navigation

Offensive Security Cheatsheet

Informations & Disclaimer

1/ This website is my personnal cheatsheet, a document used to centralize  
   many informations about cybersecurity techniques and payloads.

2/ Content, commands and tools provided on this website can cause damages 
   to websites and systems you might want to use them against.  
   Remember that is is illegal to scan or attack a resource that does not belong to you.

3/ Content is taken from my personnal experience but also from several
   online resources and cheatsheets. I also made a resources sections, linking to several
   resources I found or used. This section has been made lately, so all informations might
   not be sourced (but well, I try to)!

4/ This website is for educationnal and "memo" purpose only.
   It does not aim to weaponize anyone.

5/ If you have any request (Something that is wrong, removing informations...)  
   please do not hesitate to contact me on Twitter (@Haax9_).

6/ If this place have been useful to you, leave a star on the github project, or retweet/follow through Twitter (@Haax9_).
   Don't mind sharing it, as it could help others too =).

7/ I'm also posting some writeups (HackTheBox, CTF..) and other cybersecurity stuff on a blog,
   available in French and English !
   --> https://haax.fr


Updates

31/01/2022
- OSINT :
   - Tool : nexfil (Username checking)
   - Tool : Sentinel Hub Playground
   - Tool : Carto GRAOU (French trains)
   - Tool : Marple (Username)
   - Tool : Mailcait (Emails/Use)
   - Tool : DaProfiler (French recon)
   - Tool : OSINT World Map
   - Tool : MOSINT (E-mail)
   - Resource : OSINT At Home #9 – My Top 4 Free Satellite Imagery Sources (BenDoBrown)
   - Resource : Décomptes Publics

- Web : 
   - Resource : Web Vulnerability Analysis Category (SecurityOnline)
   - Resource : Web App Pentesting With Burp Suite Scan Profiles

- Windows :
   - New section : Print Spooler
   - Tool : PetitPotam
   - Tool : MicroBusrt (A PowerShell Toolkit for Attacking Azure)
   - Tool : HiveNightmare (SeriousSAM)
   - Tool : Snaffler
   - Tool : Adidnsdump
   - Tool : ItWasAllADream
   - Tips : MS14-025 password encoder
   - Tool : DonPAPI
   - Tool : LDAPMonitor
   - Tips : rundll32.exe to dump LSASS
   - Ressource : #HiveNightmare aka #SeriousSAM — anybody can read the registry in Windows 10
   - Resource : Azure Services related
   - Resource : Force NTLM Privileged Authentication (HackTricks)
   - Resource : MS-RPRN abuse (PrinterBug)
   - Resource : MS-EFSR abuse (PetitPotam)
   - Resource : Pentesting Active Directory Mindmap
   - Resource : Atomic Red Team
   - Resource : Powershell command for enumerating AD
   - Resource : Webcast Getting Started in Pentesting The Cloud: Azure

- MISC :
   - Resource : Default Creds Cheatsheet
   - Resource : TheBlackSide CTF platform + Others challenges platform
   - Tool : Lestat (Passcracking)

- New Section : Defensive, Monitoring, CTI...
   - New subsection : Defensive OSINT and CTI
      - Tool : Certstream (Monitoring CT)
   - New subsection : Defensive Active Directory
      - Resource : BloodHound versus Ransomware: A Defender’s Guide
      - Resource : Detecting Resilient Adversaries - Active Directory
14/07/2021
- General Info : 
   - Update format modified (category instead of information type, web, OSINT, Windows...)

