Intro
Hello, this is where I document penetration tests, security research/assessments, CTF write-ups, cheatsheets, and study materials as I prepare for I.T security certifications. My current goals are the PNPT and CRTO certifications.
The write-ups labeled with an asterisk are incomplete to various degrees.
eJPT
TCP/IP & IP routing
Addresses, CIDR notation, Subnetting, IPv4/IPv6, OSI model, common ports, TCP/UDP headers, firewalls, packet filtering, DNS
Network Attacks
Pivoting, Dictionary attacks, SMB, ARP Poisoning, subdomain enumeration
Web Application attacks
HTTP protocols, LFI, XSS, SQLi, web technologies
System Attacks
Malware, password attacks, buffer overflows
Essential Penetration Testing processes and methodologies
Planning/Threat modeling, Reconnaissance, Information Gathering, Enumeration, Footprinting, Initial Access, Local Privilege Escalation, Persistence, System/Root/Domain Privilege Escalation, Maintain access, Covering tracks, Post exploitation, Reporting
Scripting and Programming
C++, Python, Bash, Powershell
Vulnerability Assessment of networks and web applications
Scanning and profiling
Manual and Automatic exploitation (with and without metasploit)
PNPT
Perform Open-Source Intelligence (OSINT) to gather intel on how to properly attack the network
Leverage their Active Directory exploitation skillsets to perform A/V and egress bypassing, lateral and vertical network movements, and ultimately compromise the exam Domain Controller
Provide a detailed, professionally written report
Perform a live report debrief in front of our assessors
CRTO
CRTO will first cover the core concepts of adversary simulation, command & control, and how to plan an engagement. They will then learn about each stage of the attack lifecycle from initial compromise, to full domain takeover, data hunting, and data exfiltration. Students will also take various OPSEC concerns into account and learn how to bypass defences such as Windows Defender, AMSI and AppLocker. Finally, they will cover reporting and post-engagement activities.
Command & Control
External Reconnaissance
Initial Compromise
Host Reconnaissance
Host Persistence
Host Privilege Escalation
Domain Reconnaissance
Lateral Movement Credentials & User Impersonation
Password Cracking Hints & Tips
Session Passing
Pivoting
Data Protection API
Kerberos
Group Policy
Discretionary Access Control Lists
MS SQL Servers
Domain Dominance
Forest & Domain Trusts
Local Administrator Password Solution
Bypassing Defences
Data Hunting & Exfiltration
Post-Engagement & Reporting
Extending Cobalt Strike
OSCP
Navigating Kali Linux
Practical Tools
Linux/GNU and Windows commands
Scripting
Python/Powershell
Enumeration
Passive/Active/Vulnerability scanning
Web Application Attacks
OWASP Top 10
Buffer Overflows
Client Side Attacks
Locating/Fixing Public Exploits
Manual Exploitation
PoC scripting
File Transfers
Antivirus Evasion
Privilege Escalation
Lateral movement
Password Attacks
cracking hashes/brute forcing
Port Tunneling
Pivoting
Post Exploitation
Active Directory Attacks
Metasploit
Penetration Testing Methodology
Bug Bounties
Last updated