Please enable JavaScript.
Coggle requires JavaScript to display documents.
the hacker playbook series (book: the hacker playbook (5: THE LATERAL PASS…
the hacker playbook series
book: the hacker playbook
CONTINUING EDUCATION
10: POST GAME ANALYSIS - REPORTING
Reporting
List of my best pactices and concepts for reporting
9: SPECIAL TEAMS - CRACKING, EXPLOITS, TRICKS
Password cracking
John the ripper (JtR)
Cracking MD5 Hashes
oclHashcat
Cracking WPAv2
Cracking NTLMv2
Cracking smarter
Vulnerability searching
Searchsploit
BugTraq
Exploit-DB
Querying Metasploit
Tips and tricks
RC Scripts withing metasploit
Bypass UAC
Web filtering bypass for your domains
Windows XP - old school FTP trick
Hiding your files
Keeping those files hidden
Windoes 7/8 uploding files to the host
8: THE QUARTERBACK SNEAK - EVADING AV
Evading AV
Hiding WCE from AV
Python
Python shell
Python keylogger
Veil Example
SMBExec
7: THE ONSIDE KICK - ATTACKS THAT REQUIRE PHYSICAL ACCESS
Exploiting wireless
Passive - identification and reconnaissance
Active attacks
WEP - Wired equivalent privacy
How to crack WEP in kali
WPAv2 WPS (Wi-Fi protected setup) attacks
WPA enterprise - Fake radius attack
Configuring a radius server
Karmetasploit
Physical
Card cloning
Pentesting DropBox
Odroid U2
Physical social engineering
6: THE SCREEN SOCIAL ENGINEERING
Dopplelganger Domains
SMTP Attack
SSH Attack
To extract OpenSSH
Spear phishing
Metasploit PRO - Phishing module
Social engineering toolkit
Credential Harvester
To generate a fake page, go through the follow.
Using SET JAVA attack
Sending out massive spear phishing campaigns
Social engineering with microsoft excel
5: THE LATERAL PASS - MOVING THROUGH THE NETWORK
Proxy between hosts
Post exploitation with powersploit
Commands
Post exploitation with powershell
ARP (adress resolution protocol) Poisoning
IPv4
Cain and Abel
Ettercap
Ipv6
The tool is able to do different attacks such as:
Steps after ARP spoofing
Sidejacking
Hamster/ferret
Firesheep
DNS Redirection
SSLStrip
Commands on kali
With any domain credentials (non-admin)
Group policy preferences
Pulling clear text credentials
WCE - Windows credential editor
Mimikatz
Post exploitation tips
Post exploitation lists frrom room362.com
With any local administrative or domain admin account
Owning the network with credentials and PSExec
PSExec and Veil
PSExec commands across Multiple IPs
Attack the domain controller
SMBExec
On the network without credentials
Responder.py
4: THE TROW - MANUAL WEB APPLICATION FINDINGS
Web application penetration testing
SQL injections
SQLmap
SQL ninja
Executing SQLninja
Cross-site scripting (XSS)
BeEF Exploitation framework
Cross-site scripting obfuscation
Crowd sourcing
OWASP cheat sheet
Cross-site request forgery (CSRF)
Using Burp for CSRF Replay attacks
Session tokens
Additional fuzzing/input validation
Functional/Business logic testing
3: THE DRIVE - EXPLOITING SCANNER FINDINGS
Scripts
WarFTP Example
Metasploit
Basic steps when configuring metasploit remote attacks
Searching via metasploit (using the good ol' MS08-067 velnerability)
2: BEFORE THE SNAP - SCANNING THE NETWORK
Web application scanning
The process for web scanning
Web application scanning
Configuring your network proxy and browser
Spider application
Discover content
Running the active scanner
Discover scripts
How to run passive discovery
Using compromised lists to find email addresses and credentials
External/internal active discovery
The process for network scanning
Network vulnerability scanning (Nexpose/Nessus)
Screen capture - Peeping tom
External scanning
Passive discovery
1: PREGAME - THE SETUP
Setting up a penetration testing box
Hardware
Basic hardare requirements
Optional hardware discussed later within the book
Commercial software
Kali linux
High level tools list additional to kali
Setting up kali
Once your kali vm is up and running
Windows VM Host
High level tools list addition to windows
Setting up windows