- CTI :
   - Resource : A Cyber Threat Intelligence Self-Study Plan: Part 1

- Web :
   - Tool : Qsreplace
   - Tool : Nuclei usage and infos
   - Tool : page-fetch
   - Tool : x8
   - Tool : NoSQLMap
   - Tool : subjs / LinkFinder / SecretFinder (JS extraction)
   - Tool : XSStrike
   - Resource : Prototype Pollution
   - Resource : x8, Arjun, Param Miner comparison

- OSINT : 
   - Tool : Ignorant (Phone numbers)
   - Tool : Zoom.earth (GEOINT)
   - Tool : Justgetmydata website (OPSEC)
   - Tool : Elephind (Newspaper Archives)
   - Tool : Peakvisor app (Mountains identification)
   - Tool : International Numbering Plan (Phone number analysis)
   - Tool : HLR Lookups (Phone identification)
   - Tool : Lusha
   - Tool : Kaspr
   - Tool : Whatsmyname.app 
   - Tool : IP Reputation Lookup (Team Cymru)
   - Tool : Thingful.net (IoT map)
   - Tool : w3dt.net (DNS, HTTP, Database lookups...)
   - Tool : Crobat / Sonarsearch / Omnisint (Web/DNS)
   - Resource : The space speedometer : Using some simple algebra and satellite imagery to determine ship speed
   - Resource : "OSINT" : Explorer l'espace informel Russe (OSINT Russia guide)
   - Resource : Geolocating a Plane Shot Down in Ethiopia – Case Studies on Mountain Profiling with PeakVisor
   - Resource : Phone numbers investigation, the open source way

- Windows Systems :
   - Tool : Bloodhound-quickwins
   - Tool : AzureAD enumeration module
   - Tricks/Methods : MS14-025 Cyberchef encryption
   - Tricks/Methods : AMSI Bypass methods
   - Tricks/Methods : [adsisearcher] built-in AD enumeration
   - Tricks/Methods : Kerberoasting attack without prior access
   - Resource : Kerberoasting without SPNs
   - Resource : Windows & Active Directory Exploitation Cheat Sheet and Command Reference
   - Resource : zer1t0's guide for attacking Active Directory (really great paper!)
   - Resource : Hunting for Skeleton Key implants
   - Resource : Hunting for Impacket
   - Resource : Windows AMSI Bypass links

- MISC :
   - Tool : Passe-partout (SSL Extraction)
   - Tool : Swap Digger (Linux)
   - Tool : Argon2 Cracker
   - Tool : Message Header Analysis
   - New section : Kubernetes (Other Systems)
   - Resource : Privilege Escalation cheatsheet for OSCP (Vulnhub)
06/02/2021
- OSINT Tools :
   - DumpItBlue Extension
   - Maigret
   - Social Analyzer
   - OSINT.sh
   - World Postal Codes
   - Added "OSINT in the air" category!

- OSINT Resources
   - Amnesty International Course : Open Source Investigations for Human Rights
   - Darknet Markets for Investigators
   - Flowcharts to distinguish European languages

- OSINT Trick
   - Instagram trick for viewing post (/embed/captioned)

- Web Pentest Tools
   - HTTP Methods Tester
   - Burp Suite Extension - Asset history
   - Firefox extension - HackTools
   - Bypa4xx tool
   - Findomain / Subfinder

- Leaks
   - Breachdirectory

- Cyber Threat Intel
   - APT Map

- MISC
   - Le dessous des cartes Youtube channel (Geopolitics)

- Windows Pentest
   - Precisions for Kerberos Delegations attacks
21/01/2021
- OSINT Tools :
   - Carbondate / Carbon14
   - shadow calculator
   - Instagram Location Search
   - Searching unique identifier on Facebook
   - isearchfrom
   - Google Maps Alternatives
   - Screenshots
   - emailrep.io
   - 360cities
   - Holehe web version
   - Time and Date

- OSINT Resources & Tricks :
   - The OSINT Library
   - Geotips
   - Open Street Map and Overpass part (OSINT/GEOINT)
   - some OSINT resources links
 
- Infosec Resource : The Hacker Recipes
- Windows Resource : WADComs interactive cheatsheet
- Added OPSEC Resources
- Added Any.run to resources

- Updated the phishing part (SSL & tips)
- Passcracking tool : Wrapcat

- +Added previous unreported resources, tools and tips


Acknowledgments

Special thanks to @Maki for teaching many tricks, methods and for the Hugo theme, but also to @_ACKNAK_ for the cheatsheet basis I started from, some months ago. And generally speaking, thanks to everyone sharing content and knowledge ! :)