalt Strike](https://ppn.snovvcra.sh/pentest/c2/cobalt-strike.md) - [Covenant](https://ppn.snovvcra.sh/pentest/c2/covenant.md) - [Empire](https://ppn.snovvcra.sh/pentest/c2/empire.md) - [Havoc](https://ppn.snovvcra.sh/pentest/c2/havoc.md) - [Meterpreter](https://ppn.snovvcra.sh/pentest/c2/meterpreter.md) - [PoshC2](https://ppn.snovvcra.sh/pentest/c2/poshc2.md) - [Sliver](https://ppn.snovvcra.sh/pentest/c2/sliver.md) - [Infrastructure](https://ppn.snovvcra.sh/pentest/infrastructure.md) - [AD](https://ppn.snovvcra.sh/pentest/infrastructure/ad.md) - [ACL Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/ad/acl-abuse.md): Access Control Lists - [AD CS Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ad-cs-abuse.md): Active Directory Certificate Services - [dNSHostName Spoofing (Certifried)](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ad-cs-abuse/dnshostname-spoofing-certifried.md): CVE-2022-26923 - [ESC1](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ad-cs-abuse/esc1.md): Modifiable SAN + Smart Card Logon or Client Authentication or PKINIT Client Authentication EKUs - [ESC4](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ad-cs-abuse/esc4.md): Vulnerable Certificate Template ACEs - [ESC8](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ad-cs-abuse/esc8.md): NTLM Relay to AD CS HTTP Endpoints - [ESC15](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ad-cs-abuse/esc15.md): Inject Application Policies into Version 1 Certificate Templates (CVE-2024-49019) - [Golden Certificate](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ad-cs-abuse/golden-certificate.md): THEFT3 + DPERSIST1 - [Pass-the-Certificate](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ad-cs-abuse/ptc.md): Schannel authentication - [ADIDNS Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/ad/adidns-abuse.md): Active Directory integrated DNS - [Attack Trusts](https://ppn.snovvcra.sh/pentest/infrastructure/ad/attack-trusts.md) - [Attack RODCs](https://ppn.snovvcra.sh/pentest/infrastructure/ad/attack-rodc.md): Read-Only Domain Controllers - [AV / EDR Evasion](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion.md) - [.NET Assembly](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/dotnet-assembly.md) - [.NET Config Loader](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/dotnet-assembly/dotnet-config-loader.md) - [.NET Dynamic API Invocation](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/dotnet-assembly/dotnet-dynamic-api-invocation.md) - [.NET In-Memory Assembly](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/dotnet-assembly/dotnet-in-memory-assembly.md) - [.NET Reflective Assembly](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/dotnet-assembly/dotnet-reflective-assembly.md) - [AMSI Bypass](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/amsi-bypass.md): Antimalware Scan Interface - [Application Whitelist Bypass](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/application-whitelist-bypass.md) - [AppLocker Bypass](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/applocker-bypass.md) - [BYOVD](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/byovd.md): Bring Your Own Vulnerable Driver - [CLM Bypass](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/clm-bypass.md): PowerShell Constrained Language Mode - [Defender](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/defender.md): Microsoft Defender - [ETW Block](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/etw-block.md): Event Tracing for Windows - [Execution Policy