Offensive Security Cheatsheet
Informations & Disclaimer
1/ This website is my personnal cheatsheet, a document used to centralize
many informations about cybersecurity techniques and payloads.
2/ Content, commands and tools provided on this website can cause damages
to websites and systems you might want to use them against.
Remember that is is illegal to scan or attack a resource that does not belong to you.
3/ Content is taken from my personnal experience but also from several
online resources and cheatsheets. I also made a resources sections, linking to several
resources I found or used. This section has been made lately, so all informations might
not be sourced (but well, I try to)!
4/ This website is for educationnal and "memo" purpose only.
It does not aim to weaponize anyone.
5/ If you have any request (Something that is wrong, removing informations...)
please do not hesitate to contact me on Twitter (@Haax9_).
6/ If this place have been useful to you, leave a star on the github project, or retweet/follow through Twitter (@Haax9_).
Don't mind sharing it, as it could help others too =).
7/ I'm also posting some writeups (HackTheBox, CTF..) and other cybersecurity stuff on a blog,
available in French and English !
--> https://haax.fr
Updates
11/09/2022 (Yeah, it’s been a while!)
- Web :
- Tool : Bypass-URL-parser (Bypass 403)
- Resource : Subdomains Tools Review: a full and detailed comparison of subdomain enumeration tools
- Windows :
- Resource : Azure Red Team Repo
- Resource/Tool : Introduction to Azure Penetration Testing
- Resource : I’m bringing relaying back: A comprehensive guide on relaying anno 2022
- Tips : BloodHound usage and tips for when builtin doesn't give results
- Tools/Tips : Dumping SAM from Kali in 2022 (On recent Windows 10) - pypykatz
- Tools/Tips : From Backup Operator To Domain Admin / SeBackUpPrivilege
- OSINT :
- Tool : F4Map (Geolocation/3D Vizualisation)
- Resource : Le monde entier est un qactus (OpenFacto)
- Phishing/CTI/OSINT :
- Tools : The Spamhaus Project
- Tools/Resource : Steal Credentials & Bypass 2FA Using noVNC
- CTI :
- Resource : Analyzing Network Infrastructure as Composite Objects
- Resource : Extrapolating Adversary Intent Through Infrastructure
- Resource : Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity
31/01/2022
- OSINT :
- Tool : nexfil (Username checking)
- Tool : Sentinel Hub Playground
- Tool : Carto GRAOU (French trains)
- Tool : Marple (Username)
- Tool : Mailcait (Emails/Use)
- Tool : DaProfiler (French recon)
- Tool : OSINT World Map
- Tool : MOSINT (E-mail)
- Resource : OSINT At Home #9 – My Top 4 Free Satellite Imagery Sources (BenDoBrown)
- Resource : Décomptes Publics
- Web :
- Resource : Web Vulnerability Analysis Category (SecurityOnline)
- Resource : Web App Pentesting With Burp Suite Scan Profiles
- Windows :
- New section : Print Spooler
- Tool : PetitPotam
- Tool : MicroBusrt (A PowerShell Toolkit for Attacking Azure)
- Tool : HiveNightmare (SeriousSAM)
- Tool : Snaffler
- Tool : Adidnsdump
- Tool : ItWasAllADream
- Tips : MS14-025 password encoder
- Tool : DonPAPI
- Tool : LDAPMonitor
- Tips : rundll32.exe to dump LSASS
- Ressource : #HiveNightmare aka #SeriousSAM — anybody can read the registry in Windows 10
- Resource : Azure Services related
- Resource : Force NTLM Privileged Authentication (HackTricks)
- Resource : MS-RPRN abuse (PrinterBug)
- Resource : MS-EFSR abuse (PetitPotam)
- Resource : Pentesting Active Directory Mindmap
- Resource : Atomic Red Team
- Resource : Powershell command for enumerating AD
- Resource : Webcast Getting Started in Pentesting The Cloud: Azure
- MISC :
- Resource : Default Creds Cheatsheet
- Resource : TheBlackSide CTF platform + Others challenges platform
- Tool : Lestat (Passcracking)
- New Section : Defensive, Monitoring, CTI...
- New subsection : Defensive OSINT and CTI
- Tool : Certstream (Monitoring CT)
- New subsection : Defensive Active Directory
- Resource : BloodHound versus Ransomware: A Defender’s Guide
- Resource : Detecting Resilient Adversaries - Active Directory
14/07/2021
- General Info :
- Update format modified (category instead of information type, web, OSINT, Windows...)
