# Red Teaming - [Enumeration](/ctfnote/red-teaming/enumeration.md) - [Service Enumeration](/ctfnote/red-teaming/enumeration/service-enumeration.md) - [SMTP (Port 25)](/ctfnote/red-teaming/enumeration/service-enumeration/smtp-port-25.md) - [Samba (Port 139, 445)](/ctfnote/red-teaming/enumeration/service-enumeration/samba-port-139-445.md) - [SNMP (Port 161,162,10161,10162)](/ctfnote/red-teaming/enumeration/service-enumeration/snmp-port-161-162-10161-10162.md) - [rsync (Port 873)](/ctfnote/red-teaming/enumeration/service-enumeration/rsync-port-873.md) - [NFS (Port 2049)](/ctfnote/red-teaming/enumeration/service-enumeration/nfs-port-2049.md) - [Apache JServ Protocol (Port 8081)](/ctfnote/red-teaming/enumeration/service-enumeration/apache-jserv-protocol-port-8081.md): Ghostcat - [NetBIOS](/ctfnote/red-teaming/enumeration/service-enumeration/netbios.md): Network Basic Input/Output System - [Nmap](/ctfnote/red-teaming/enumeration/nmap.md): Search for hosts on a network - [Gobuster / Feroxbuster / FUFF / Wfuzz](/ctfnote/red-teaming/enumeration/gobuster-feroxbuster-fuff-wfuzz.md) - [Drupal](/ctfnote/red-teaming/enumeration/drupal.md) - [Exploitation](/ctfnote/red-teaming/exploitation.md): Hack The Planet - [Public Exploits](/ctfnote/red-teaming/exploitation/public-exploits.md): searchsploit, Github - [PHP Webshells](/ctfnote/red-teaming/exploitation/php-webshells.md): wso, p0wny - [Reverse Shell](/ctfnote/red-teaming/exploitation/reverse-shell.md) - [TTY](/ctfnote/red-teaming/exploitation/tty.md) - [File Transfer](/ctfnote/red-teaming/exploitation/file-transfer.md) - [Metasploit](/ctfnote/red-teaming/exploitation/metasploit.md) - [Password Spray](/ctfnote/red-teaming/exploitation/password-spray.md) - [Buffer Overflow](/ctfnote/red-teaming/buffer-overflow.md) - [Step 0: Spiking (Optional)](/ctfnote/red-teaming/buffer-overflow/step-0-spiking-optional.md): generic\_send\_tcp - [Step 1: Fuzzing](/ctfnote/red-teaming/buffer-overflow/step-1-fuzzing.md): AAAAAAAA - [Step 2: Finding the Offset](/ctfnote/red-teaming/buffer-overflow/step-2-finding-the-offset.md): pattern\_create and pattern\_offset - [Step 3: Overwriting the EIP](/ctfnote/red-teaming/buffer-overflow/step-3-overwriting-the-eip.md): EIP=0x42424242 - [Step 4: Finding Bad Characters](/ctfnote/red-teaming/buffer-overflow/step-4-finding-bad-characters.md): badchars - [Step 5: Finding the Right Module](/ctfnote/red-teaming/buffer-overflow/step-5-finding-the-right-module.md): JMP ESP - [Step 6: Generating Shellcode and Gaining Root](/ctfnote/red-teaming/buffer-overflow/step-6-generating-shellcode-and-gaining-root.md): msfvenom - [Privilege Escalation](/ctfnote/red-teaming/privilege-escalation.md) - [Linux Privilege Escalation](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation.md) - [Linux Permissions](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/linux-permissions.md): rwx - [Manual Enumeration](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/manual-enumeration.md): System, user, network, and password - [Automated Tools](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/automated-tools.md): LinPEAS! - [Kernel Exploits](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/kernel-exploits.md): Dirty Cow! - [Passwords and File Permissions](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/passwords.md): Plaintext passwords vs. password hashes - [SSH Keys](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/ssh-keys.md): id\_rsa, id\_rsa.pub, authorized\_keys - [Sudo](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/sudo.md): sudo -l - [SUID](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/suid.md): find / -perm -u=s -type f 2>/dev/null - [Capabilities](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/capabilities.md): "Better" than SUID but vulnerable in the same way - [Cron Jobs](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/cron-jobs.md): /etc/crontab - [NFS Root