[OSCP, PEN-200] Cheat Sheet Table of Contents Recon IP Nmap nmap -sC -sV -T4 {IP}\ sudo nmap -sS {IP}\ All ports: nmap -p- {IP}

[OSCP, PEN-200] Proving Grounds Practice - Windows Table of Contents Algernon image Solution 1. Recon 1.1 Nmap ┌──(chw㉿CHW)-[~]

[OSCP, PEN-200] Proving Grounds Practice - Active Directory Table of Contents Resourced image Solution 1. Recon 1.1 Nmap ┌──(chw㉿CHW)-[~/Resourced]

[OSCP, PEN-200] Proving Grounds Play - Linux Table of Contents Blogger image Solution 1. Recon 1.1 Nmap ┌──(chw㉿CHW)-[~]

§ Work Experioence Company Title Date Description Cymetrics Security Research Engineer Intern 2024/09 - 2025/01/22 Pentesting & Vulnerability assessment

[OSCP, PEN-200] Instructional notes - Part 6 Table of Contents Link back to: "[OSCP, PEN-200] Instructional notes - Part 1" Link back to: "[OSCP, PEN-200] Instructional notes - Part 2" Link back to: "[OSCP, PEN-200] Instructional notes - Part 3" Link back to: "[OSCP, PEN-200] Instructional notes - Part 4" Link back to: "[OSCP, PEN-200] Instructional notes - Part 5" [!Caution] 接續 [OSCP, PEN-200] Instructional notes - Part 5 內容

[OSCP, PEN-200] Instructional notes - Part 2 Table of Contents Link back to: "[OSCP, PEN-200] Instructional notes - Part 1" [!Caution] 接續 [OSCP, PEN-200] Instructional notes - Part 1 內容 Exploits Locating Public Exploits - A Word of Caution

[OSCP, PEN-200] Instructional notes - Part 8 Table of Contents Link back to: "[OSCP, PEN-200] Instructional notes - Part 1" Link back to: "[OSCP, PEN-200] Instructional notes - Part 2" Link back to: "[OSCP, PEN-200] Instructional notes - Part 3" Link back to: "[OSCP, PEN-200] Instructional notes - Part 4" Link back to: "[OSCP, PEN-200] Instructional notes - Part 5" Link back to: "[OSCP, PEN-200] Instructional notes - Part 6" Link back to: "[OSCP, PEN-200] Instructional notes - Part 7"

[OSCP, PEN-200] Instructional notes - Part 7 Table of Contents Link back to: "[OSCP, PEN-200] Instructional notes - Part 1" Link back to: "[OSCP, PEN-200] Instructional notes - Part 2" Link back to: "[OSCP, PEN-200] Instructional notes - Part 3" Link back to: "[OSCP, PEN-200] Instructional notes - Part 4" Link back to: "[OSCP, PEN-200] Instructional notes - Part 5" Link back to: "[OSCP, PEN-200] Instructional notes - Part 6" [!Caution]

[OSCP, PEN-200] Instructional notes - Part 1 Table of Contents Recon Whois whois {Target domain/ip} -h {指定WHOIS 伺服器} Google Hacking 👉🏻 site: 👉🏻 ext: {filetype} 👉🏻 filetype:

[OSCP, PEN-200] Instructional notes - Part 3 Table of Contents Link back to: "[OSCP, PEN-200] Instructional notes - Part 1" Link back to: "[OSCP, PEN-200] Instructional notes - Part 2" [!Caution] 接續 [OSCP, PEN-200] Instructional notes - Part 2 內容 Password Attacks Working with Password Hashes

[OSCP, PEN-200] Instructional notes - Part 4 Table of Contents Link back to: "[OSCP, PEN-200] Instructional notes - Part 1" Link back to: "[OSCP, PEN-200] Instructional notes - Part 2" Link back to: "[OSCP, PEN-200] Instructional notes - Part 3" [!Caution] 接續 [OSCP, PEN-200] Instructional notes - Part 3 內容 Linux Privilege Escalation

