Skip to content
jacobh.io
() laps abuse
Initializing search
Jacob-Ham/jacobhio
$ whoami
Setup
AWS
Active Directory
Azure
Cheatsheets
Linux
Web Application
Writeups
jacobh.io
Jacob-Ham/jacobhio
$ whoami
Setup
AWS
AWS
Authenticate
Compute Services & Lateral Movement
Credential & Identity Attacks
Discovery & Reconnaissance
Phishing via SSO Device Codes
Secrets & Notification Services
Serverless Services Exploitation
Storage Enumeration & Exploitation
Tools
Active Directory
Active Directory
Under Construction
1. Reconnaissance & Enumeration
1. Reconnaissance & Enumeration
DNS Dump
Domain User Enumeration
Domain Wide Enumeration
Enumerating Security Controls
Group Membership
Living Off the Land Enumeration
Null Session
Password Policy Enumeration
SMB Signing
Service Enumeration
2. Initial Compromise
2. Initial Compromise
ASREPRoast
IPv6 Attacks
LLMNR Poisoning
Password Stuff
Pre Boot Execution Environment PXE
Pre Windows 2000 Computers
PrintNightmare
Relay Attacks
Word Doc Macro
ZeroLogon
3. Credential Theft
3. Credential Theft
Authentication Coercion
Credential Dumping
Credential Hunting
GPP Password
Hash Cracking
Kerberoasting
NTLM Hash Theft
Unconstrained Delegation
4. Lateral Movement
4. Lateral Movement
Alternate Service Name
Constrained Delegation
Domain ACLs
Execution Methods
Forest & Domain Trusts
Group Policy Abuse
Kerberos Double Hop
MSSQL Abuse
Overpass The Hash
Pass The Hash
Pass The Ticket
Pivoting
Resource Based Constrained Delegation
Service for User to Self
5. Privilege Escalation
5. Privilege Escalation
Domain
Domain
DCShadow
DCSync
Diamond Ticket
Golden Ticket
NoPac (SamAccountName Spoofing)
Silver Ticket
ADCS
ADCS
ESC1
Enumerate ADCS
SCCM
SCCM
Enumerate SCCM
SCCM Site Takeover I
SCCM Site Takeover II
Local
Local
Local Administrator Password Solution
Token Privileges
UAC Bypasses
Unquoted Service Path
Weak Service Binary Permissions
Weak Service Permissions
6. Defense Evasion
6. Defense Evasion
Powershell Downgrade
Miscellaneous
Miscellaneous
Disable Restricted Admin Mode
Enable plaintext wdigest
Host Persistence
MachineAccountQuota
Flat
Flat
Internal Checklist
() active directory enumeration
() cisco phones
() default credentials
() forest domain trusts
() laps abuse
() laps abuse
Table of contents
Technique
Prerequisites
Execution
Detection & Mitigation
() ldap passback
() ldap techniques
() living off the land
() office macro
() password attacks
() password spraying
() powershell downgrade
() printnightmare
() samr protocol abuse
() service enumeration
() token impersonation
() weak service permissions
() windows library files
() windows priv esc
() windows privileges
Adcs vulnerabilities
Alternate service name
Asreproast
Authentication coercion
Bloodhound
Credential dumping
Data Pillaging & Credential Hunting
Dcsync
Diamond ticket
Dns dump
Domain acls
Execution Methods
Golden ticket
Gpp password
Group membership
Group policy abuse
Hash cracking
Ipv6 attacks
Kerberoasting
Kerberos delegation
Llmnr poisoning
mDNS
Machine account quota
Mssql abuse
Nfs
Ntlm hash theft
Null session
Overpass the hash
Pass the Hash
Pass the ticket
Password Attacks
Password policy enumeration
Pivoting
Powerview
Pre windows 2000 computers
Pxe boot attacks
Relay attacks
Sccm site takeover
Security controls enumeration
Service for user to self
Shadow credentials
Silver ticket
Smb signing
Static ip
Uac bypasses
Unquoted service path
vmware vCenter vSphere
Zerologon
Azure
Azure
Index
Administrative units
Azure keyvault
Azure networking
Azure Storage
Azure virtual machines
Azure webapps
Container apps
Data pillaging
Database
External recon
Group abuse
Managed identity and apps
Mfa
Misc commands
On prem to cloud
Password spraying
Phishing
Resource enumeration
Role abuse
Service principals
Storage
Tenant wide enumeration
User enumeration
Tokens
Tokens
Get tokens
priv esc FOCI tokens
Tokens info
Using tokens
Cheatsheets
Cheatsheets
Compiling Binaries
Default Credentials
Misc
Network Recon
Passive Network Recon
PowerView
SQLMap
WebApp
DaForce
DaForce
Salesforce 1
Salesforce 2
Salesforce 3
Salesforce 4
Wifi
Wifi
Attacking
Bypassing MAC Filtering
Cracking Passphrases
Decrypting Captures
Driver Installation Alfa A1US036ACS
Finding Hidden Networks
Interface Modes
Monitor Mode
Reconnaissance
Linux
Linux
Linux Privilege Escalation
Linux Privilege Escalation
ACLs
Capabilities
Credential Hunting
Environment Hunting
General Information
Groups
Low Level Exploits
NFS, Samba, Network Shares
Permissions
Restricted Shells
Service Based Escalation
Shared Libraries & Interpreter Hijacking
Writable Directories
Web Application
Web Application
Under Construction
Insecure File Uploads
Verb Tampering
Web Application Firewall
API
API
Getting Started
API
Mass Assignment
Access Control
Access Control
Getting Started
Broken Function Level Access (BLFA)
Broken Object Level Access (BOLA)
Insecure Direct Object Reference (IDOR)
Authentication
Authentication
Getting Started
Brute Forcing Authentication
Json Web Tokens (JWTs)
Multi Factor Authentication
Rate Limiting
Session Tokens
Discovery
Discovery
Directory Fuzzing
Google Dorks
Parameter Fuzzing
File Inclusion
File Inclusion
Directory Traversal
Filter Bypasses
Local File Inclusion (LFI)
Remote File Inclusion
Injections
Injections
Command Injection
Cross Site Scripting (XSS)
External Entity Injection (XXE)
NoSQL Injection
SQL Injection
Server Side Template Injection (SSTI)
Request Forgery
Request Forgery
Cross Site Request Forgery (CSRF)
Server Side Request Forgery
Writeups
Writeups
Index
HackTheBox
HackTheBox
OverCertified
Table of contents
Technique
Prerequisites
Execution
Detection & Mitigation
() laps abuse
Technique
Prerequisites
Execution
Detection & Mitigation