Blog

Useful sites for pentesting

Aug 13, 2018 | 1 minute read

Tags: tips, pentest

Introduction

This is will be a centralized place for me to put all the useful sites for pentesting so that I can reference them quickly.

This is not a place for exploit development. I will probably make a separate list in the future. No promises.

url description
https://vincentyiu.co.uk/red-team-tips/ short and sweet tips, should review it from time to time
http://www.fuzzysecurity.com/tutorials/16.html basic windows priv esc (local)
https://pentestlab.blog/2018/06/12/kerberoast/ kerberoast to gain service accounts
https://decoder.cloud/2017/12/23/the-lonely-potato/ service accounts priv esc using rotten potato
url description
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ pretty much the checklist for linux priv esc. Follow thoroughly, do not miss a step!
url function
https://github.com/Cgboal/SonarSearch Subdomain Look up using Rapid7 Sonar Project. Passive Recon