• Commands
    • macOS
      • Caffeinate
      • Ditto
      • Firmwarepasswd
      • ipconfig
      • networkQuality
      • Powermetrics
      • Scutil
      • Security
      • sha2
      • Softwareupdate
      • Spctl
      • System_Profiler
      • Tweaks
    • Unix
      • Apropos
      • apt
      • awk
      • base64
      • biosdecode
      • blkid
      • cal
      • cat
      • chage
      • chmod
      • chsh
      • comm
      • crontab
      • cut
      • date
      • dd
      • delv
      • df
      • diff
      • dig
      • dmesg
      • Faketime
      • fdisk
      • file
      • find
      • fls
      • free
      • ftp
      • Ghostscript
      • gpg
      • grep
      • groupadd
      • groupdel
      • hdparm
      • head
      • history
      • host
      • ifconfig
      • iotop
      • ip
      • iwconfig
      • journalctl
      • kill
      • ln
      • Locate
      • ls
      • lsb_release
      • lsblk
      • lshw
      • lsmod
      • lspci
      • lsusb
      • md5sum
      • mkdir
      • mkpasswd
      • modprobe
      • mount
      • mtr
      • nc
      • ncdu
      • netplan
      • netstat
      • network-manager
      • nm connection editor
      • nmcli
      • nslookup
      • ntp
      • passwd
      • ps
      • rev
      • scp
      • script
      • sed
      • sha1sum
      • sha256sum
      • sort
      • split
      • ss
      • strings
      • sudo
      • sudoedit
      • systemctl
      • tail
      • tar
      • tee
      • tftp
      • timedatectl
      • touch
      • tr
      • uname
      • upower
      • vimdiff
      • watch
      • wc
      • wget
      • xargs
      • xxd
    • Windows
      • azureAD
      • cmd
      • GodMode
      • ipconfig
      • nbtstat
      • net group
      • net user
      • net view
      • netsh
      • Nltest
      • nslookup
      • powershell
      • regedit
      • Route
      • Schtasks
  • CVE
    • CVE-2007-1036
    • CVE-2012-0002
    • CVE-2012-1675
    • CVE-2013-4786
    • CVE-2014-0224
    • CVE-2014-6321
    • CVE-2014-8272
    • CVE-2016-1287
    • CVE-2016-2107
    • CVE-2017-0143
    • CVE-2017-12542
    • CVE-2017-8917
    • CVE-2018-10993
    • CVE-2019-0686
    • CVE-2019-0708
    • CVE-2019-18935
    • CVE-2019-19781
    • CVE-2019-2725
    • CVE-2019-5392
    • CVE-2020-0609
    • CVE-2020-0796
    • CVE-2020-10487
    • CVE-2020-1350
    • CVE-2020-1472
    • CVE-2020-14882
    • CVE-2020-5902
    • CVE-2021-26855
    • CVE-2021-27850
    • CVE-2021-34473
    • CVE-2021-34527
    • CVE-2021-4034
    • CVE-2021-40449
    • CVE-2021-44228
    • CVE-2022-0847
    • CVE-2022-21882
    • CVE-2022-30190
    • overview
  • Stuff
    • Cheatsheets
      • Active Directory Pentesting
      • Bash Scripting
      • Default Credentials Cheat Sheet
      • Exchange versions
      • GitHub Dork
      • Google dork
      • Headers / Files
      • List of TLDs
      • Netmasks / Subnetting
      • OSCP PrivEsc Mindmap
      • Overview
      • Regex
      • Windows Security Log References
      • XSS
      • XXE Injection
    • Handy Links
  • Tools
    • Apple macOS
      • 3utools
      • Airfoil
      • AlDente
      • Alfred
      • Amphetamine
      • App Tamer
      • AppCleaner
      • Bartender
      • Brew
      • CalHash
      • Checkra1n
      • CleanMyMac
      • coconutBattery 3
      • Deeper
      • Dropover
      • EasyRes
      • Fanny
      • Gifski
      • HEIC Converter
      • IINA
      • ImageOptim
      • IPSW
      • Little Snitch
      • Lunar
      • macAdmin Scripts
      • Macs Fan Control
      • Magnet
      • Micro Snitch
      • MonitorControl
      • MountEFI
      • Numi
      • One Switch
      • OnyX
      • Opencore Legacy Patcher
      • Passepartout
      • TestM
      • The Unarchiver
      • Tunnelblick
      • Video Converter
      • Viscosity
      • XLD
    • Automation
      • Ansible
    • Docker
      • Docker
      • Docker DNS/DHCP server
      • Kali
    • Forensics
      • Binwalk
      • Bulk_extractor
      • ewf-tools
      • Foremost
      • FTK-Imager
      • Photorec
      • Scalpel
      • StegCracker
      • Steghide
      • Stegseek
      • Stegsolve
      • Usbrip
      • Volatility
      • zbar-tools
    • Framework
      • AdGuardHome
      • AdGuardHome Sync
      • Arsenal
      • BadBlood
      • BloodHound
