-
NFS (Network File System) Cheat Sheet for Penetration Testers
Network File System (NFS) is a protocol that allows file sharing across networks. Misconfigured NFS shares can expose sensitive data or allow unauthorized access, making them a valuable target in penetration testing. This cheat sheet covers enumeration, exploitation techniques, and privilege escalation strategies. 1. Enumerating NFS Shares Checking for NFS… Continue ⇢
-
MSSQL Cheat Sheet for Penetration Testers
Microsoft SQL Server (MSSQL) is a common target in penetration testing due to misconfigurations, weak credentials, and privilege escalation opportunities. This cheat sheet provides enumeration techniques, privilege escalation methods, and exploitation tactics useful for pentesters and red teamers. 1. Connecting to MSSQL Using sqsh (Linux) Connects to an MSSQL server… Continue ⇢
-
MySQL Cheat Sheet for Penetration Testers
MySQL is one of the most widely used relational database management systems. Security misconfigurations and weak credentials can expose databases to attacks, making it a valuable target in pentesting engagements. This cheat sheet covers enumeration, exploitation techniques, and privilege escalation strategies for MySQL. 1. Basic MySQL Enumeration Connecting to MySQL… Continue ⇢
-
DNS Cheat Sheet for Penetration Testers
DNS (Domain Name System) is a fundamental service in networks, responsible for translating domain names into IP addresses. Misconfigurations in DNS can lead to information disclosure and security vulnerabilities. This cheat sheet covers essential commands for enumeration, exploitation techniques, and best practices for offensive security assessments. 1. DNS Enumeration Basic… Continue ⇢
-
Pivoting Cheat Sheet for Penetration Testers
Pivoting is a crucial technique in penetration testing and red teaming that allows attackers to move laterally through a compromised network. This involves routing traffic through an intermediate machine to reach internal systems that are otherwise inaccessible. Understanding and properly using pivoting techniques enables deeper access into a target environment.… Continue ⇢
-
SSH Cheat Sheet for Penetration Testers
Secure Shell (SSH) is a widely used protocol for secure remote access to systems. While SSH is designed for security, misconfigurations and weak credentials can make it vulnerable to attacks. This cheat sheet covers enumeration, authentication attacks, exploitation, and post-exploitation techniques relevant to penetration testers. 1. Service Enumeration Identify SSH… Continue ⇢
-
SMB Cheat Sheet for Penetration Testers
The Server Message Block (SMB) protocol is used for file sharing, printer sharing, and network communication in Windows environments. It operates primarily over TCP ports 139 and 445. Misconfigured SMB services are a common attack vector in penetration testing. This cheat sheet covers enumeration, exploitation, post-exploitation techniques, and mitigation strategies… Continue ⇢
-
FTP Cheat Sheet for Penetration Testers
The File Transfer Protocol (FTP) is a standard network protocol used to transfer files between a client and a server. It operates over TCP port 21 and supports authentication via usernames and passwords or anonymous access. This cheat sheet provides enumeration commands, basic attacks, and post-exploitation techniques useful in penetration… Continue ⇢
-
How to Evade AVs and EDRs in Red Team Engagements
In modern Red Team engagements, Antivirus (AV) and Endpoint Detection and Response (EDR) solutions represent significant challenges for penetration testers and adversary simulation teams. These security mechanisms continuously evolve to detect and mitigate malicious activity, behavioral anomalies, and memory-based attacks. However, understanding how they work enables security professionals to develop… Continue ⇢
You must be logged in to post a comment.