Intro

Hello, this is where I document penetration tests, security research/assessments, CTF write-ups, cheatsheets, and study materials as I prepare for I.T security certifications. My current goals are the PNPT and CRTO certifications.

The write-ups labeled with an asterisk are incomplete to various degrees.

eJPT

  • TCP/IP & IP routing

    • Addresses, CIDR notation, Subnetting, IPv4/IPv6, OSI model, common ports, TCP/UDP headers, firewalls, packet filtering, DNS

  • Network Attacks

    • Pivoting, Dictionary attacks, SMB, ARP Poisoning, subdomain enumeration

  • Web Application attacks

    • HTTP protocols, LFI, XSS, SQLi, web technologies

  • System Attacks

    • Malware, password attacks, buffer overflows

  • Essential Penetration Testing processes and methodologies

    • Planning/Threat modeling, Reconnaissance, Information Gathering, Enumeration, Footprinting, Initial Access, Local Privilege Escalation, Persistence, System/Root/Domain Privilege Escalation, Maintain access, Covering tracks, Post exploitation, Reporting

  • Scripting and Programming

    • C++, Python, Bash, Powershell

  • Vulnerability Assessment of networks and web applications

    • Scanning and profiling

  • Manual and Automatic exploitation (with and without metasploit)

PNPT

  • Perform Open-Source Intelligence (OSINT) to gather intel on how to properly attack the network

  • Leverage their Active Directory exploitation skillsets to perform A/V and egress bypassing, lateral and vertical network movements, and ultimately compromise the exam Domain Controller

  • Provide a detailed, professionally written report

  • Perform a live report debrief in front of our assessors

CRTO

CRTO will first cover the core concepts of adversary simulation, command & control, and how to plan an engagement. They will then learn about each stage of the attack lifecycle from initial compromise, to full domain takeover, data hunting, and data exfiltration. Students will also take various OPSEC concerns into account and learn how to bypass defences such as Windows Defender, AMSI and AppLocker. Finally, they will cover reporting and post-engagement activities.

  • Command & Control

  • External Reconnaissance

  • Initial Compromise

  • Host Reconnaissance

  • Host Persistence

  • Host Privilege Escalation

  • Domain Reconnaissance

  • Lateral Movement Credentials & User Impersonation

  • Password Cracking Hints & Tips

  • Session Passing

  • Pivoting

  • Data Protection API

  • Kerberos

  • Group Policy

  • Discretionary Access Control Lists

  • MS SQL Servers

  • Domain Dominance

  • Forest & Domain Trusts

  • Local Administrator Password Solution

  • Bypassing Defences

  • Data Hunting & Exfiltration

  • Post-Engagement & Reporting

  • Extending Cobalt Strike

OSCP

  • Navigating Kali Linux

  • Practical Tools

    • Linux/GNU and Windows commands

  • Scripting

    • Python/Powershell

  • Enumeration

    • Passive/Active/Vulnerability scanning

  • Web Application Attacks

    • OWASP Top 10

  • Buffer Overflows

  • Client Side Attacks

  • Locating/Fixing Public Exploits

  • Manual Exploitation

    • PoC scripting

  • File Transfers

  • Antivirus Evasion

  • Privilege Escalation

    • Lateral movement

  • Password Attacks

    • cracking hashes/brute forcing

  • Port Tunneling

  • Pivoting

  • Post Exploitation

  • Active Directory Attacks

  • Metasploit

  • Penetration Testing Methodology

Bug Bounties

NextOverview

Last updated