      • BloodHound.py
      • bloodyAD
      • CDK
      • Ciphey
      • Coercer
      • CrackMapExec
        • cmedb
        • FTP
        • LDAP
        • MSSQL
        • RDP
        • SMB
        • SSH
        • WinRM
      • CyberChef
      • DonPAPI
      • Evil-WinRM
      • GoodHound
      • Hugo
      • Impacket
        • FindDelegation.py
        • GetNPUsers.py
        • GetST.py
        • GetUserSPNs.py
        • ntlmrelayx.py
        • psexec.py
        • rdp_check.py
        • samrdump.py
        • secretsdump.py
        • smbclient.py
        • smbexec.py
        • smbrelayx.py
        • smbserver.py
        • wmiexec.py
      • LDEEP
        • Cache
        • LDAP
      • Lsassy
      • Metasploit
      • Mimikatz
      • Mitm6
      • MSFvenom
      • Navi
      • PEASS-ng
        • LinPEAS
        • WinPEAS
      • Pi-Hole
      • Pretender
      • Pypykatz
      • ScoutSuite
      • SearchSploit
      • Seth
      • Subdomain Visualizer
      • WEF
      • Wifite2
    • Hash Cracking
      • Crunch
      • FCrackZip
      • gppdecrypt0rr
      • HAITI
      • hash-cracker
      • hashcat
      • HashID
      • Hashtopolis
      • hcxtools
        • hcxdumptool
        • hcxhashtool
        • hcxpcapngtool
      • ntcrack
      • nthasher
      • PACK
      • Search-That-Hash
    • Microsoft 365
      • AADInternals
      • Azucar
      • AzureAD SSO brute
      • AzureHound
      • Credmaster
      • Go365
      • M365_groups_enum
      • MFASweep
      • MicroBurst
      • MSOLSpray
      • O365creeper
      • O365spray
      • Omnispray
      • onedrive_user_enum
      • ROADrecon
      • Stormspotter
    • Networking
      • Aircrack-ng
      • ARP-scan
      • atftp
      • AutoSSH
      • Bettercap
      • Brctl
      • Bruteshark
      • BTNAP
      • CDPsnarf
      • Certbot
      • Chisel
      • cidr2ip
      • ddosify
      • DNSdiag
      • go-out
      • iPerf3
      • iptables
      • MASSCAN
      • NBTscan
      • Netdiscover
      • NetworkMiner
      • nginx
      • nmap
      • OpenSSL
      • OpenVPN
      • pfSense
      • Proxychains
      • Responder
      • rsync
      • RustScan
      • Smap
      • socat
      • speedtest-cli
      • ssh
      • sshuttle
      • Subnet Calculator
      • Swaks
      • tcpdump
      • TShark
      • UFW
      • vlan-hop
      • vnstat
      • Wavemon
      • Wireshark
      • Yersinia
    • OSINT
      • All Search Engines
      • Amass
      • ASNmap
      • assetfinder
      • CCrawlDNS
      • Cloudflair
      • Crosslinked
      • crt.sh
      • Dirhunt
      • DNSdumpster
      • DNSrecon
      • dnsx
      • Emailfinder
      • EMM OSINT Suite
      • FOCA
      • H8mail
      • ipinfo-cli
      • L333tlinked
      • Netcraft DNS
      • OSINT Framework
      • Phonebook.cz
      • PowerMeta
      • puredns
      • Pwndb
      • Pymeta
      • recon-ng
      • ReconFTW
      • Securitytrails
      • Sherlock
      • Shodan.io
      • Socialscan
      • SonarSearch Crobat
      • SpiderFoot
      • Subfinder
      • Sublist3r
      • theHarvester
      • Twofi
    • Other
      • 403fuzzer
      • 8814au
      • ADExplorerSnapshot.py
      • ADIDNSdump
      • adPEAS
      • ADReaper
      • Alacritty
      • Aquatone
      • Arcmenu
      • Aria2
      • ARRAffinity
      • AutoRecon
      • aws-rotate-key
      • Axel
      • Backscatter
      • BalenaEtcher
      • bike-scan
      • BIOS-pwgen
      • BloodHoundLoader
      • Breacher
      • Brutedum
      • Burpsuite
      • Bypass Paywalls Clean
      • CamOver
      • Ccat
      • Certi
      • Certificate Ripper
      • Certify
      • Certipy
      • CeWL
      • Chameleon
      • Checkdmarc
      • Checksec
      • Chntpw
      • Crowbar
      • Cryptomator
      • Cryptsetup
      • CTF Flag Generator
      • Curl
      • CutyCapt
      • Cypherhound
      • Dalfox
      • Dash-to-panel
      • DBeaver
      • dconf-editor
      • DIRB
      • Ditto
      • Dmidecode
      • DNStwist
      • DumpSMBShare
      • DumpThatLSASS
      • Duplicut
      • DVDbackup
      • Easy2Boot
      • EmailSecCheck
      • Enum4linux
      • ExchangeFinder
      • ExifTool
      • EyeWitness
      • F3
      • F5-BigIP-decoder
      • Fawkes
      • Ffuf
      • Figlet
      • Firefox Developer
      • Flameshot
      • Foolproof Passgen
