# Pentest - [C2](/pentest/c2.md) - [Cobalt Strike](/pentest/c2/cobalt-strike.md) - [Covenant](/pentest/c2/covenant.md) - [Empire](/pentest/c2/empire.md) - [Havoc](/pentest/c2/havoc.md) - [Meterpreter](/pentest/c2/meterpreter.md) - [PoshC2](/pentest/c2/poshc2.md) - [Sliver](/pentest/c2/sliver.md) - [Infrastructure](/pentest/infrastructure.md) - [AD](/pentest/infrastructure/ad.md) - [ACL Abuse](/pentest/infrastructure/ad/acl-abuse.md): Access Control Lists - [AD CS Abuse](/pentest/infrastructure/ad/ad-cs-abuse.md): Active Directory Certificate Services - [dNSHostName Spoofing (Certifried)](/pentest/infrastructure/ad/ad-cs-abuse/dnshostname-spoofing-certifried.md): CVE-2022-26923 - [ESC1](/pentest/infrastructure/ad/ad-cs-abuse/esc1.md): Modifiable SAN + Smart Card Logon or Client Authentication or PKINIT Client Authentication EKUs - [ESC4](/pentest/infrastructure/ad/ad-cs-abuse/esc4.md): Vulnerable Certificate Template ACEs - [ESC8](/pentest/infrastructure/ad/ad-cs-abuse/esc8.md): NTLM Relay to AD CS HTTP Endpoints - [ESC15](/pentest/infrastructure/ad/ad-cs-abuse/esc15.md): Inject Application Policies into Version 1 Certificate Templates (CVE-2024-49019) - [Golden Certificate](/pentest/infrastructure/ad/ad-cs-abuse/golden-certificate.md): THEFT3 + DPERSIST1 - [Pass-the-Certificate](/pentest/infrastructure/ad/ad-cs-abuse/ptc.md): Schannel authentication - [ADIDNS Abuse](/pentest/infrastructure/ad/adidns-abuse.md): Active Directory integrated DNS - [Attack Trusts](/pentest/infrastructure/ad/attack-trusts.md) - [Attack RODCs](/pentest/infrastructure/ad/attack-rodc.md): Read-Only Domain Controllers - [AV / EDR Evasion](/pentest/infrastructure/ad/av-edr-evasion.md) - [.NET Assembly](/pentest/infrastructure/ad/av-edr-evasion/dotnet-assembly.md) - [.NET Config Loader](/pentest/infrastructure/ad/av-edr-evasion/dotnet-assembly/dotnet-config-loader.md) - [.NET Dynamic API Invocation](/pentest/infrastructure/ad/av-edr-evasion/dotnet-assembly/dotnet-dynamic-api-invocation.md) - [.NET In-Memory Assembly](/pentest/infrastructure/ad/av-edr-evasion/dotnet-assembly/dotnet-in-memory-assembly.md) - [.NET Reflective Assembly](/pentest/infrastructure/ad/av-edr-evasion/dotnet-assembly/dotnet-reflective-assembly.md) - [AMSI Bypass](/pentest/infrastructure/ad/av-edr-evasion/amsi-bypass.md): Antimalware Scan Interface - [Application Whitelist Bypass](/pentest/infrastructure/ad/av-edr-evasion/application-whitelist-bypass.md) - [AppLocker Bypass](/pentest/infrastructure/ad/av-edr-evasion/applocker-bypass.md) - [BYOVD](/pentest/infrastructure/ad/av-edr-evasion/byovd.md): Bring Your Own Vulnerable Driver - [CLM Bypass](/pentest/infrastructure/ad/av-edr-evasion/clm-bypass.md): PowerShell Constrained Language Mode - [Defender](/pentest/infrastructure/ad/av-edr-evasion/defender.md): Microsoft Defender - [ETW Block](/pentest/infrastructure/ad/av-edr-evasion/etw-block.md): Event Tracing for Windows - [Execution Policy Bypass](/pentest/infrastructure/ad/av-edr-evasion/executionpolicy-bypass.md) - [Mimikatz](/pentest/infrastructure/ad/av-edr-evasion/mimikatz.md) - [UAC Bypass](/pentest/infrastructure/ad/av-edr-evasion/uac-bypass.md): User Account Control - [Authentication Coercion](/pentest/infrastructure/ad/authentication-coercion.md) - [Credentials Harvesting](/pentest/infrastructure/ad/credential-harvesting.md) - [From Memory](/pentest/infrastructure/ad/credential-harvesting/from-memory.md) - [lsass.exe](/pentest/infrastructure/ad/credential-harvesting/from-memory/lsass.md): Local Security Authority Subsystem Service - [svchost.exe](/pentest/infrastructure/ad/credential-harvesting/from-memory/svchost-exe.md) - [Credential Phishing](/pentest/infrastructure/ad/credential-harvesting/credential-phishing.md) - [DCSync](/pentest/infrastructure/ad/credential-harvesting/dcsync.md): DS-Replication-Get-Changes + DS-Replication-Get-Changes-All - [DPAPI](/pentest/infrastructure/ad/credential-harvesting/dpapi.md): Data Protection API - [KeePass](/pentest/infrastructure/ad/credential-harvesting/keepass.md) - [Linux](/pentest/infrastructure/ad/credential-harvesting/linux.md) - [LSA](/pentest/infrastructure/ad/credential-harvesting/lsa.md): Local Security Authority - [NetSync](/pentest/infrastructure/ad/credential-harvesting/netsync.md): Silver Ticket -> Netlogon (MS-NRPC) - [NPLogonNotify](/pentest/infrastructure/ad/credential-harvesting/nplogonnotify.md) - [NTDS](/pentest/infrastructure/ad/credential-harvesting/ntds.md): Windows NT Directory Services + DCSync - [Password Filter](/pentest/infrastructure/ad/credential-harvesting/password-filter.md) - [RDP](/pentest/infrastructure/ad/credential-harvesting/rdp.md): Remote Desktop Protocol - [SAM](/pentest/infrastructure/ad/credential-harvesting/sam.md): Security Account Manager - [SSH Clients](/pentest/infrastructure/ad/credential-harvesting/ssh-clients.md) - [SSPI](/pentest/infrastructure/ad/credential-harvesting/sspi.md): Security Support Provider Interface - [Windows Hello](/pentest/infrastructure/ad/credential-harvesting/windows-hello.md) - [Discovery](/pentest/infrastructure/ad/discovery.md) - [DnsAdmins](/pentest/infrastructure/ad/dnsadmins.md) - [Dominance](/pentest/infrastructure/ad/dominance.md) - [gMSA / dMSA](/pentest/infrastructure/ad/gmsa-dmsa.md): Group Managed Service Accounts / Delegated Managed Service Accounts - [GPO Abuse](/pentest/infrastructure/ad/gpo-abuse.md): Group Policy Objects - [Kerberos](/pentest/infrastructure/ad/kerberos.md) - [Delegation Abuse](/pentest/infrastructure/ad/kerberos/delegation-abuse.md) - [Constrained](/pentest/infrastructure/ad/kerberos/delegation-abuse/kcd.md) - [Resource-based Constrained](/pentest/infrastructure/ad/kerberos/delegation-abuse/rbcd.md) - [Unconstrained](/pentest/infrastructure/ad/kerberos/delegation-abuse/kud.md) - [Kerberos Relay](/pentest/infrastructure/ad/kerberos/kerberos-relay.md) - [Roasting](/pentest/infrastructure/ad/kerberos/roasting.md) - [Key Credentials Abuse](/pentest/infrastructure/ad/key-credentials-abuse.md) - [LAPS](/pentest/infrastructure/ad/laps.md): Local Administrator Password Solution - [Lateral Movement](/pentest/infrastructure/ad/lateral-movement.md) - [DCOM](/pentest/infrastructure/ad/lateral-movement/dcom.md): Distributed COM - [Overpass-the-Hash](/pentest/infrastructure/ad/lateral-movement/over-pth.md) - [Pass-the-Hash](/pentest/infrastructure/ad/lateral-movement/pth.md) - [Pass-the-Ticket](/pentest/infrastructure/ad/lateral-movement/ptt.md) - [RDP](/pentest/infrastructure/ad/lateral-movement/rdp.md): Remote Desktop Protocol - [RPC](/pentest/infrastructure/ad/lateral-movement/rpc.md): Remote Procedure Call - [RunAs](/pentest/infrastructure/ad/lateral-movement/runas.md) - [SMB](/pentest/infrastructure/ad/lateral-movement/smb.md): Server Message Block - [SPN-jacking](/pentest/infrastructure/ad/lateral-movement/spn-jacking.md) - [WinRM / PSRemoting](/pentest/infrastructure/ad/lateral-movement/winrm.md): Windows Remote Management / PowerShell Remoting - [WMI](/pentest/infrastructure/ad/lateral-movement/wmi.md): Windows Management Instrumentation - [LDAP](/pentest/infrastructure/ad/ldap-ldaps.md): Lightweight Directory Access Protocol - [NTLM](/pentest/infrastructure/ad/ntlm.md): NT / LM Hashes - [NTLM Relay](/pentest/infrastructure/ad/ntlm/ntlm-relay.md) - [NTLMv1 Downgrade](/pentest/infrastructure/ad/ntlm/ntlmv1-downgrade.md) - [Password Spraying](/pentest/infrastructure/ad/password-spraying.md) - [Post Exploitation](/pentest/infrastructure/ad/post-exploitation.md): Post Exploitation in Active Directory - [Pre-created Computers Abuse](/pentest/infrastructure/ad/pre-created-computers-abuse.md): Pre-created Computer Accounts & Pre-Windows 2000 - [PrivExchange](/pentest/infrastructure/ad/privexchange.md): CVE-2019-0686, CVE-2019-0724 - [Privileges Abuse](/pentest/infrastructure/ad/privileges-abuse.md) - [SeBackupPrivilege & SeRestorePrivilege](/pentest/infrastructure/ad/privileges-abuse/sebackup-serestore.md) - [SeImpersonatePrivilege](/pentest/infrastructure/ad/privileges-abuse/seimpersonate.md) - [Potatoes](/pentest/infrastructure/ad/privileges-abuse/seimpersonate/potatoes.md) - [PrintSpoofer](/pentest/infrastructure/ad/privileges-abuse/seimpersonate/printspoofer.md) - [SeTrustedCredmanAccess](/pentest/infrastructure/ad/privileges-abuse/setrustedcredmanaccess.md) - [RID Cycling](/pentest/infrastructure/ad/rid-cycling.md): Relative Identifier - [SCCM Abuse](/pentest/infrastructure/ad/sccm-abuse.md): System Center Configuration Manager / Microsoft Endpoint Configuration Manager - [SMB](/pentest/infrastructure/ad/smb.md): Server Message Block - [Token Manipulation](/pentest/infrastructure/ad/token-manipulation.md) - [User Hunt](/pentest/infrastructure/ad/user-hunt.md) - [WSUS](/pentest/infrastructure/ad/wsus.md): Windows Server Update Services - [Zerologon](/pentest/infrastructure/ad/zerologon.md): CVE-2020-1472 - [Azure AD](/pentest/infrastructure/azure-ad.md) - [On-Prem ↔ Cloud](/pentest/infrastructure/azure-ad/on-prem-cloud.md) - [Cloud → On-Prem](/pentest/infrastructure/azure-ad/on-prem-cloud/cloud-on-prem.md) - [On-Prem → Cloud](/pentest/infrastructure/azure-ad/on-prem-cloud/on-prem-cloud.md) - [PRT Abuse](/pentest/infrastructure/azure-ad/prt-abuse.md): Primary Refresh Tokens - [DevOps](/pentest/infrastructure/devops.md) - [Ansible](/pentest/infrastructure/devops/ansible.md) - [Artifactory](/pentest/infrastructure/devops/artifactory.md) - [Atlassian](/pentest/infrastructure/devops/atlassian.md) - [Containerization / Orchestration](/pentest/infrastructure/devops/containerization-orchestration.md) - [GitLab](/pentest/infrastructure/devops/gitlab.md) - [HashiCorp Vault](/pentest/infrastructure/devops/hashicorp-vault.md) - [Jenkins](/pentest/infrastructure/devops/jenkins.md) - [VS Code](/pentest/infrastructure/devops/vscode.md): Visual Studio Code - [Zabbix](/pentest/infrastructure/devops/zabbix.md) - [DBMS](/pentest/infrastructure/dbms.md): Database Management System - [FireBird](/pentest/infrastructure/dbms/firebird.md) - [MS SQL](/pentest/infrastructure/dbms/mssql.md) - [MySQL / MariaDB](/pentest/infrastructure/dbms/mysql-mariadb.md) - [Oracle](/pentest/infrastructure/dbms/oracle.md) - [Redis](/pentest/infrastructure/dbms/redis.md) - [SQLite](/pentest/infrastructure/dbms/sqlite.md) - [Authentication Brute Force](/pentest/infrastructure/authentication-brute-force.md) - [File Transfer](/pentest/infrastructure/file-transfer.md) - [IPMI](/pentest/infrastructure/ipmi.md): Intelligent Platform Management Interface - [Kiosk Breakout](/pentest/infrastructure/kiosk-breakout.md) - [Low-Hanging Fruits](/pentest/infrastructure/low-hanging-fruits.md) - [LPE](/pentest/infrastructure/lpe.md): Local Privilege Escalation - [Networks](/pentest/infrastructure/networks.md) - [L2](/pentest/infrastructure/networks/l2.md): Data Link Layer (OSI Layer 2) - [ARP Spoofing](/pentest/infrastructure/networks/l2/arp-spoofing.md): Address Resolution Protocol - [DHCPv6 Spoofing](/pentest/infrastructure/networks/l2/dhcpv6-spoofing.md): Dynamic Host Configuration Protocol version 6 - [LLMNR / NBNS Poisoning](/pentest/infrastructure/networks/l2/llmnr-nbns-poisoning.md): Link-Local Multicast Name Resolution / NetBIOS Name Service - [SNACs Abuse](/pentest/infrastructure/networks/l2/snacs-abuse.md): Stale Network Address Configuration - [VLAN Hopping](/pentest/infrastructure/networks/l2/vlan-hopping.md): Virtual Local Area Network - [NAC Bypass](/pentest/infrastructure/networks/nac-bypass.md): Network Access Control & Port Security (MAB, IEEE 802.1X, etc.) - [Scanning](/pentest/infrastructure/networks/scanning.md) - [SIP / VoIP](/pentest/infrastructure/networks/sip-voip.md): Session Initiation Protocol / Voice over IP - [Sniff Traffic](/pentest/infrastructure/networks/sniff-traffic.md) - [NFS](/pentest/infrastructure/nfs.md): Network File System - [Persistence](/pentest/infrastructure/persistence.md) - [Pivoting](/pentest/infrastructure/pivoting-tunneling.md) - [Post Exploitation](/pentest/infrastructure/post-exploitation.md): General Post Exploitation - [SNMP](/pentest/infrastructure/snmp.md): Simple Network Management Protocol - [SSH](/pentest/infrastructure/ssh.md): Secure Shell - [TFTP](/pentest/infrastructure/tftp.md): Trivial File Transfer Protocol - [VNC](/pentest/infrastructure/vnc.md): Virtual Network Computing - [OSINT](/pentest/osint.md): Open Source Intelligence - [Shodan](/pentest/osint/shodan.md) - [Password Brute Force](/pentest/password-brute-force.md) - [Generate Wordlists](/pentest/password-brute-force/generate-wordlists.md) - [Perimeter](/pentest/perimeter.md) - [1C](/pentest/perimeter/1c.md) - [ADFS](/pentest/perimeter/adfs.md): Active Directory Federation Services - [Cisco](/pentest/perimeter/cisco.md) - [DNS](/pentest/perimeter/dns.md): Domain Name System - [Exchange](/pentest/perimeter/exchange.md) - [Information Gathering](/pentest/perimeter/information-gathering.md) - [IPSec](/pentest/perimeter/ipsec.md): IP Security - [Java RMI](/pentest/perimeter/java-rmi.md): Java Remote Method Invocation - [Log4j / Log4Shell](/pentest/perimeter/log4j-log4shell.md) - [Lync & Skype for Business](/pentest/perimeter/lync-s4b.md) - [NTP](/pentest/perimeter/ntp.md): Network Time Protocol - [Outlook](/pentest/perimeter/outlook.md) - [OWA](/pentest/perimeter/owa.md): Outlook Web Access - [SharePoint](/pentest/perimeter/sharepoint.md) - [SMTP](/pentest/perimeter/smtp.md): Simple Mail Transfer Protocol - [SSH](/pentest/perimeter/ssh.md): Secure Shell - [Subdomain Takeover](/pentest/perimeter/subdomain-takeover.md) - [Shells](/pentest/shells.md) - [Reverse Shells](/pentest/shells/reverse-shells.md) - [Web Shells](/pentest/shells/web-shells.md) - [Web](/pentest/web.md) - [2FA Bypass](/pentest/web/2fa-bypass.md) - [LFI / RFI](/pentest/web/lfi-rfi.md): Local / Remote File Inclusion - [SOP / CORS](/pentest/web/sop-cors.md): Same-Origin Policy / Cross-Origin Resource Sharing - [SQLi](/pentest/web/sqli.md): SQL Injection - [WAF](/pentest/web/waf.md): Web Application Firewall - [WordPress](/pentest/web/wordpress.md) - [XSS](/pentest/web/xss.md): Cross-Site Scripting - [Wi-Fi](/pentest/wi-fi.md) - [WPA / WPA2](/pentest/wi-fi/wpa-wpa2.md) - [Enterprise](/pentest/wi-fi/wpa-wpa2/enterprise.md): Wi-Fi Protected Access Enterprise - [Personal](/pentest/wi-fi/wpa-wpa2/personal.md): Wi-Fi Protected Access Personal