📓 Jorkle's Notes

❯

Techniques

Dec 15, 20251 min read

Map of Content

Scanning & Enumeration

Port Scanning

Internal Port Scanning

Host Discovery

Host Discovery

Docker

Am I Inside of a Docker Container

Windows/Active Directory

Fetch PowerShell Command History
Enumerate Windows Firewall Configuration
Guest SMB Authentication
Enumerate SMB Shares
Enumerate SMB Version
Enumerate Users Using Kerberos
Enumerate Users and Groups Using SMB
Enumerate Users Without Kerberos Preauth
Discover Recently Accessed Systems

Persistence

Windows / Active Directory

Non-Elevated Persistence (Persistence Method Functions Without Elevated Privileges)

Scheduled Task
Run and Run Once
Logon Script

Elevated Persistence (Persistence Method Requires Elevated Privileges)

Golden Ticket Attack
Silver Ticket
Diamond Ticket Attack
Skeleton Key
DSRM Password
Scheduled Task
Windows Service
AdminSDHolder
CustomSSP

Initial Access / Gaining Access / Lateral Movement

Windows / Active Directory

ASREP Roasting
Kerberoasting
MiTM6 Poisoning
Anon SMB Auth

Looting / Post Exploitation

Windows / Active Directory

DCSync Attack
Dump Windows Credential Manager
Dump SAM Database
Dump NTDS.dit
Dump LSASS Logon Passwords
Dump LSA Secrets
Dump Chrome Passwords
Dump Cached Domain Credentials
Dump And Crack Kerberos Keys With
Download Files LOLBAS

Recon / OSINT

Organizational Recon/OSINT

Gather Company Email Addresses
Find Company Information Using Crunchbase
Find Annual Company Reports

People Recon/OSINT

Discover Birthdays

Graph View

Map of Content
Scanning & Enumeration
Persistence
Initial Access / Gaining Access / Lateral Movement
Looting / Post Exploitation
Recon / OSINT
Organizational Recon/OSINT
People Recon/OSINT

Backlinks

Jorkle Notes - Home

Blog
Contact
Gitrub
Linkedin