      • Franz
      • genisoimage
      • Git
      • Git-dumper
      • GitDump
      • Gittools
      • Gobuster
      • Gosecretsdump
      • GoWitness
      • gpprefdecrypt
      • Grabify.link
      • HandBrake
      • Hping3
      • HTMLdoc
      • htop
      • HWinfo
      • Hydra
      • iat
      • IcedTea-NetX
      • IIS-ShortName-Scanner
      • IKE-scan
      • inxi
      • IPsourcebypass
      • John
      • JoomScan
      • jq
      • Just Perfection
      • KeeFarce
      • Kerbrute
      • LAPSdumper
      • LDAP Nom Nom
      • LDAP Password Hunter
      • LDAP Relay Scan
      • LDAPDomainDump
      • LDAPmonitor
      • ldapper
      • ldapsearch-ad.py
      • Libheif
      • lm-sensors
      • MACchanger
      • Mattermost
      • Msfvenom
      • MySQL
      • Neo4j
      • Neofetch
      • Nessus
      • Nextcloud
      • Ngxtop
      • Nikto
      • nmap-converter
      • NTLM_challenger
      • ntlm_theft
      • NTLMRecon
      • Ntlmscan
      • Obsidian
      • onesixtyone
      • osslsigncode
      • PAN-OS GP Scanner
      • Pcredz
      • Petitpotam
      • PipeWire
      • Polenum
      • Popsicle
      • Postfix
      • Powertop
      • PRET
      • Pulse Secure Version Scanner
      • Python
      • pyWhat
      • qobuz-dl
      • QRencode
      • RDesktop
      • RDP-Sec-Check
      • RDPassSpray
      • RDWArecon
      • Redis Tools
      • Remmina
      • Resilio Sync
      • RomBuster
      • RsaCtfTool
      • Ruler
      • SAMdump2
      • Screen
      • Screenshot Tool
      • Sg3-Utils
      • Shairport-Sync
      • Showmount
      • Simple Net Speed
      • SMBclient
      • SMBget
      • SMBmap.py
      • snapd
      • SNMP
      • snmp-check
      • snmpwalk
      • Sonic Visualiser
      • Sosumi
      • Sound I/O Device Chooser
      • SQlitebrowser
      • SQLmap
      • SSH-method-scanner
      • SSHScan
      • SSL-Cert-Check
      • stress-ng
      • Syncthing
      • Tabby
      • TeraCopy
      • Termtyper
      • Testdisk
      • Testssl.sh
      • ticket_converter
      • Tig
      • tilde_enum
      • Tilix
      • tldr
      • TLP
      • TLScan
      • Tmux
      • Trufflehog3
      • Unofficial Sonos Controller
      • Updog
      • UUP dump
      • Vaultwarden
      • Virtualbox
      • Visual Studio Code
      • Vitals
      • WhatWeb
      • Whois
      • Wipe
      • WoeUSB-ng
      • WPscan
      • XSStrike
      • Yopass
      • YouTube-dl
      • yt-dlp
      • Yubikey
      • Z Shell
    • Techniques
      • Abuse AD CS
      • BackupOperatorToDA
      • Kerberoasting
      • KrbRelayUp
      • NTDS.dit Dump & Extract
      • Pass-the-hash
      • Printspoofer
      • RBCD-attack
    • Windows
      • ADCollector
      • ADSearch
      • Cain
      • CFF Explorer
      • DKIM-Exchange
      • DNSbench
      • dnSpy
      • DomainPasswordSpray
      • Explorer++
      • Fatxplorer
      • Grouper2
      • HD Tune
      • Icacls
      • iDevice Panic Log Analyzer
      • IIS-crypto
      • inSSIDer
      • Inveigh
      • Lossless Audio Checker
      • Minidump
      • Mp3tag
      • OneDriveExplorer
      • Plink
      • powercat
      • PowerToys
      • Prefetch-Browser
      • PSPKIAudit
      • Recuva
      • Room EQ Wizard
      • Rufus
      • Seatbelt
      • Sysinternals
      • TaskManagerBitmap
      • W10privacy
      • Winaero Tweaker
      • Xirrus Wi-Fi Inspector

More

  • Home
  • All Tags
  • GitHub
  • Twitter
  • CyberChef
  • SAF

Build with by crypt0rr

© 2018-2023 - All rights reserved


Edit this page
Techniques
  • Techniques
Techniques

Techniques

    Abuse AD CS

    Abuse the Active Directory Certificate Services.

    BackupOperatorToDA

    From Backup Operator To Domain Admin.

    Kerberoasting

    Abusing the kerberos protocol to gain KRBTG hashes to crack.

    KrbRelayUp

    A universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).

    NTDS.dit Dump & Extract

    How to dump NTDS.dit and extract the hashes with ShadowCopy and Secretsdump.

    Pass-the-hash

    Use the hash of a user to authenticate around the network.

    Printspoofer

    From LOCAL/NETWORK SERVICE to SYSTEM by abusing SeImpersonatePrivilege on Windows 10 and Server 2016/2019.

    RBCD-attack

    Resource-Based Constrained Delegation Attack (Kerberos RBCD / KRBCD).