1.
Table of Contents
2.
SSH Hijacking
2.1.
SSH-Agent Forwarding
2.2.
ControlMaster
3.
Reverse Shells
3.1.
Netcat with SSL
3.2.
Upgrading Shells with Magic
4.
C2
4.1.
Stealth
4.1.1.
JA3 Obfuscation
5.
Web
5.1.
Gitlab
5.1.1.
Adding a Backdoor User
5.1.2.
ExifTool DjVu (CVE-2021-22205)
5.1.3.
Visual Studio CSPROJ Reverse Shell
5.2.
PHP
5.2.1.
Basic PHP Webshell Oneliner
5.2.2.
PHP Filter Gadget Chain
5.3.
Apache
5.3.1.
Apache Struts RCE (CVE-2023-50164)
6.
Linux
6.1.
Privilege Escalation
6.1.1.
SUDO/SUID/etc
7.
Windows
7.1.
AMSI Bypass
7.1.1.
Powershell AMSI Bypass
7.2.
Stealth
7.2.1.
Reflective PE Loader
7.3.
Lateral Movement
7.3.1.
PSExec
7.3.2.
MOF Upload
7.3.3.
WinRM
7.3.4.
PrintNightmare (CVE-2021-1675)
7.4.
Persistence
7.4.1.
Invisible Registry Keys
7.5.
Privilege Escalation
7.5.1.
Outlook Client (CVE-2023-23397)
7.6.
UAC Bypass
7.6.1.
Mock Folder + Trusted Executable DLL Hijacking
8.
Active Directory
8.1.
SharpGPOAbuse
8.2.
Certificate Template Abuse
8.3.
Vulnerabilities
8.3.1.
Zerologon (CVE-2020-1472)
9.
Impact
9.1.
Website Defacement
9.2.
GonnaCope
Contributors
Light
Rust
Coal
Navy
Ayu
Matrix
Hacknum-Opus
Apache
Apache Struts RCE (CVE-2023-50164)