MENU.TXT

1. Information collection
2. Open source intelligence information collection(OSINT）
3. github.
4. whois lookup / registrant reverse lookup / email reverse lookup / related assets
5. google hacking
6. Creating an enterprise password dictionary
7. Dictionary list
8. Mailbox list acquisition
9. Collect relevant information from outside the company
10. Subdomain acquisition
11. Access the intranet.
12. Based on weak enterprise account vulnerability
13. Entry based on system vulnerabilities
14. Website application penetration
15. Wireless Wi-Fi access
16. Stealth attack
17. Command and Control
18. Froting.
19. Agent
20. Cross-border intranet applications
21. Intra-network cross-border forwarding
22. Intra-network cross-border proxy penetration
23. EW
24. Termite
25. Agent script
26. shell bounce
27. Transfer and download of intranet files
28. Intranet information collection
29. Local information collection
30. 1, user list
31. 2, process list
32. 3, service list
33. 4. list of ports
34. 5, patch list
35. 6, native sharing
36. 7, the user habits analysis
37. 8, get the current user password tool
38. Windows
39. Linux
40. Diffusion information collection
41. Port scanning
42. Common port scanning tool
43. Internal network topology architecture analysis
44. Common information collection commands
45. Third party information collection
46. Elevation of privilege
47. Windows
48. BypassUAC
49. Common methods
50. Common tools
51. Power of attorney.
52. Linux
53. Kernel overflow weights
54. Scheduled tasks
55. SUID.
56. Wrong permission configuration vulnerability for system service
57. Insecure file / folder permissions configuration
58. Find the stored plaintext username, password
59. Permission maintained
60. System back door
61. Windows
62. 1, password logging tool
63. 2, commonly used storage Payload location
64. 3, Run/RunOnce Keys
65. 4, BootExecute Key
66. 5, Userinit Key
67. 6, Startup Keys
68. 7, Services
69. 8, Browser Helper Objects
70. 9, AppInit_DLLs
71. 10, file name
72. 11, bitsadmin
73. 12. Ministry of Finance
74. 13, wmi
75. 14. user persistence and Scheduled Tasks
76. 15, Netsh
77. 16, gasket
78. 17, DLL.
79. 18, double agent
80. 19, wait.exe file
81. 20, AppDomainManager
82. 21, Office
83. 22, CLR
84. 23, msdtc
85. 24, hijacking CAccPropServicesClass and mmdeviceenumerator
86. 25, hijack the browser.exe file
87. 26, Windows fax DLL injection
88. 27.
89. 28, fast way
90. 29, login script
91. 30, password filter DLL
92. 31, the use of BOHO do IE browser
93. Linux
94. crontab
95. Hard links sshd
96. SSH Server wrapper
97. SSH keylogger
98. Cymothoa_ process injection backdoor
99. rookit
100. Tools：
101. WEB backdoor
102. Lateral penetration
103. Port penetration
104. Port scanning
105. Port blasting
106. Port weak password
107. Port overflow
108. Common default ports
109. 1, web class (web vulnerability / sensitive directory)
110. 2, database class (scan weak password)
111. 3, Special Service Class (unauthorized / command execution class / vulnerability)
112. 4, common port class (scan weak password / port blasting)
113. 5, the total port corresponding to the service
114. Information collection
115. Method for obtaining Domain Control
116. SYSVOL.
117. MS14-068 Kerberos
118. SPN scan
119. Golden ticket to Kerberos
120. Kerberos's Silver Ticket.
121. Domain service account crack
122. Certificate theft
123. Address Resolution Protocol
124. Get AD hash
125. Ad persistence
126. Active Directory persistence tips
127. Security Support Provider
128. SID History
129. AdminSDHolder&SDProp
130. Group Policy
131. Hook PasswordChangeNotify
132. TIPS
133. Related tools
134. Executing programs on remote systems
135. IOT related
136. Middleman.
137. Avoid killing and testing
138. bypassAV
139. Bypass Applocker
140. Bypass
141. Trace cleanup.
142. Windows log table
143. The Windows log》
144. Doctors Without Borders
145. 3389.