Logo

Intel-driven

  • Introduction
    • What?
    • Why?
    • How?
  • TIBER-EU
    • Resources
  • MITRE ATT&CK
    • Resources
  • OST Map
    • Resources

Opsec

  • Introduction
    • What?
    • Why?
    • How?
  • Identify critical information
  • Analyse threats
  • Analyse vulnerabilities
  • Assess risks
  • Apply appropriate countermeasures
  • Hide your tracks

Preparation

  • Introduction
    • What?
    • Why?
    • How?
  • Falconry (in "In")
  • Lay of the land (in "In")

Weaponisation

  • Introduction
    • What?
    • Why?
    • How?
  • Gain unauthorised access
    • Attack tree
    • Notes
  • Windows Scripting Host (WSH)
    • Show a message box
    • Run exe files
  • HTML Application (HTA)
    • Reverse shell
  • Visual Basic for Application (VBA)
    • Execute a bin
    • Use msfvenom for VBA
  • Powershell
    • Execution policy
    • Reverse shell
  • Getting out of the box (BeEF)
    • Attack tree
    • Notes
      • Alternatives for pentesting
      • Alternatives for red teaming
  • Command and control (C2)
    • Cobalt Strike
    • PowerShell Empire
      • Installation on a Kali VM
      • Launch
    • Metasploit
  • Attack infrastructure as code (in "In")
  • Delivery techniques
    • Email delivery
    • Web Delivery
    • USB Delivery
  • Create a botnet
    • Attack tree
    • Notes
    • Articles
  • SEO poisoning
    • Attack tree
    • Notes

Password attacks

  • Introduction
    • What?
    • Why?
    • How?
  • Password profiling
    • Default passwords
    • Weak Passwords
    • Leaked Passwords
    • Combined wordlists
    • Customized wordlists
    • Username wordlists
    • Resources
  • Brute-force and dictionary attacks
    • Attack tree
    • Examples
      • SSH
    • Notes
    • Scripts
    • Resources
  • Password spraying
    • Attack tree
    • Examples
      • SSH
    • Notes
  • Hash cracking
    • Attack tree
    • Example
    • Notes
      • Hash functions
      • Rainbow tables
      • No resources
    • Tools
    • Resources

Phishing

  • Introduction
    • What?
    • Why?
    • How?
  • Phishing overview
    • Attack tree
    • Notes
      • Email phishing
      • Spear phishing
      • Smishing
      • Vishing
      • Whaling
  • Mail delivery
    • Attack tree
    • Notes
    • Tools
  • Steal access info with fake login page
    • Attack tree
    • Example using SET
      • Set up a clone
      • Trick victim(s) into visiting the fake site
      • Check the harvester file for passwords
    • Notes
    • Tools
  • Webpage with BeEF hook
    • Attack tree
    • Example using BeEF
      • Start BeEF
      • Create the malicious site
      • Trick victim(s) into visiting site
    • Notes
    • Tools
  • Use analytics to lure a target
    • Attack tree
    • Notes
    • Articles
  • Fake prompts everywhere
    • Attack tree
    • Notes
    • Tools
  • Pharming overview
    • Attack tree
    • Notes
  • Credential stuffing
    • Attack tree
    • Notes

Enumeration

  • Introduction
    • What?
    • Why?
    • How?
  • Passive scanning
    • Attack tree
    • Notes
    • Tools
  • Linux
    • System
    • Users
    • Networking
    • Running services
  • Windows
    • System
    • Users
    • Networking
  • Running services
  • DNS
  • SMB
  • SNMP
  • More Windows tools
    • Sysinternals Suite
    • Process Hacker
    • GhostPack Seatbelt

Escalation

  • Introduction
    • What?
    • Why?
    • How?
  • Windows escalation tools
  • Reuseful escalation patterns
    • Host Information
    • Firewall and AV information
    • Services
    • Weak services
    • Windows XP SP1
    • Space in service path
    • Start/Stop with denied permissions
    • Search files and registry
    • Port Forwarding
    • Network drives
      • Find users mapped drives
      • Map a drive
    • Search for kernel vulnerabilities.
    • Common Simple Overwrite Code
  • Harvesting passwords
    • Attack tree
    • Examples
      • Unattended Windows installations
      • Powershell history
      • Saved Windows credentials
      • IIS configuration
      • Retrieve credentials from PuTTY
    • Notes
  • Quick misconfiguration wins
    • Attack tree
    • Examples
      • Scheduled tasks
      • AlwaysInstallElevated
    • Notes
  • Abusing service misconfigurations
    • Attack tree
    • Examples
      • WindowsScheduler
      • Disk Sorter Enterprise
      • Misconfigured Service DACL
    • Notes
      • Insecure Permissions on Service Executable
      • Unquoted path vulnerability
      • Insecure service permissions
  • Abusing dangerous privileges
    • Attack tree
    • Examples
      • SAM and SYSTEM registry
      • Replacing Utilman
      • FTP impersonation
    • Notes
      • SeBackup/SeRestore
      • SeTakeOwnership
      • SeImpersonate/SeAssignPrimaryToken
    • Resources
  • Abusing vulnerable software
    • Attack tree
    • Example
    • Notes

Persistence

  • Introduction
    • What?
    • Why?
    • How?
  • Tampering with unprivileged accounts
    • Assign group memberships
    • Special privileges and security descriptors
    • RID hijacking
  • Backdooring files
    • Executable Files
    • Shortcut files
    • Hijacking file associations
  • Abusing services
    • Creating backdoor services
    • Modifying existing services
  • Abusing scheduled tasks
  • Logon triggered persistence
    • Startup folder
    • Run/RunOnce
    • Winlogon
    • Logon scripts
  • Backdooring the login screen/RDP
    • Sticky Keys
    • Utilman
  • Persisting through existing services
    • Using web shells
    • Using MSSQL as a backdoor

Lateral movement and pivoting

  • Introduction
    • What?
    • Why?
    • How?
  • Mythical blue lake

Data exfiltration

  • Introduction
    • What?
    • Why?
    • How?
  • Data exfiltration (in "Out")
Forest fire
  • Ty Myrddin Home
  • Unseen University
  • Improbability Blog
  • About
  • Contact
Unseen University, 2025, with a forest garden fostered by /ut7.