Squashing](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/nfs-root-squashing.md): no\_root\_sqush - [Docker](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/docker.md): docker run -v /:/mnt --rm -it bash chroot /mnt sh - [GNU C Library](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/gnu-c-library.md): ldd --version - [Exim](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/exim.md): which exim - [Linux Privilege Escalation Course Capstone](/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/linux-privilege-escalation-course-capstone.md): Five boxes from TryHackMe - [Windows Privilege Escalation](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation.md) - [Manual Enumeration](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/manual-enumeration.md): System, user, network, password, and AV - [Automated Tools](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/tools.md): WinPEAS! - [Kernel Exploits](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/kernel-exploits.md): Kitrap0d! - [Passwords and Port Forwarding](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/passwords-and-port-forwarding.md): plink.exe - [WSL](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/windows-subsystem-for-linux.md): Windows Subsystem for Linux - [Token Impersonation and Potato Attacks](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/token-impersonation-and-potato-attacks.md) - [Meterpreter getsystem](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/meterpreter-getsystem.md): Easy win??? Not really. - [Runas](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/runas.md) - [UAC Bypass](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/uac-bypass.md) - [Registry](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/registry.md) - [Executable Files](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/executable-files-1.md) - [Startup Applications](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/startup-applications.md) - [DLL Hijacking](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/dll-hijacking.md) - [Service Permissions (Paths)](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/service-permissions-paths.md) - [CVE-2019-1388](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/cve-2019-1388.md) - [HiveNightmare](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/hivenightmare.md): aka SeriousSam or CVE-2021–36934 - [Bypass Space Filter](/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/crazy-stuff.md): C:\PROGRA~2 - [Post Exploitation](/ctfnote/red-teaming/post-exploitation.md) - [Linux Post Exploitation](/ctfnote/red-teaming/post-exploitation/linux-post-exploitation.md) - [Add a User](/ctfnote/red-teaming/post-exploitation/linux-post-exploitation/add-a-user.md) - [SSH Key](/ctfnote/red-teaming/post-exploitation/linux-post-exploitation/ssh-key.md) - [Windows Post Exploitation](/ctfnote/red-teaming/post-exploitation/windows-post-exploitation.md) - [windows-resources](/ctfnote/red-teaming/post-exploitation/windows-post-exploitation/windows-resources.md) - [Add a User](/ctfnote/red-teaming/post-exploitation/windows-post-exploitation/add-a-user.md) - [RDP](/ctfnote/red-teaming/post-exploitation/windows-post-exploitation/rdp.md) - [Pivoting](/ctfnote/red-teaming/pivoting.md) - [Windows: Chisel](/ctfnote/red-teaming/pivoting/windows-chisel.md) - [Linux: sshuttle](/ctfnote/red-teaming/pivoting/linux-sshuttle.md) - [Active Directory (AD)](/ctfnote/red-teaming/active-directory-ad.md) - [Initial Compromise](/ctfnote/red-teaming/active-directory-ad/initial-compromise.md) - [HTA Phishing](/ctfnote/red-teaming/active-directory-ad/initial-compromise/hta-phishing.md) - [VBA Macro Phishing](/ctfnote/red-teaming/active-directory-ad/initial-compromise/vba-macro-phishing.md) - [LLMNR Poisoning](/ctfnote/red-teaming/active-directory-ad/initial-compromise/llmnr-poisoning.md) - [SMB