- CTI :
- Resource : A Cyber Threat Intelligence Self-Study Plan: Part 1
- Web :
- Tool : Qsreplace
- Tool : Nuclei usage and infos
- Tool : page-fetch
- Tool : x8
- Tool : NoSQLMap
- Tool : subjs / LinkFinder / SecretFinder (JS extraction)
- Tool : XSStrike
- Resource : Prototype Pollution
- Resource : x8, Arjun, Param Miner comparison
- OSINT :
- Tool : Ignorant (Phone numbers)
- Tool : Zoom.earth (GEOINT)
- Tool : Justgetmydata website (OPSEC)
- Tool : Elephind (Newspaper Archives)
- Tool : Peakvisor app (Mountains identification)
- Tool : International Numbering Plan (Phone number analysis)
- Tool : HLR Lookups (Phone identification)
- Tool : Lusha
- Tool : Kaspr
- Tool : Whatsmyname.app
- Tool : IP Reputation Lookup (Team Cymru)
- Tool : Thingful.net (IoT map)
- Tool : w3dt.net (DNS, HTTP, Database lookups...)
- Tool : Crobat / Sonarsearch / Omnisint (Web/DNS)
- Resource : The space speedometer : Using some simple algebra and satellite imagery to determine ship speed
- Resource : "OSINT" : Explorer l'espace informel Russe (OSINT Russia guide)
- Resource : Geolocating a Plane Shot Down in Ethiopia – Case Studies on Mountain Profiling with PeakVisor
- Resource : Phone numbers investigation, the open source way
- Windows Systems :
- Tool : Bloodhound-quickwins
- Tool : AzureAD enumeration module
- Tricks/Methods : MS14-025 Cyberchef encryption
- Tricks/Methods : AMSI Bypass methods
- Tricks/Methods : [adsisearcher] built-in AD enumeration
- Tricks/Methods : Kerberoasting attack without prior access
- Resource : Kerberoasting without SPNs
- Resource : Windows & Active Directory Exploitation Cheat Sheet and Command Reference
- Resource : zer1t0's guide for attacking Active Directory (really great paper!)
- Resource : Hunting for Skeleton Key implants
- Resource : Hunting for Impacket
- Resource : Windows AMSI Bypass links
- MISC :
- Tool : Passe-partout (SSL Extraction)
- Tool : Swap Digger (Linux)
- Tool : Argon2 Cracker
- Tool : Message Header Analysis
- New section : Kubernetes (Other Systems)
- Resource : Privilege Escalation cheatsheet for OSCP (Vulnhub)
06/02/2021
- OSINT Tools :
- DumpItBlue Extension
- Maigret
- Social Analyzer
- OSINT.sh
- World Postal Codes
- Added "OSINT in the air" category!
- OSINT Resources
- Amnesty International Course : Open Source Investigations for Human Rights
- Darknet Markets for Investigators
- Flowcharts to distinguish European languages
- OSINT Trick
- Instagram trick for viewing post (/embed/captioned)
- Web Pentest Tools
- HTTP Methods Tester
- Burp Suite Extension - Asset history
- Firefox extension - HackTools
- Bypa4xx tool
- Findomain / Subfinder
- Leaks
- Breachdirectory
- Cyber Threat Intel
- APT Map
- MISC
- Le dessous des cartes Youtube channel (Geopolitics)
- Windows Pentest
- Precisions for Kerberos Delegations attacks
21/01/2021
- OSINT Tools :
- Carbondate / Carbon14
- shadow calculator
- Instagram Location Search
- Searching unique identifier on Facebook
- isearchfrom
- Google Maps Alternatives
- Screenshots
- emailrep.io
- 360cities
- Holehe web version
- Time and Date
- OSINT Resources & Tricks :
- The OSINT Library
- Geotips
- Open Street Map and Overpass part (OSINT/GEOINT)
- some OSINT resources links
- Infosec Resource : The Hacker Recipes
- Windows Resource : WADComs interactive cheatsheet
- Added OPSEC Resources
- Added Any.run to resources
- Updated the phishing part (SSL & tips)
- Passcracking tool : Wrapcat
- +Added previous unreported resources, tools and tips
Acknowledgments
Special thanks to @Maki for teaching many tricks, methods and for the Hugo theme, but also to @_ACKNAK_ for the cheatsheet basis I started from, some months ago. And generally speaking, thanks to everyone sharing content and knowledge ! :)