Bypass](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/executionpolicy-bypass.md) - [Mimikatz](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/mimikatz.md) - [UAC Bypass](https://ppn.snovvcra.sh/pentest/infrastructure/ad/av-edr-evasion/uac-bypass.md): User Account Control - [Authentication Coercion](https://ppn.snovvcra.sh/pentest/infrastructure/ad/authentication-coercion.md) - [Credentials Harvesting](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting.md) - [From Memory](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/from-memory.md) - [lsass.exe](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/from-memory/lsass.md): Local Security Authority Subsystem Service - [svchost.exe](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/from-memory/svchost-exe.md) - [Credential Phishing](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/credential-phishing.md) - [DCSync](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/dcsync.md): DS-Replication-Get-Changes + DS-Replication-Get-Changes-All - [DPAPI](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/dpapi.md): Data Protection API - [KeePass](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/keepass.md) - [Linux](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/linux.md) - [LSA](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/lsa.md): Local Security Authority - [NetSync](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/netsync.md): Silver Ticket -> Netlogon (MS-NRPC) - [NPLogonNotify](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/nplogonnotify.md) - [NTDS](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/ntds.md): Windows NT Directory Services + DCSync - [Password Filter](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/password-filter.md) - [RDP](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/rdp.md): Remote Desktop Protocol - [SAM](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/sam.md): Security Account Manager - [SSH Clients](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/ssh-clients.md) - [SSPI](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/sspi.md): Security Support Provider Interface - [Windows Hello](https://ppn.snovvcra.sh/pentest/infrastructure/ad/credential-harvesting/windows-hello.md) - [Discovery](https://ppn.snovvcra.sh/pentest/infrastructure/ad/discovery.md) - [DnsAdmins](https://ppn.snovvcra.sh/pentest/infrastructure/ad/dnsadmins.md) - [Dominance](https://ppn.snovvcra.sh/pentest/infrastructure/ad/dominance.md) - [gMSA / dMSA](https://ppn.snovvcra.sh/pentest/infrastructure/ad/gmsa-dmsa.md): Group Managed Service Accounts / Delegated Managed Service Accounts - [GPO Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/ad/gpo-abuse.md): Group Policy Objects - [Kerberos](https://ppn.snovvcra.sh/pentest/infrastructure/ad/kerberos.md) - [Delegation Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/ad/kerberos/delegation-abuse.md) - [Constrained](https://ppn.snovvcra.sh/pentest/infrastructure/ad/kerberos/delegation-abuse/kcd.md) - [Resource-based Constrained](https://ppn.snovvcra.sh/pentest/infrastructure/ad/kerberos/delegation-abuse/rbcd.md) - [Unconstrained](https://ppn.snovvcra.sh/pentest/infrastructure/ad/kerberos/delegation-abuse/kud.md) - [Kerberos Relay](https://ppn.snovvcra.sh/pentest/infrastructure/ad/kerberos/kerberos-relay.md) - [Roasting](https://ppn.snovvcra.sh/pentest/infrastructure/ad/kerberos/roasting.md) - [Key Credentials Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/ad/key-credentials-abuse.md) - [LAPS](https://ppn.snovvcra.sh/pentest/infrastructure/ad/laps.md): Local Administrator Password Solution - [Lateral