- notes 52
- ewptx 15
- ecppt 7
- crtp 7
- review 6
- pnpt 6
- crte 5
- adx 4
- cartp 3
- cve 2
- cloud 2
- insights 1
- awareness 1
- c2 1
- container 1
notes
Attack AD CS Now!!
DPAPI, CBA Patch, Template Reconfiguration, Certificate Forgery and More!
3 - Lateral mov & Persistence (Azure)
Pass-the-PRT, Runbooks, cloud to on-prem, Golden SAML and More!
2 - Enumeration & Privilege Escalation (Azure)
Storage Accounts, Key Vaults, Blobs, RBAC, Dynamic Groups and more!
1 - Intro & Recon (Azure)
Introduction to Azure concepts, Discovery and Recon of services and Apps, Initial Access Attacks and More!
Get familiar with Azure Pentesting!
Going deeper with Azure!
Hacking Containers!
Container escape, Extract Info from Registry, Bypass Restrictions and more!
Intro to Cloud Pentesting!
Wanna learn Cloud Pentesting? Start here!
5 - Cheat Sheet
Cheat Sheet for CRTP/CRTE exams
4 - Cross Domain Attacks
ADCS, Shadow Credentials, Azure AD Integration, Foreign Security Principals and More
3 - AD Persistence
Constrained Deleg and Malicious SSP
2 - AD Privesc
LAPS, gMSA and Constrained Deleg
1 - Lateral Movement
Almost the same content as CRTP + Extracting Credentials from LSASS
7 - AD Defense
We Hac, We Attac but most importantly We Protec!
6 - AD Privesc
Kerberos attacks, Delegations, Across Trusts escalation, ADCS and More
5 - AD Persistence
Golden, Silver, Diamond Tickets, Custom SSP, ACLs abuses and More
4 - Offensive .NET
Use Minimal obfuscation and String manipulation to bypass Win Defender
3 - Lateral Movement
PowerShell Remoting, Mimikatz, Over Pass the hash and More
2 - Win Privesc
Unquoted Paths and Modifiable Services
1 - AD Enumeration
Learn how to enumerate the Domain, ACLs, GPOs, Trusts and More
4 - Windows Lateral Movement
Intro to Windows Lateral Movement
3 - Windows Privesc
Intro to Windows Privesc
2 - Bloodhound
BloodHound is a versatile and powerful tool for AD enumeration and analysis.
1 - Powershell
Starting with Powershell for AD Exploitation!
15 - Attacking LDAP
First the Fundamentals, then Exploitation!
14 - APIs & Cloud Apps
Attacking APIs & Cloud Based Applications
13 - Authentication & SSO
Attacking JWT, OAuth, SAML and Bypassing 2FA
12 - Attacking Crypto
Padding Oracle, Hash Length Extension, Leveraging MachineKey and More
11 - Server Side Attacks
SSRF, SSI, XSLT attacks and More
10 - Attacking Serialization
Attacking Serialization in Java, PHP and .NET
9 - XML Attacks
Tag Injection, XXE, Xpath Injection and More
8 - SQLI Filter Evasion
Bypassing Keyword and Function Filters
7 - SQL Injection
Learn techniques of exploitation for Mysql, MSSQL and Oracle Databases
6 - HTML5
How to exploit the new features of HTML5
5 - Cross-site request forgery (CSRF)
Discovering, Execution and Bypass techniques
4 - XSS Filter Evasion
Bypass blacklisting Filters, sanitization and Browser Filters
3 - Cross-site scripting (XSS)
How to discover and exploit a XSS vulnerability
2 - Evasion Basics
Base64 encoding, obfuscations, compressing, escapes and More
1 - Encoding & Filtering
Filtering with Regex, Types of encoding, Bypass WAF and More
6 - Movement, Pivoting and Persistence
Lateral Movement, Pivoting and Persistence using the C2 Covenant and Metasploit
5 - Windows Privilege Escalation
Navigating Windows Privesc Techniques: Kernel Exploits, Impersonation, Registry, DLL Hijacking and More
4 - Linux Privilege Escalation
Exploring Linux Privesc Techniques: Kernel Exploits, SUDO, SUID, Scheduled Tasks, NFS Root Squashing and More
3 - External Pentest Playbook
The full life cycle of an External Pentest: ROE, Osint, Attacking Login Portals, Report, Client Debriefs and More
2 - Open-Source Intelligence (OSINT)
Collect Info about your Target: Images, Emails, Passwords, Usernames, Social Media and More
1 - Practical Ethical Hacker
Recon, Scans, Buffer Overflow, AD, Web exploitation and More
7 - Metasploit & Ruby
Ruby > Python
6 - Wi-Fi Pentest
Traffic Analysis, Deautentication, Man-in-the-Middle, Wardriving and More
5 - Web App Security
XSS, SQLi, CSRF, Session Attacks and More
4 - Linux Security
About Linux: It's not OK, It's necessary! Peterson, Jordan.
3 - Powershell
Learn to reduce your footprint and evade defense mechanisms
2 - Network Security
Scans, Information Gathering, Vulnerabilities and more
1 - System Security
Low level stuff - Do not panic!
eLearnSecurity Junior Penetration Tester
Get your feet wet in Pentesting with eJPT from INE!
ewptx
15 - Attacking LDAP
First the Fundamentals, then Exploitation!
