├── ActiveDirectory.md ├── Android-Applications-Checklist.md ├── AppLocker.md ├── Checklist.png ├── Command&Control.md ├── Credential-Access.md ├── Defense-Evasion.md ├── Domain-Escalation.md ├── Domain-Persistence.md ├── Environment-Breakout-Checklist.md ├── Initial-Access.md ├── Lateral-Movement.md ├── Linux-Privilege-Escalation.md ├── Microsoft Exchange.md ├── Persistence.md ├── README.md ├── VoIP Checklist.md ├── Windows-Build-Review-Checklist.md └── Windows-Privilege-Escalation.md /ActiveDirectory.md: -------------------------------------------------------------------------------- 1 | # Active Directory 2 | 3 | * [AD-001 - Golden Ticket](https://pentestlab.blog/2018/04/09/golden-ticket/) 4 | * [AD-002 - Skeleton Key](https://pentestlab.blog/2018/04/10/skeleton-key/) 5 | * [AD-003 - DCShadow](https://pentestlab.blog/2018/04/16/dcshadow/) 6 | * [AD-004 - SPN Discovery](https://pentestlab.blog/2018/06/04/spn-discovery/) 7 | * [AD-005 - Kerberoast](https://pentestlab.blog/2018/06/12/kerberoast/) 8 | * [AD-006 - Dumping Domain Password Hashes](https://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/) 9 | -------------------------------------------------------------------------------- /Android-Applications-Checklist.md: -------------------------------------------------------------------------------- 1 | # Android Mobile Application Checklist 2 | * [AMA-001 - Manifest File Review](https://pentestlab.blog/2017/01/24/security-guidelines-for-android-manifest-files/) 3 | * [AMA-002 - Insecure WebView Implementation](https://pentestlab.blog/2017/02/12/android-webview-vulnerabilities/) 4 | * AMA-003 - Lack of Certificate Pinning 5 | * AMA-004 - No Rooting Detection 6 | * AMA-005 - Application Certificate 7 | * AMA-006 - Lack of Code Obfuscation 8 | * AMA-007 - Plaintext Data 9 | * [AMA-008 - APK Payload Injection](https://pentestlab.blog/2017/06/26/injecting-metasploit-payloads-into-android-applications-manually/) 10 | -------------------------------------------------------------------------------- /AppLocker.md: -------------------------------------------------------------------------------- 1 | # AppLocker Bypass 2 | 3 | * [AL-01 - InstallUtil](https://pentestlab.blog/2017/05/08/applocker-bypass-installutil/) 4 | * [AL-02 - Regsvr32](https://pentestlab.blog/2017/05/11/applocker-bypass-regsvr32/) 5 | * [AL-03 - Regasm and Regsvcs](https://pentestlab.blog/2017/05/19/applocker-bypass-regasm-and-regsvcs/) 6 | * [AL-04 - MSBuild](https://pentestlab.blog/2017/05/29/applocker-bypass-msbuild/) 7 | * [AL-05 - Rundll32](https://pentestlab.blog/2017/05/23/applocker-bypass-rundll32/) 8 | * [AL-06 - IEExec](https://pentestlab.blog/2017/06/13/applocker-bypass-ieexec/) 9 | * [AL-07 - Control Panel](https://pentestlab.blog/2017/05/24/applocker-bypass-control-panel/) 10 | * [AL-08 - Weak Path Rules](https://pentestlab.blog/2017/05/22/applocker-bypass-weak-path-rules/) 11 | * [AL-09 - BgInfo](https://pentestlab.blog/2017/06/05/applocker-bypass-bginfo) 12 | * [AL-10 - Assembly Load](https://pentestlab.blog/2017/06/06/applocker-bypass-assembly-load/) 13 | * [AL-11 - File Extensions](https://pentestlab.blog/2017/06/12/applocker-bypass-file-extensions/) 14 | * [AL-12 - MSIEXEC](https://pentestlab.blog/2017/06/16/applocker-bypass-msiexec/) 15 | * [AL-13 - MSXSL](https://pentestlab.blog/2017/07/06/applocker-bypass-msxsl/) 16 | * [AL-14 - CreateRestrictedToken](https://pentestlab.blog/2017/07/07/applocker-bypass-createrestrictedtoken/) 17 | * [AL-15 - Cmstp](https://pentestlab.blog/2018/05/10/applocker-bypass-cmstp/) 18 | -------------------------------------------------------------------------------- /Checklist.