Hacker's Rest

A collection of notes for Penetration Testers and Ethical Hackers. My journey to OSCP and beyond.

These are my publicly accessible notes from various sources for penetration testing, red-teaming, OSCP, Capture the Flag (CTF) challenges, and my Vulnhub/ Hack the Box machine write-ups.

Warning - These notes are largely unformatted right now. They are based on my way of learning things - by reading, doing, studying, exploring, and taking notes. Cleaning up and formatting comes later.

• Do not assume anything from these notes.

• Do not expect the notes to be exhaustive, or to cover the techniques or the output they produce in full.

• Expect mistakes in the notes.

• Feel free to ask questions!

• Always consult additional resources. If possible I will try to link to outside resources. If I have shared something of yours and you want credit, please let me know!

Contribution

If you would like to add to, modify, or improve anything in my notes, PLEASE DO!

If you would like to give suggestions or even commit changes to these pages feel free to head to my GitHub page at:

GitHub - zweilosec/Infosec-Notes: Notes from various sources for preparing to take the OSCP, Capture the Flag challenges, and Hack the Box machines.GitHub

How to contribute

1. Create an Issue Request describing your changes/additions.
2. Fork this repository.
3. Push some code to your fork.

4. Come back to this repository and open a pull request.
5. After reviewing your changes, I will merge your pull request to the master repository.

6. Make sure to update your Issue Request so that I can credit you! Thank you so much!

Feel free to also open an issue with any questions, help wanted, or requests! Throughout these notes I have put TODO: notes that indicate that I know a certain section needs work. Focus on these if you can!

TODO: Change all code examples to use variables (e.g. $host_ip)
rather than fill-in-the-blank format (e.g. <host_ip>). 
This will help greatly with copying code directly into scripts.

Contents

The following sub-pages of these notes will explore some of the common offensive and defensive security techniques including gaining shells, code execution, lateral movement, persistence, scripting, tools and much more. I also cover techniques for dealing with CTF-type challenges such as cryptography, reverse engineering, steganography and more.

Hack Responsibly.

Always ensure you have explicit permission to access any computer system before using any of the techniques contained in these documents. You accept full responsibility for your actions by applying any knowledge gained here.

Linux

• Linux Basics

• Hardening & Configuration Guide

  • TMUX/Screen Cheatsheet
• Red Team Notes

  • Enumeration
  • Getting Access
  • Privilege Escalation
  • Exfiltration
  • Persistence
• Vim

Windows

• Windows Basics
• Hardening & Configuration Guide
• Red Team Notes

  • Enumeration
  • Getting Access
  • Privilege Escalation
  • Persistence
  • Active Directory
  • PowerShell

MacOS

• MacOS Basics
• Hardening & Configuration Guide
• Red Team Notes

  • Enumeration
  • Getting Access
  • Privilege Escalation
  • Persistence

Web

• DNS
• Subdomain/Virtual Host Enumeration
• Web Apps

  • Web Application Hacker's Handbook Task Checklist

Mobile

• iOS
• Android

OS Agnostic

• Cryptography & Encryption
• Network Hardware
• OS Agnostic
• OSINT
• Password Cracking

  • Gathering the Hashes
  • Wordlist Generation
  • Cracking the Hashes
• Reverse Engineering & Binary Exploitation

  • Buffer Overflow
• Scripting

  • Scripting Language Syntax Comparison
• SQL
• SSH & SCP
• Steganography
• Wireless

Unsorted

• Unsorted Notes

OSCP/CTF Tools and Cheatsheets

See my list of outside sources!

If you like this content and would like to see more, please consider buying me a coffee!