[OSCP, PEN-200] Instructional notes - Part 5 Table of Contents Link back to: "[OSCP, PEN-200] Instructional notes - Part 1" Link back to: "[OSCP, PEN-200] Instructional notes - Part 2" Link back to: "[OSCP, PEN-200] Instructional notes - Part 3" Link back to: "[OSCP, PEN-200] Instructional notes - Part 4" [!Caution] 接續 [OSCP, PEN-200] Instructional notes - Part 4 內容

Apache SSL 憑證更換 Table of Contents [!Note] SSL憑證具時效性，本篇只介紹如何更換 若是新服務申請憑證，可以參考 Apache SSL 憑證申請安裝 Apache SSL 憑證申請安裝 向憑證頒發機構 (CA) 購買新的SSL憑證 原本的私鑰 (server.key) 產生新的 CSR

Apache SSL 憑證申請安裝 Table of Contents :::info :bulb: 建立私鑰 RSA 2048 、 產生憑證請求檔(CSR)、完成申請安裝 ::: 建立私鑰 Server.key OpenSSL 工具 Download

CYBERSEC 2024 臺灣資安大會 「AD 已經防不完了，怎麼還有個 Azure AD？」(Steven Meow) Table of Contents Conference Info Conference Title: CYBERSEC 2024 臺灣資安大會Date: 2024.05.16Location: 臺北南港展覽二館 7F 701G Presentation Title: AD 已經防不完了，怎麼還有個 Azure AD？Speaker: 游照臨 (Steven Meow) ｜ 趨勢科技 Threat Researcher, CoreTech Red TeamDescription:\ 在這場議程中，我們將深入探討 Active Directory 和 Azure Active Directory (Entra ID) 的核心差異，揭示 Azure, Entra ID 內所含的資安威脅。我們將以從紅隊角度出發，分析 Entra ID 的潛在風險，並以實例方式展現如何使用特定工具來執行 Enumerate 及 Exploitation, Exfiltration 手法，甚至是 Bypass 2FA 的攻擊方式。此外，我們也會詳述橫向移動的 Hybrid Identity 攻擊手法，包括從本地到雲端，甚至從雲端反打回本地 Active Directory 的技術，例如 Password Hash Sync, Pass-Through Authentication, AD Federation Golden SAML 等。

Elastic stack(ELK) 安裝 on docker [一鍵安裝] Table of Contents :::info :bulb: ELK = Elasticsearch + Logstash + Kibana ::: ELK 介紹 [!Important] 資料來源 → Logstash → Elasticsearch → KibanaLogstash 收集並處理資料。將處理好的資料送入 Elasticsearch 進行儲存和索引。Kibana 從 Elasticsearch 獲取資料，進行可視化和分析。

DEVCORE CONFERENCE 2024 「牆の調查：致 WAF 前的你」 (Mico) Table of Contents Conference Info Conference Title: DEVCORE CONFERENCE 2024Date: 2024.03.16Location: TICC 台北國際會議中心 201 會議室（台北市信義區信義路五段 1 號） Presentation Title: 牆の調查：致 WAF 前的你Speaker: 高敏睿 (Mico) ｜ DEVCORE 資深紅隊演練專家Description:\ "WAF" 作為一種已臻於成熟的技術產品，不僅是抵禦網路威脅的高壘深塹，其發展速度也猶如是向紅隊發出了挑戰。本議程將回顧早期的繞過技巧，以及介紹至今紅隊專家如何鑿壁偷光？議程中將簡單解析 WAF 的基本原理，探討紅隊如何在實際情況中，成功讓關鍵請求繞過這些安全措施。亦會分享一些從實戰中提煉出的經驗，包括那些起初看似不可能繞過，卻屢屢成功實現的真實案例。最後將從戴夫寇爾視角總結 WAF 在當今網路安全生態中的地位和效力。

Elastic stack(ELK) 安裝與教學 Table of Contents :::info :bulb: ELK = Elasticsearch + Logstash + Kibana ::: ELK 介紹 [!Important] 資料來源 → Logstash → Elasticsearch → KibanaLogstash 收集並處理資料。

PortSwigger Web Security LAB (持續更新中..) Table of Contents SQL injection Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data image https://0a1e003a0438320b808a627a00be00fb.web-security-academy.net/ image