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/netbiosX/Checklists/27978c2e6093a6d3c55d577a36049083615de1f1/Checklist.png -------------------------------------------------------------------------------- /Command&Control.md: -------------------------------------------------------------------------------- 1 | # Command and Control 2 | 3 | * [C2-001 - ICMP](https://pentestlab.blog/2017/07/28/command-and-control-icmp/) 4 | * [C2-002 - DNS](https://pentestlab.blog/2017/09/06/command-and-control-dns/) 5 | * [C2-003 - DropBox](https://pentestlab.blog/2017/08/29/command-and-control-dropbox/) 6 | * [C2-004 - Gmail](https://pentestlab.blog/2017/08/03/command-and-control-gmail/) 7 | * C2-005 - Github 8 | * [C2-006 - Twitter](https://pentestlab.blog/2017/09/26/command-and-control-twitter/) 9 | * [C2-007 - Website Keyword](https://pentestlab.blog/2017/09/14/command-and-control-website-keyword/) 10 | * [C2-008 - PowerShell](https://pentestlab.blog/2017/08/19/command-and-control-powershell/) 11 | * [C2-009 - Windows COM](https://pentestlab.blog/2017/09/01/command-and-control-windows-com/) 12 | * [C2-009 - WebDAV](https://pentestlab.blog/2017/09/12/command-and-control-webdav/) 13 | * C2-010 - Error Pages 14 | * C2-011 - Active Directory 15 | * [C2-012 - HTTPS](https://pentestlab.blog/2017/10/04/command-and-control-https/) 16 | * [C2-013 - Kernel](https://pentestlab.blog/2017/10/02/command-and-control-kernel/) 17 | * [C2-014 - Website](https://pentestlab.blog/2017/11/14/command-and-control-website/) 18 | * [C2-015 - WMI](https://pentestlab.blog/2017/11/20/command-and-control-wmi/) 19 | * [C2-016 - WebSocket](https://pentestlab.blog/2017/12/06/command-and-control-websocket/) 20 | * [C2-017 - Images](https://pentestlab.blog/2018/01/02/command-and-control-images/) 21 | * [C2-018 - Web Interface](https://pentestlab.blog/2018/01/03/command-and-control-web-interface/) 22 | * [C2-019 - JavaScript](https://pentestlab.blog/2018/01/08/command-and-control-javascript/) 23 | * C2-020 - Instagram 24 | * [C2-021 - Browser](https://pentestlab.blog/2018/06/06/command-and-control-browser/) 25 | -------------------------------------------------------------------------------- /Credential-Access.md: -------------------------------------------------------------------------------- 1 | # Credential Access 2 | 3 | |Code |Technique |Mitre | 4 | |---------|------------------------|----------| 5 | |CA-001 |[Password Filter DLL](https://pentestlab.blog/2020/02/10/credential-access-password-filter-dll/)|[T1556.002](https://attack.mitre.org/techniques/T1556/002/)| 6 | |CA-002 |[Input Prompt](https://pentestlab.blog/2020/03/02/phishing-windows-credentials/)|[T1141](https://attack.mitre.org/techniques/T1141/)| 7 | |CA-003 |[Dumping RDP Credentials](https://pentestlab.blog/2021/05/24/dumping-rdp-credentials/)|[T1003](https://attack.mitre.org/techniques/T1003/)| 8 | |CA-004 |[AS-REP Roasting](https://pentestlab.blog/2024/02/20/as-rep-roasting/)|[T1558.004](https://attack.mitre.org/techniques/T1558/004/)| 9 | |CA-005 |[Dumping