14 - APIs & Cloud Apps
Attacking APIs & Cloud Based Applications
13 - Authentication & SSO
Attacking JWT, OAuth, SAML and Bypassing 2FA
12 - Attacking Crypto
Padding Oracle, Hash Length Extension, Leveraging MachineKey and More
11 - Server Side Attacks
SSRF, SSI, XSLT attacks and More
10 - Attacking Serialization
Attacking Serialization in Java, PHP and .NET
9 - XML Attacks
Tag Injection, XXE, Xpath Injection and More
8 - SQLI Filter Evasion
Bypassing Keyword and Function Filters
7 - SQL Injection
Learn techniques of exploitation for Mysql, MSSQL and Oracle Databases
6 - HTML5
How to exploit the new features of HTML5
5 - Cross-site request forgery (CSRF)
Discovering, Execution and Bypass techniques
4 - XSS Filter Evasion
Bypass blacklisting Filters, sanitization and Browser Filters
3 - Cross-site scripting (XSS)
How to discover and exploit a XSS vulnerability
2 - Evasion Basics
Base64 encoding, obfuscations, compressing, escapes and More
1 - Encoding & Filtering
Filtering with Regex, Types of encoding, Bypass WAF and More
ecppt
7 - Metasploit & Ruby
Ruby > Python
6 - Wi-Fi Pentest
Traffic Analysis, Deautentication, Man-in-the-Middle, Wardriving and More
5 - Web App Security
XSS, SQLi, CSRF, Session Attacks and More
4 - Linux Security
About Linux: It's not OK, It's necessary! Peterson, Jordan.
3 - Powershell
Learn to reduce your footprint and evade defense mechanisms
2 - Network Security
Scans, Information Gathering, Vulnerabilities and more
1 - System Security
Low level stuff - Do not panic!
crtp
7 - AD Defense
We Hac, We Attac but most importantly We Protec!
6 - AD Privesc
Kerberos attacks, Delegations, Across Trusts escalation, ADCS and More
5 - AD Persistence
Golden, Silver, Diamond Tickets, Custom SSP, ACLs abuses and More
4 - Offensive .NET
Use Minimal obfuscation and String manipulation to bypass Win Defender
3 - Lateral Movement
PowerShell Remoting, Mimikatz, Over Pass the hash and More
2 - Win Privesc
Unquoted Paths and Modifiable Services
1 - AD Enumeration
Learn how to enumerate the Domain, ACLs, GPOs, Trusts and More
review
CARTP - Review
Honest Review CARTP - Azure Pentesting!
CRTE Review
Get to know the Certified Read Team Expert certification by Altered Security
CRTP Review
Certified Red Team Professional
Web application Penetration Tester eXtreme
My Review of the eWPTXv2 by INE
Practical Network Penetration Tester
My Review about the 5 courses of TCM: PEH, OSINT, External Pentest, Linux Privesc and Windows Privesc
eLearnSecurity Certified Professional Penetration Tester
Here's my Review of the eCPPTv2 by INE
pnpt
6 - Movement, Pivoting and Persistence
Lateral Movement, Pivoting and Persistence using the C2 Covenant and Metasploit
5 - Windows Privilege Escalation
Navigating Windows Privesc Techniques: Kernel Exploits, Impersonation, Registry, DLL Hijacking and More
4 - Linux Privilege Escalation
Exploring Linux Privesc Techniques: Kernel Exploits, SUDO, SUID, Scheduled Tasks, NFS Root Squashing and More
3 - External Pentest Playbook
The full life cycle of an External Pentest: ROE, Osint, Attacking Login Portals, Report, Client Debriefs and More
2 - Open-Source Intelligence (OSINT)
Collect Info about your Target: Images, Emails, Passwords, Usernames, Social Media and More
1 - Practical Ethical Hacker
Recon, Scans, Buffer Overflow, AD, Web exploitation and More
crte
5 - Cheat Sheet
Cheat Sheet for CRTP/CRTE exams
4 - Cross Domain Attacks
ADCS, Shadow Credentials, Azure AD Integration, Foreign Security Principals and More
3 - AD Persistence
Constrained Deleg and Malicious SSP
2 - AD Privesc
LAPS, gMSA and Constrained Deleg
1 - Lateral Movement
Almost the same content as CRTP + Extracting Credentials from LSASS
adx
4 - Windows Lateral Movement
Intro to Windows Lateral Movement
3 - Windows Privesc
Intro to Windows Privesc
2 - Bloodhound
BloodHound is a versatile and powerful tool for AD enumeration and analysis.
1 - Powershell
Starting with Powershell for AD Exploitation!
cartp
3 - Lateral mov & Persistence (Azure)
Pass-the-PRT, Runbooks, cloud to on-prem, Golden SAML and More!
2 - Enumeration & Privilege Escalation (Azure)
Storage Accounts, Key Vaults, Blobs, RBAC, Dynamic Groups and more!
1 - Intro & Recon (Azure)
Introduction to Azure concepts, Discovery and Recon of services and Apps, Initial Access Attacks and More!
cve
Back to top ↑cloud
Get familiar with Azure Pentesting!
Going deeper with Azure!
Intro to Cloud Pentesting!
Wanna learn Cloud Pentesting? Start here!