Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/0xJs/RedTeaming_CheatSheet

Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.
https://github.com/0xJs/RedTeaming_CheatSheet

Last synced: about 1 month ago
JSON representation

Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date.

Host: GitHub
URL: https://github.com/0xJs/RedTeaming_CheatSheet
Owner: 0xJs
License: gpl-3.0
Created: 2021-12-27T17:14:00.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2024-06-19T13:25:17.000Z (3 months ago)
Last Synced: 2024-06-19T23:47:12.796Z (3 months ago)
Language: C++
Size: 90.3 MB
Stars: 1,137
Watchers: 23
Forks: 197
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE.md

Awesome Lists containing this project

awesome-hacking-lists - 0xJs/RedTeaming_CheatSheet - Pentesting cheatsheet with all the commands I learned during my learning journey. Will try to to keep it up-to-date. (C++)

README

        # RedTeaming_CheatSheet

Pentesting / RedTeaming cheatsheet with all the commands and techniques I learned during my learning journey. Will keep it up to date. If you have any recommendations for courses or links or have any questions feel free to dm me on discord. 0xjs#9027

## Index

* [General](#General)

  * [Coding](coding/readme.md)

  * [Open Source Intelligence](OSINT.md)

  * [Python Dependancies](python_dependancies.md)

  * [Windows System Security](windows_security.md)

  * [Hashcracking](hashcracking.md)

* [Infrastructure](infrastructure/readme.md)

  * [Buffer overflow](infrastructure/bufferoverflow.md)

  * [Enumeration](infrastructure/enumeration.md)

  * [Exploitation](infrastructure/exploitation.md)

  * [Privilege Escalation Windows](infrastructure/privesc_windows.md)

  * [Privilege Escalation Linux](infrastructure/privesc_linux.md)

  * [Post Exploitation](infrastructure/post_exploitation.md)

  * [Pivoting](infrastructure/pivoting.md)

* [Windows AD](windows-ad/readme.md)

  * [Relaying](windows-ad/relaying.md)

  * [Initial Access](windows-ad/Initial-Access.md)

  * [Host Reconnaissance](windows-ad/Host-Reconnaissance.md)

  * [Host Persistence](windows-ad/Host-Persistence.md)

  * [Evasion](windows-ad/Evasion.md)

  * [Local privilege escalation](infrastructure/privesc_windows.md)

  * [Post-Exploitation](windows-ad/Post-Exploitation.md)

  * [Lateral Movement](windows-ad/Lateral-Movement.md)

  * [Domain Enumeration](windows-ad/Domain-Enumeration.md) 

  * [Domain Privilege Escalation](windows-ad/Domain-Privilege-Escalation.md)

  * [Domain Persistence](windows-ad/Domain-Persistence.md)

* [Cloud](cloud/readme.md)

  * [Recon \ OSINT](cloud/recon.md)

  * [Initial access attacks](cloud/initial-access-attacks.md)

  * [Cloud services](cloud/readme.md)

    * [Azure](cloud/azure/readme.md)

    * [Amazon Web Services](cloud/aws/readme.md)

    * [Google Cloud Platform](cloud/gc/readme.md)

* [C2 Frameworks]()

  * [Cobalt Strike](cobalt-strike.md)

  * [Covenant](covenant.md)

  * [Metasploit](metasploit.md)

# RedTeaming General

- Definition of Red Teaming by Joe Vest and James Tubberville:

> Red Teaming is the process of using tactics, techniques and procedures (TTPs) to emulate a real-world threat, with the goal of measuring the effectiveness of the people, processes and technologies used to defend an environment.

- OPSEC (Operations Security) is a process that identifies critical information to determine if actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of critical information. It's generally used to describe the "ease" by which actions can be observed by "enemy" intelligence.

# Sources & Credits

Most of my knowledge is gathered from the following coures, so big thanks to them! If you like a specific topic I would recommend taking the courses from them!

- Cloud: CARTP from Altered Security, breaching the cloud from antisyphon, OASP from Cloudbreach, GCRTS from cyberwarfare

- Windows: CRTP, CRTE, PACES from Altered Security, ECPTX from eLearnSecurity and CRTO from ZeroPointSecurity.

- Infra: OSCP, PNPT from TCM Security and Tiberius privesc courses

- OSINT: PNPT Course

- Coding: Pavel Yosifovich & Sektor7 Reenz0h

# Misc

#### Data exfiltration simulation

- https://github.com/FortyNorthSecurity/Egress-Assess

#### Nuget Package Manager dependancies

- Open Tools --> NuGet Package Manager --> Package Manager Settings --> Package Sources

- Add a source. Name `nuget.org` and Source `https://api.nuget.org/v3/index.json`

#### AV / EDR Netblocks for deny listing 

- https://github.com/her0ness/av-edr-urls/blob/main/AV-EDR-Netblocks