Domain Password Hashes](https://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/)|[T1003.003](https://attack.mitre.org/techniques/T1003/003/)| 10 | |CA-006 |[Web Browser Stored Credentials](https://pentestlab.blog/2024/08/20/web-browser-stored-credentials/)|[T1555.003](https://attack.mitre.org/techniques/T1555/003/)| 11 | |CA-007 |[Stored Credentials](https://pentestlab.blog/2017/04/19/stored-credentials/)|[T1552](https://attack.mitre.org/techniques/T1552/)| 12 | |CA-008 |[Golden Ticket](https://pentestlab.blog/2018/04/09/golden-ticket/)|[T1558.001](https://attack.mitre.org/techniques/T1558.001/)| 13 | |CA-009 |[Kerberoasting](https://pentestlab.blog/2018/06/12/kerberoast/)|[T1558.003](https://attack.mitre.org/techniques/T1558/003/)| 14 | -------------------------------------------------------------------------------- /Defense-Evasion.md: -------------------------------------------------------------------------------- 1 | # Defense Evasion 2 | 3 | |Code |Technique |Mitre | 4 | |---------|------------------------|----------| 5 | |DE-001 |[Parent PID Spoofing](https://pentestlab.blog/2020/02/24/parent-pid-spoofing/)|[T1502](https://attack.mitre.org/techniques/T1502/)| 6 | -------------------------------------------------------------------------------- /Domain-Escalation.md: -------------------------------------------------------------------------------- 1 | # Domain Escalation 2 | 3 | |Code |Technique |Mitre | 4 | |---------|------------------------|----------| 5 | |DE-01 |[PrintNightmare](https://pentestlab.blog/2021/08/17/domain-escalation-printnightmare/)|[NA](https://attack.mitre.org/)| 6 | |DE-02 |[PetitPotam](https://pentestlab.blog/2021/09/14/petitpotam-ntlm-relay-to-ad-cs/)|[NA](https://attack.mitre.org/)| 7 | |DE-03 |[RemotePotato](https://pentestlab.blog/2021/05/04/remote-potato-from-domain-user-to-enterprise-admin/)|[NA](https://attack.mitre.org/)| 8 | |DE-04 |[Unconstrained Delegation](https://pentestlab.blog/2022/03/21/unconstrained-delegation/)|[NA](https://attack.mitre.org/)| 9 | |DE-05 |[sAMAccountName Spoofing](https://pentestlab.blog/2022/01/10/domain-escalation-samaccountname-spoofing/)|[NA](https://attack.mitre.org/)| 10 | |DE-06 |[ShadowCoerce](https://pentestlaboratories.com/2022/01/11/shadowcoerce/)|[NA](https://attack.mitre.org/)| 11 | |DE-07 |[Pass the hash - Machine Accounts](https://pentestlab.blog/2022/02/01/machine-accounts/)|[NA](https://attack.mitre.org/)| 12 | |DE-08 |[Backup Operator](https://pentestlab.blog/2024/01/22/domain-escalation-backup-operator/)|[NA](https://attack.mitre.org/)| 13 | -------------------------------------------------------------------------------- /Domain-Persistence.md: -------------------------------------------------------------------------------- 1 | # Domain Persistence 2 | 3 | |Code |Technique |Mitre | 4 | |---------|------------------------|----------| 5 | |DP-01 |[Golden Certificate](https://pentestlab.blog/2021/11/15/golden-certificate/)|[NA](https://attack.mitre.org/)| 6 | |DP-02 |[AdminSDHolder](https://pentestlab.blog/2022/01/04/domain-persistence-adminsdholder/)|[NA](https://attack.mitre.org/)| 7 | |DP-03 |[Golden Ticket](https://pentestlab.blog/2018/04/09/golden-ticket/)|[NA](https://attack.mitre.org/)| 8 | |DP-04 |[DCShadow](https://pentestlab.blog/2018/04/16/dcshadow/)|[NA](https://attack.mitre.org/)| 9 | |DP-05 |[Machine Account](https://pentestlab.blog/2022/01/17/domain-persistence-machine-account/)|[NA](https://attack.mitre.org/)| 10 | |DP-06 |[Shadow Credentials](https://pentestlab.blog/2022/02/07/shadow-credentials/)|[NA](https://attack.mitre.org/)| 11 | |DP-07 |[Diamond Ticket](https://pentestlab.blog/)|[NA](https://attack.mitre.org/)| 12 | -------------------------------------------------------------------------------- /Environment-Breakout-Checklist.md: -------------------------------------------------------------------------------- 1 | # Environment Breakout Checklist 2 | 3 | * EB-001 - Physical Security of the Device 4 | * EB-002 - Platform Identification and Version Software in Use 5 | * EB-003 - Enumeration of Windows Boxes Available 6 | * EB-004 - Application Enumeration 7 | * EB-005 - Register URI Protocol Handlers Enumeration 8 | * EB-006 - Malicious Browser Addons Installations 9 | * EB-007 - Front-End Interface Crash 10 | * EB-008 - Windows Shell Environment Manipulation 11 | * EB-009 - Binary Planting 12 | * EB-010 - Bypass Software Restriction Policies 13 | * EB-011 - Bypass Local Group Policies 14 | * EB-012 - Privilege Escalation 15 | * EB-013 - Memory dump Analysis 16 | * EB-014 - Bypass AppLocker Rules 17 | -------------------------------------------------------------------------------- /Initial-Access.md: -------------------------------------------------------------------------------- 1 | # Initial Access 2 | 3 | |Code |Technique |Mitre | 4 | |---------|------------------------|----------| 5 | |IA-001 |[search-ms URI Handler](https://pentestlab.blog/2024/01/02/initial-access-search-ms-uri-handler/)|N/A| 6 | -------------------------------------------------------------------------------- /Lateral-Movement.md: -------------------------------------------------------------------------------- 1 | # Lateral Movement 2 | 3 | |Code |Technique |Mitre | 4 | |---------|------------------------|----------| 5 | |LM-001 |[Services](https://pentestlab.blog/2020/07/21/lateral-movement-services/)|[T1021.002](https://attack.mitre.org/techniques/T1021/002/)| 6 | |LM-002 |[WinRM](https://pentestlab.blog/2018/05/15/lateral-movement-winrm/)|[T1028](https://attack.mitre.org/techniques/T1028/)| 7 | |LM-003 |[RDP](https://pentestlab.blog/2018/04/24/lateral-movement-rdp/)|[T1076](https://attack.mitre.org/techniques/T1076/)| 8 | |LM-004 |[WMI]()|[T1047](https://attack.mitre.org/techniques/T1047/)| 9 | |LM-005 |[WebClient](https://pentestlab.blog/2021/10/20/lateral-movement-webclient/)|[N/A](https://attack.mitre.org)| 10 | |LM-006 |[Visual Studio DTE](https://pentestlab.blog/2024/01/15/lateral-movement-visual-studio-dte/)|[T1047](https://attack.mitre.org/techniques/T1047/)| 11 | |LM-007 |[Kerberoast](https://pentestlab.blog/2018/06/12/kerberoast/)|[T1047](https://attack.mitre.org/techniques/T1047/)| 12 | |LM-008 |[AS-REP Roast]()|[T1047](https://attack.mitre.org/techniques/T1047/)| 13 | -------------------------------------------------------------------------------- /Linux-Privilege-Escalation.md: -------------------------------------------------------------------------------- 1 | # Linux Privilege Escalation 2 | 3 | * LPE-01 - Dirty Cow 4 | * [LPE-02 - SUID Executables](https://pentestlab.blog/2017/09/25/suid-executables/) 5 | * LPE-03 - Sudo Users 6 | * LPE-04 - Wildcard Injection 7 | * LPE-05 - Kernel Exploits 8 | * LPE-06 - Path Hijacking 9 | * LPE-07 - Misconfigured Cron jobs 10 | * LPE-08 - Baron Samedit 11 | -------------------------------------------------------------------------------- /Microsoft Exchange.md: -------------------------------------------------------------------------------- 1 | # Microsoft Exchange 2 | 3 | * [ME-001 - Password Spraying](https://pentestlab.blog/2019/09/05/microsoft-exchange-password-spraying/) 4 | * [ME-002 - NTLM Relay](https://pentestlab.blog/2019/09/09/microsoft-exchange-ntlm-relay/) 5 | * [ME-003 - Mailbox Post Compromise](https://pentestlab.blog/2019/09/11/microsoft-exchange-mailbox-post-compromise/) 6 | * [ME-004 - Privilege Escalation](https://pentestlab.blog/2019/09/16/microsoft-exchange-privilege-escalation/) 7 | * [ME-005 - Code Execution](https://pentestlab.blog/2019/09/10/microsoft-exchange-code-execution/) 8 | * [ME-006 - Domain Escalation - ACL](https://pentestlab.blog/2019/09/12/microsoft-exchange-acl/) 9 | * [ME-007 - Domain Escalation](https://pentestlab.blog/2019/09/04/microsoft-exchange-domain-escalation/) 10 | -------------------------------------------------------------------------------- /Persistence.md: -------------------------------------------------------------------------------- 1 | # Persistence 2 | 3 | |Code |Technique |Mitre | 4 | |---------|------------------------|----------| 5 | |PE-001 |[Winlogon Helper DLL](https://pentestlab.blog/2020/01/14/persistence-winlogon-helper-dll/)|[T1547.004](https://attack.mitre.org/techniques/T1547/004/)| 6 | |PE-002 |[Port Monitors](https://pentestlab.blog/2019/10/28/persistence-port-monitors/)|[T1547.010](https://attack.mitre.org/techniques/T1547/010/)| 7 | |PE-003 |[Accessibility Features](https://pentestlab.blog/2019/11/13/persistence-accessibility-features/)|[T1015](https://attack.mitre.org/techniques/T1015/)| 8 | |PE-004 |[Shortcut Modification](https://pentestlab.blog/2019/10/08/persistence-shortcut-modification/)|[T1023](https://attack.mitre.org/techniques/T1023/)| 9 | |PE-005 |[Modify Existing Service](https://pentestlab.blog/2020/01/22/persistence-modify-existing-service/)|[T1031](https://attack.mitre.org/techniques/T1031/)| 10 | |PE-006 |[DLL Search Order Hijacking](https://pentestlab.blog/2020/03/04/persistence-dll-hijacking/)|[T1038](https://attack.mitre.org/techniques/T1038/)| 11 | |PE-007 |[Change Default File Association](https://pentestlab.blog/2020/01/06/persistence-change-default-file-association/)|[T1042](https://attack.mitre.org/techniques/T1042/)| 12 | |PE-008 |[New Service](https://pentestlab.blog/2019/10/07/persistence-new-service/)|[T1050](https://attack.mitre.org/techniques/T1050/)| 13 | |PE-009 |[Scheduled Tasks](https://pentestlab.blog/2019/11/04/persistence-scheduled-tasks/)|[T1053](https://attack.mitre.org/techniques/T1053/)| 14 | |PE-010 |[Service Registry Permission Weakness](https://pentestlab.blog/2020/01/22/persistence-modify-existing-service/)|[T1058](https://attack.mitre.org/techniques/T1058/)| 15 | |PE-011 |[Registry Run Keys](https://pentestlab.blog/2019/10/01/persistence-registry-run-keys/)|[T1060](https://attack.mitre.org/techniques/T1060/)| 16 | |PE-012 |[WMI Event Subscription](https://pentestlab.blog/2020/01/21/persistence-wmi-event-subscription/)|[T1084](https://attack.mitre.org/techniques/T1084/)| 17 | |PE-013 |[Security Support Provider](https://pentestlab.blog/2019/10/21/persistence-security-support-provider/)|[T1101](https://attack.mitre.org/techniques/T1101/)| 18 | |PE-014 |[AppInit DLLs](https://pentestlab.blog/2020/01/07/persistence-appinit-dlls/)|[T1103](https://attack.mitre.org/techniques/T1103/)| 19 | |PE-015 |[Component Object Model Hijacking](https://pentestlab.blog/2020/05/20/persistence-com-hijacking/)|[T1122](https://attack.mitre.org/techniques/T1122/)| 20 | |PE-016 |[Netsh Helper DLL](https://pentestlab.blog/2019/10/29/persistence-netsh-helper-dll/)|[T1128](https://attack.mitre.org/techniques/T1128/)| 21 | |PE-017 |[Office Application Startup](https://pentestlab.blog/2019/12/11/persistence-office-application-startup/)|[T1137](https://attack.mitre.org/techniques/T1137/)| 22 | |PE-018 |[Application Shimming](https://pentestlab.blog/2019/12/16/persistence-application-shimming/)|[T1138](https://attack.mitre.org/techniques/T1138/)| 23 | |PE-019 |[Screensaver](https://pentestlab.blog/2019/10/09/persistence-screensaver/)|[T1180](https://attack.mitre.org/techniques/T1180/)| 24 | |PE-020 |[Image File Execution Options Injection](https://pentestlab.blog/2020/01/13/persistence-image-file-execution-options-injection/)|[T1183](https://attack.mitre.org/techniques/T1183/)| 25 | |PE-021 |[BITS Jobs](https://pentestlab.blog/2019/10/30/persistence-bits-jobs/)|[T1197](https://attack.mitre.org/techniques/T1197/)| 26 | |PE-022 |[Time Providers](https://pentestlab.blog/2019/10/22/persistence-time-providers/)|[T1209](https://attack.mitre.org/techniques/T1209/)| 27 | |PE-023 |[PowerShell Profile](https://pentestlab.blog/2019/11/05/persistence-powershell-profile/)|[T1504](https://attack.mitre.org/techniques/T1504/)| 28 | |PE-024 |[Waitfor](https://pentestlab.blog/2020/02/04/persistence-waitfor/)|N/A| 29 | |PE-025 |[RID Hijacking](https://pentestlab.blog/2020/02/12/persistence-rid-hijacking/)|N/A| 30 | |PE-026 |[AMSI](https://pentestlab.blog/2021/05/17/persistence-amsi/)|N/A| 31 | |PE-027 |[Print Spooler](https://pentestlab.blog/2021/08/02/universal-privilege-escalation-and-persistence-printer/)|N/A| 32 | |PE-028 |[Certificates](https://pentestlab.blog/2021/09/13/account-persistence-certificates/)|N/A| 33 | |PE-029 |[Notepad++](https://pentestlab.blog/2022/02/14/persistence-notepad-plugins/)|N/A| 34 | |PE-030 |[Event Log](https://pentestlab.blog/2024/01/08/persistence-event-log/)|N/A| 35 | |PE-031 |[Event Log Online Help](https://pentestlab.blog/2023/03/07/persistence-event-log-online-help/)|N/A| 36 | |PE-032 |[Context Menu](https://pentestlab.blog/2023/03/13/persistence-context-menu/)|N/A| 37 | |PE-033 |[Service Control Manager](https://pentestlab.blog/2023/03/20/persistence-service-control-manager/)|N/A| 38 | |PE-034 |[DLL Proxy Loading](https://pentestlab.blog/2024/04/03/persistence-dll-proxy-loading/)|N/A| 39 | |PE-035 |[Windows Telemetry](https://pentestlab.blog/2023/11/06/persistence-windows-telemetry/)|N/A| 40 | |PE-036 |[Scheduled Task Tampering](https://pentestlab.blog/2023/11/20/persistence-scheduled-task-tampering/)|N/A| 41 | |PE-037 |Junction Folder|N/A| 42 | |PE-038 |Library Files|N/A| 43 | |PE-039 |[Disk Clean-up](https://pentestlab.blog/2024/01/29/persistence-disk-clean-up/)|N/A| 44 | |PE-040 |[Windows Setup Script](https://pentestlab.blog/2024/02/05/persistence-windows-setup-script/)|N/A| 