Relay](/ctfnote/red-teaming/active-directory-ad/initial-compromise/smb-relay.md) - [GPP / cPassword](/ctfnote/red-teaming/active-directory-ad/initial-compromise/gpp-cpassword.md): gpp-decrypt - [Domain Enumeration](/ctfnote/red-teaming/active-directory-ad/domain-enumeration.md) - [Manual Enumeration](/ctfnote/red-teaming/active-directory-ad/domain-enumeration/manual-enumeration.md) - [PowerView](/ctfnote/red-teaming/active-directory-ad/domain-enumeration/powerview.md) - [BloodHound](/ctfnote/red-teaming/active-directory-ad/domain-enumeration/bloodhound.md) - [Lateral Movement](/ctfnote/red-teaming/active-directory-ad/lateral-movement.md) - [PsExec](/ctfnote/red-teaming/active-directory-ad/lateral-movement/psexec.md) - [WMI](/ctfnote/red-teaming/active-directory-ad/lateral-movement/wmi.md) - [Runas](/ctfnote/red-teaming/active-directory-ad/lateral-movement/runas.md) - [Pass the Hash](/ctfnote/red-teaming/active-directory-ad/lateral-movement/pass-the-hash.md) - [Overpass the Hash](/ctfnote/red-teaming/active-directory-ad/lateral-movement/overpass-the-hash.md) - [Pass the Ticket](/ctfnote/red-teaming/active-directory-ad/lateral-movement/pass-the-ticket.md) - [Kerberos](/ctfnote/red-teaming/active-directory-ad/kerberos.md) - [Kerberoast](/ctfnote/red-teaming/active-directory-ad/kerberos/kerberoast.md) - [AS-REP Roast](/ctfnote/red-teaming/active-directory-ad/kerberos/as-rep-roast.md) - [MS SQL Server](/ctfnote/red-teaming/active-directory-ad/ms-sql-server.md) - [Command & Control (C2)](/ctfnote/red-teaming/command-and-control-c2.md) - [Cobalt Strike](/ctfnote/red-teaming/command-and-control-c2/cobalt-strike.md) - [Bypassing Defences](/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/bypassing-defences.md) - [Artifact Kit](/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/bypassing-defences/artifact-kit.md) - [Resource Kit](/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/bypassing-defences/resource-kit.md) - [AMSI Bypass](/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/bypassing-defences/amsi-bypass.md) - [PowerPick](/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/bypassing-defences/powerpick.md) - [Extending Cobalt Strike](/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/extending-cobalt-strike.md) - [Elevate Kit](/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/extending-cobalt-strike/elevate-kit.md) - [Malleable C2 Profile](/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/extending-cobalt-strike/malleable-c2-profile.md) - [Metasploit](/ctfnote/red-teaming/command-and-control-c2/metasploit.md) - [Payloads](/ctfnote/red-teaming/command-and-control-c2/metasploit/payloads.md) - [Post Exploitation](/ctfnote/red-teaming/command-and-control-c2/metasploit/post-exploitation.md) - [Automation](/ctfnote/red-teaming/command-and-control-c2/metasploit/automation.md) - [C2 Development](/ctfnote/red-teaming/command-and-control-c2/c2-development.md) - [Malware Development](/ctfnote/red-teaming/malware-development.md) - ["Hot Dropper"](/ctfnote/red-teaming/malware-development/hot-dropper.md) - [PE Format](/ctfnote/red-teaming/malware-development/pe-format.md) - [Overview](/ctfnote/red-teaming/malware-development/pe-format/overview.md) - [Process Injection](/ctfnote/red-teaming/malware-development/process-injection.md) - [Reflective DLL](/ctfnote/red-teaming/malware-development/reflective-dll.md) - [x86 <=> x64](/ctfnote/red-teaming/malware-development/x86-less-than-greater-than-x64.md) - [Hooking](/ctfnote/red-teaming/malware-development/hooking.md) - [VeraCry](/ctfnote/red-teaming/malware-development/veracry.md) - [Offensive C#](/ctfnote/red-teaming/malware-development/offensive-c.md) - [AV Evasion](/ctfnote/red-teaming/malware-development/av-evasion.md) - [AV Evasion with C# and PowerShell](/ctfnote/red-teaming/malware-development/av-evasion/av-evasion-with-c-and-powershell.md) - [AMSI Bypass](/ctfnote/red-teaming/malware-development/av-evasion/amsi-bypass.md)