Movement](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement.md) - [DCOM](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/dcom.md): Distributed COM - [Overpass-the-Hash](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/over-pth.md) - [Pass-the-Hash](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/pth.md) - [Pass-the-Ticket](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/ptt.md) - [RDP](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/rdp.md): Remote Desktop Protocol - [RPC](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/rpc.md): Remote Procedure Call - [RunAs](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/runas.md) - [SMB](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/smb.md): Server Message Block - [SPN-jacking](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/spn-jacking.md) - [WinRM / PSRemoting](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/winrm.md): Windows Remote Management / PowerShell Remoting - [WMI](https://ppn.snovvcra.sh/pentest/infrastructure/ad/lateral-movement/wmi.md): Windows Management Instrumentation - [LDAP](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ldap-ldaps.md): Lightweight Directory Access Protocol - [NTLM](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ntlm.md): NT / LM Hashes - [NTLM Relay](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ntlm/ntlm-relay.md) - [NTLMv1 Downgrade](https://ppn.snovvcra.sh/pentest/infrastructure/ad/ntlm/ntlmv1-downgrade.md) - [Password Spraying](https://ppn.snovvcra.sh/pentest/infrastructure/ad/password-spraying.md) - [Post Exploitation](https://ppn.snovvcra.sh/pentest/infrastructure/ad/post-exploitation.md): Post Exploitation in Active Directory - [Pre-created Computers Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/ad/pre-created-computers-abuse.md): Pre-created Computer Accounts & Pre-Windows 2000 - [PrivExchange](https://ppn.snovvcra.sh/pentest/infrastructure/ad/privexchange.md): CVE-2019-0686, CVE-2019-0724 - [Privileges Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/ad/privileges-abuse.md) - [SeBackupPrivilege & SeRestorePrivilege](https://ppn.snovvcra.sh/pentest/infrastructure/ad/privileges-abuse/sebackup-serestore.md) - [SeImpersonatePrivilege](https://ppn.snovvcra.sh/pentest/infrastructure/ad/privileges-abuse/seimpersonate.md) - [Potatoes](https://ppn.snovvcra.sh/pentest/infrastructure/ad/privileges-abuse/seimpersonate/potatoes.md) - [PrintSpoofer](https://ppn.snovvcra.sh/pentest/infrastructure/ad/privileges-abuse/seimpersonate/printspoofer.md) - [SeTrustedCredmanAccess](https://ppn.snovvcra.sh/pentest/infrastructure/ad/privileges-abuse/setrustedcredmanaccess.md) - [RID Cycling](https://ppn.snovvcra.sh/pentest/infrastructure/ad/rid-cycling.md): Relative Identifier - [SCCM Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/ad/sccm-abuse.md): System Center Configuration Manager / Microsoft Endpoint Configuration Manager - [SMB](https://ppn.snovvcra.sh/pentest/infrastructure/ad/smb.md): Server Message Block - [Token Manipulation](https://ppn.snovvcra.sh/pentest/infrastructure/ad/token-manipulation.md) - [User Hunt](https://ppn.snovvcra.sh/pentest/infrastructure/ad/user-hunt.md) - [WSUS](https://ppn.snovvcra.sh/pentest/infrastructure/ad/wsus.md): Windows Server Update Services - [Zerologon](https://ppn.snovvcra.sh/pentest/infrastructure/ad/zerologon.md): CVE-2020-1472 - [Azure AD](https://ppn.snovvcra.sh/pentest/infrastructure/azure-ad.md) - [On-Prem ↔ Cloud](https://ppn.snovvcra.sh/pentest/infrastructure/azure-ad/on-prem-cloud.md) - [Cloud → On-Prem](https://ppn.snovvcra.sh/pentest/infrastructure/azure-ad/on-prem-cloud/cloud-on-prem.md) - [On-Prem → Cloud](https://ppn.snovvcra.sh/pentest/infrastructure/azure-ad/on-prem-cloud/on-prem-cloud.md) - [PRT Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/azure-ad/prt-abuse.md): Primary Refresh Tokens - [DevOps](https://ppn.snovvcra.sh/pentest/infrastructure/devops.md) - [Ansible](https://ppn.snovvcra.sh/pentest/infrastructure/devops/ansible.md) - [Artifactory](https://ppn.snovvcra.sh/pentest/infrastructure/devops/artifactory.md) - [Atlassian](https://ppn.snovvcra.sh/pentest/infrastructure/devops/atlassian.md) - [Containerization / Orchestration](https://ppn.snovvcra.sh/pentest/infrastructure/devops/containerization-orchestration.md) - [GitLab](https://ppn.snovvcra.sh/pentest/infrastructure/devops/gitlab.md) - [HashiCorp Vault](https://ppn.snovvcra.sh/pentest/infrastructure/devops/hashicorp-vault.md) - [Jenkins](https://ppn.snovvcra.sh/pentest/infrastructure/devops/jenkins.md) - [VS Code](https://ppn.snovvcra.sh/pentest/infrastructure/devops/vscode.md): Visual Studio Code - [Zabbix](https://ppn.snovvcra.sh/pentest/infrastructure/devops/zabbix.md) - [DBMS](https://ppn.snovvcra.sh/pentest/infrastructure/dbms.md): Database Management System - [FireBird](https://ppn.snovvcra.sh/pentest/infrastructure/dbms/firebird.md) - [MS SQL](https://ppn.snovvcra.sh/pentest/infrastructure/dbms/mssql.md) - [MySQL / MariaDB](https://ppn.snovvcra.sh/pentest/infrastructure/dbms/mysql-mariadb.md) - [Oracle](https://ppn.snovvcra.sh/pentest/infrastructure/dbms/oracle.md) - [Redis](https://ppn.snovvcra.sh/pentest/infrastructure/dbms/redis.md) - [SQLite](https://ppn.snovvcra.sh/pentest/infrastructure/dbms/sqlite.md) - [Authentication Brute Force](https://ppn.snovvcra.sh/pentest/infrastructure/authentication-brute-force.md) - [File Transfer](https://ppn.snovvcra.sh/pentest/infrastructure/file-transfer.md) - [IPMI](https://ppn.snovvcra.sh/pentest/infrastructure/ipmi.md): Intelligent Platform Management Interface - [Kiosk Breakout](https://ppn.snovvcra.sh/pentest/infrastructure/kiosk-breakout.md) - [Low-Hanging Fruits](https://ppn.snovvcra.sh/pentest/infrastructure/low-hanging-fruits.md) - [LPE](https://ppn.snovvcra.sh/pentest/infrastructure/lpe.md): Local Privilege Escalation - [Networks](https://ppn.snovvcra.sh/pentest/infrastructure/networks.md) - [L2](https://ppn.snovvcra.sh/pentest/infrastructure/networks/l2.md): Data Link Layer (OSI Layer 2) - [ARP Spoofing](https://ppn.snovvcra.sh/pentest/infrastructure/networks/l2/arp-spoofing.md): Address Resolution Protocol - [DHCPv6 Spoofing](https://ppn.snovvcra.sh/pentest/infrastructure/networks/l2/dhcpv6-spoofing.md): Dynamic Host Configuration Protocol version 6 - [LLMNR / NBNS Poisoning](https://ppn.snovvcra.sh/pentest/infrastructure/networks/l2/llmnr-nbns-poisoning.md): Link-Local Multicast Name Resolution / NetBIOS Name Service - [SNACs Abuse](https://ppn.snovvcra.sh/pentest/infrastructure/networks/l2/snacs-abuse.md): Stale Network Address Configuration - [VLAN Hopping](https://ppn.snovvcra.sh/pentest/infrastructure/networks/l2/vlan-hopping.md): Virtual Local Area Network - [NAC Bypass](https://ppn.snovvcra.sh/pentest/infrastructure/networks/nac-bypass.md): Network Access Control & Port Security (MAB, IEEE 802.1X, etc.) - [Scanning](https://ppn.snovvcra.sh/pentest/infrastructure/networks/scanning.md) - [SIP / VoIP](https://ppn.snovvcra.sh/pentest/infrastructure/networks/sip-voip.md): Session Initiation Protocol / Voice over IP - [Sniff Traffic](https://ppn.snovvcra.sh/pentest/infrastructure/networks/sniff-traffic.md) - [NFS](https://ppn.snovvcra.sh/pentest/infrastructure/nfs.md): Network File System - [Persistence](https://ppn.snovvcra.sh/pentest/infrastructure/persistence.md) - [Pivoting](https://ppn.snovvcra.sh/pentest/infrastructure/pivoting-tunneling.md) - [Post Exploitation](https://ppn.snovvcra.sh/pentest/infrastructure/post-exploitation.md): General Post Exploitation - [SNMP](https://ppn.snovvcra.sh/pentest/infrastructure/snmp.md): Simple Network Management Protocol - [SSH](https://ppn.snovvcra.sh/pentest/infrastructure/ssh.md): Secure Shell - [TFTP](https://ppn.snovvcra.sh/pentest/infrastructure/tftp.md): Trivial File Transfer Protocol - [VNC](https://ppn.snovvcra.sh/pentest/infrastructure/vnc.md): Virtual Network Computing - [OSINT](https://ppn.snovvcra.sh/pentest/osint.md): Open Source Intelligence - [Shodan](https://ppn.snovvcra.sh/pentest/osint/shodan.md) - [Password Brute Force](https://ppn.snovvcra.sh/pentest/password-brute-force.md) - [Generate Wordlists](https://ppn.snovvcra.sh/pentest/password-brute-force/generate-wordlists.md) - [Perimeter](https://ppn.snovvcra.sh/pentest/perimeter.md) - [1C](https://ppn.snovvcra.sh/pentest/perimeter/1c.md) - [ADFS](https://ppn.snovvcra.sh/pentest/perimeter/adfs.md): Active Directory Federation Services - [Cisco](https://ppn.snovvcra.sh/pentest/perimeter/cisco.md) - [DNS](https://ppn.snovvcra.sh/pentest/perimeter/dns.md): Domain Name System - [Exchange](https://ppn.snovvcra.sh/pentest/perimeter/exchange.md) - [Information Gathering](https://ppn.snovvcra.sh/pentest/perimeter/information-gathering.md) - [IPSec](https://ppn.snovvcra.sh/pentest/perimeter/ipsec.md): IP Security - [Java RMI](https://ppn.snovvcra.sh/pentest/perimeter/java-rmi.md): Java Remote Method Invocation - [Log4j / Log4Shell](https://ppn.snovvcra.sh/pentest/perimeter/log4j-log4shell.md) - [Lync & Skype for Business](https://ppn.snovvcra.sh/pentest/perimeter/lync-s4b.md) - [NTP](https://ppn.snovvcra.sh/pentest/perimeter/ntp.md): Network Time Protocol - [Outlook](https://ppn.snovvcra.sh/pentest/perimeter/outlook.md) - [OWA](https://ppn.snovvcra.sh/pentest/perimeter/owa.md): Outlook Web Access - [SharePoint](https://ppn.snovvcra.sh/pentest/perimeter/sharepoint.md) - [SMTP](https://ppn.snovvcra.sh/pentest/perimeter/smtp.md): Simple Mail Transfer Protocol - [SSH](https://ppn.snovvcra.sh/pentest/perimeter/ssh.md): Secure Shell - [Subdomain Takeover](https://ppn.snovvcra.sh/pentest/perimeter/subdomain-takeover.md) - [Shells](https://ppn.snovvcra.sh/pentest/shells.md) - [Reverse Shells](https://ppn.snovvcra.sh/pentest/shells/reverse-shells.md) - [Web Shells](https://ppn.snovvcra.sh/pentest/shells/web-shells.md) - [Web](https://ppn.snovvcra.sh/pentest/web.md) - [2FA Bypass](https://ppn.snovvcra.sh/pentest/web/2fa-bypass.md) - [LFI / RFI](https://ppn.snovvcra.sh/pentest/web/lfi-rfi.md): Local / Remote File Inclusion - [SOP / CORS](https://ppn.snovvcra.sh/pentest/web/sop-cors.md): Same-Origin Policy / Cross-Origin Resource Sharing - [SQLi](https://ppn.snovvcra.sh/pentest/web/sqli.md): SQL Injection - [WAF](https://ppn.snovvcra.sh/pentest/web/waf.md): Web Application Firewall - [WordPress](https://ppn.snovvcra.sh/pentest/web/wordpress.md) - [XSS](https://ppn.snovvcra.sh/pentest/web/xss.md): Cross-Site Scripting - [Wi-Fi](https://ppn.snovvcra.sh/pentest/wi-fi.md) - [WPA / WPA2](https://ppn.snovvcra.sh/pentest/wi-fi/wpa-wpa2.md) - [Enterprise](https://ppn.snovvcra.sh/pentest/wi-fi/wpa-wpa2/enterprise.md): Wi-Fi Protected Access Enterprise - [Personal](https://ppn.snovvcra.sh/pentest/wi-fi/wpa-wpa2/personal.md): Wi-Fi Protected Access Personal --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ppn.snovvcra.sh/pentest.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.