45 | |PE-041 |[Visual Studio Code Extensions](https://pentestlab.blog/2024/03/04/persistence-visual-studio-code-extensions/)|N/A| 46 | |PE-042 |[Explorer](https://pentestlab.blog/2024/03/05/persistence-explorer/)|N/A| 47 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ![Checklist](https://github.com/netbiosX/Checklists/blob/master/Checklist.png) 2 | 3 | # Introduction 4 | Even though, a penetration test is a creative process most people maintain private checklists to ensure that they will not forget to test networks, systems and applications against various scenarios and maintain the overall quality of the assessment. 5 | 6 | # Purpose 7 | The aim of the project is to create detailed checklists that can be used by penetration testers and red teamers during their assessments. Every checklist will be linked with a detailed blog post on https://pentestlab.blog which will describe the technique and how to perform the required task. Information will also be included in the [Wiki](https://github.com/netbiosX/Checklists/wiki) page on Github. 8 | 9 | # Techniques 10 | 11 | |Code |Techniques |Number| 12 | |---------|------------------------|------| 13 | |IA |[Initial Access](https://github.com/netbiosX/Checklists/blob/master/Initial-Access.md)|1| 14 | |WPE |[Windows Privilege Escalation](https://github.com/netbiosX/Checklists/blob/master/Windows-Privilege-Escalation.md)|16| 15 | |PE |[Persistence](https://github.com/netbiosX/Checklists/blob/master/Persistence.md)|40| 16 | |CA |[Credential Access](https://github.com/netbiosX/Checklists/blob/master/Credential-Access.md)|9| 17 | |LM |[Lateral Movement](https://github.com/netbiosX/Checklists/blob/master/Lateral-Movement.md)|8| 18 | |DE |[Domain Escalation](https://github.com/netbiosX/Checklists/blob/master/Domain-Escalation.md)|8| 19 | |DP |[Domain Persistence](https://github.com/netbiosX/Checklists/blob/master/Domain-Persistence.md)|7| 20 | 21 | # Contributions 22 | If you noticed than a checklist is not complete please perform a pull request or contact me on Twitter [@netbiosX](https://twitter.com/netbiosX) 23 | 24 | # Notice 25 | This is a live repository which means that checklists will be updated as soon as articles are published. 26 | -------------------------------------------------------------------------------- /VoIP Checklist.md: -------------------------------------------------------------------------------- 1 | # VoIP Checklist for Penetration Testers 2 | 3 | * VoIP-001 - VLAN hopping from data network to voice network 4 | * VoIP-002 - Extension Enumeration & Number Harvesting 5 | * VoIP-003 - Capturing SIP Authentication 6 | * VoIP-004 - Eavesdropping Calls 7 | * VoIP-005 - CallerID spoofing 8 | * VoIP-006 - RTP injection 9 | * VoIP-007 - Signaling Manipulation 10 | * VoIP-008 - Identification of insecure services 11 | * [VoIP-009 - Testing for Default Credentials](https://github.com/netbiosX/Default-Credentials/blob/master/VoIP-Default-Password-List.mdown) 12 | * VoIP-010 - Application level vulnerabilities 13 | * VoIP-011 - Voice Mail Attacks 14 | * VoIP-012 - Phone Firmware Analysis 15 | -------------------------------------------------------------------------------- /Windows-Build-Review-Checklist.md: -------------------------------------------------------------------------------- 1 | # Windows Build Review Checklist 2 | 3 | * WBR-001 - File System Configuration 4 | * WBR-002 - Network Time Protocol 5 | * WBR-003 - Start-up Executables 6 | * WBR-004 - Active Processes 7 | * WBR-005 - Active Network Connections 8 | * WBR-006 - Routing Table 9 | * WBR-007 - Local Services 10 | * WBR-008 - Exploit Mitigation Technologies 11 | * WBR-009 - Weak Service Permissions 12 | * WBR-010 - Unquoted Service Paths 13 | * WBR-011 - Available Shares 14 | * WBR-012 - User Accounts Review 15 | * WBR-013 - Clear-Text Passwords 16 | * WBR-014 - Storage Mechanism of Password Hashes 17 | * WBR-015 - Account Lockout Policy 18 | * WBR-016 - Local Security Policy 19 | * WBR-017 - Events Auditing 20 | * WBR-018 - Host Based Firewall 21 | * WBR-019 - Antivirus Software Review 22 | * WBR-020 - List Available Software 23 | * WBR-021 - Windows Patch Level 24 | * WBR-022 - Remote Management 25 | -------------------------------------------------------------------------------- /Windows-Privilege-Escalation.md: -------------------------------------------------------------------------------- 1 | # Windows Privilege Escalation 2 | 3 | |Code |Technique |Mitre | 4 | |---------|------------------------|----------| 5 | |WPE-01 |[Stored Credentials](https://pentestlab.blog/2017/04/19/stored-credentials/)|[NA](https://attack.mitre.org/)| 6 | |WPE-02 |[Windows Kernel](https://pentestlab.blog/2017/04/24/windows-kernel-exploits/)|[NA](https://attack.mitre.org/)| 7 | |WPE-03 |[DLL Injection](https://pentestlab.blog/2017/04/04/dll-injection/)|[NA](https://attack.mitre.org/)| 8 | |WPE-04 |[Weak Service Permissions](https://pentestlab.blog/2017/03/30/weak-service-permissions/)|[NA](https://attack.mitre.org/)| 9 | |WPE-05 |[DLL Hijacking](https://pentestlab.blog/2017/03/27/dll-hijacking/)|[NA](https://attack.mitre.org/)| 10 | |WPE-06 |[Hot Potato](https://pentestlab.blog/2017/04/13/hot-potato/)|[NA](https://attack.mitre.org/)| 11 | |WPE-07 |[Group Policy Preferences](https://pentestlab.blog/2017/03/20/group-policy-preferences/)|[NA](https://attack.mitre.org/)| 12 | |WPE-08 |[Unquoted Service Path](https://pentestlab.blog/2017/03/09/unquoted-service-path/)|[NA](https://attack.mitre.org/)| 13 | |WPE-09 |[Always Install Elevated](https://pentestlab.blog/2017/02/28/always-install-elevated/)|[NA](https://attack.mitre.org/)| 14 | |WPE-10 |[Token Manipulation](https://pentestlab.blog/2017/04/03/token-manipulation/)|[NA](https://attack.mitre.org/)| 15 | |WPE-11 |[Secondary Logon Handle](https://pentestlab.blog/2017/04/07/secondary-logon-handle/)|[NA](https://attack.mitre.org/)| 16 | |WPE-12 |[Insecure Registry Permissions](https://pentestlab.blog/2017/03/31/insecure-registry-permissions/)|[NA](https://attack.mitre.org/)| 17 | |WPE-13 |[Intel SYSRET](https://pentestlab.blog/2017/06/14/intel-sysret/)|[NA](https://attack.mitre.org/)| 18 | |WPE-14 |[Print Spooler](https://pentestlab.blog/2021/08/02/universal-privilege-escalation-and-persistence-printer/)|[NA](https://attack.mitre.org/)| 19 | |WPE-15 |[HiveNightmare](https://pentestlab.blog/2021/08/16/hivenightmare/)|[NA](https://attack.mitre.org/)| 20 | |WPE-16 |[Resource Based Constrained Delegation](https://pentestlab.blog/2021/10/18/resource-based-constrained-delegation/)|[NA](https://attack.mitre.org/)| 21 | 22 | 23 | 24 | 25 | 26 | --------------------------------------------------------------------------------