1. 1. Table of Contents
  2. 2. SSH Hijacking
    1. 2.1. SSH-Agent Forwarding
    2. 2.2. ControlMaster
  4. 3. Reverse Shells
    1. 3.1. Netcat with SSL
    2. 3.2. Upgrading Shells with Magic
  6. 4. C2
    1. 4.1. Stealth
      1. 4.1.1. JA3 Obfuscation
  8. 5. Web
    1. 5.1. Gitlab
      1. 5.1.1. Adding a Backdoor User
      2. 5.1.2. ExifTool DjVu (CVE-2021-22205)
      3. 5.1.3. Visual Studio CSPROJ Reverse Shell
    3. 5.2. PHP
      1. 5.2.1. Basic PHP Webshell Oneliner
      2. 5.2.2. PHP Filter Gadget Chain
    5. 5.3. Apache
      1. 5.3.1. Apache Struts RCE (CVE-2023-50164)
  10. 6. Linux
    1. 6.1. Privilege Escalation
      1. 6.1.1. SUDO/SUID/etc
  12. 7. Windows
    1. 7.1. AMSI Bypass
      1. 7.1.1. Powershell AMSI Bypass
    3. 7.2. Stealth
      1. 7.2.1. Reflective PE Loader
    5. 7.3. Lateral Movement
      1. 7.3.1. PSExec
      2. 7.3.2. MOF Upload
      3. 7.3.3. WinRM
      4. 7.3.4. PrintNightmare (CVE-2021-1675)
    7. 7.4. Persistence
      1. 7.4.1. Invisible Registry Keys
    9. 7.5. Privilege Escalation
      1. 7.5.1. Outlook Client (CVE-2023-23397)
    11. 7.6. UAC Bypass
      1. 7.6.1. Mock Folder + Trusted Executable DLL Hijacking
  14. 8. Active Directory
    1. 8.1. SharpGPOAbuse
    2. 8.2. Certificate Template Abuse
    3. 8.3. Vulnerabilities
      1. 8.3.1. Zerologon (CVE-2020-1472)
  16. 9. Impact
    1. 9.1. Website Defacement
    2. 9.2. GonnaCope
  18. Contributors

Hacknum-Opus

  • Stealth
    • JA3 Obfuscation