- AV bypass with in-memory process hollwing. just IEX it and load it in memory: https://gist.github.com/qtc-de/1ecc57264c8270f869614ddd12f2f276
- This for any SQL exploitation related thing: https://github.com/Octoberfest7/OSEP-Tools/tree/main/sql
- This for CLM bypass: https://github.com/calebstewart/bypass-clm (comment the AMSI bypass patch piece of code)
- AD Enumeration: https://github.com/61106960/adPEAS
- Execute Bloodhound
- Execute LinPeas and WinPEAS on each machine to extract secrets and other important stuff.
- Ssh proxy
- ssh -D 1080 -q -C -N user@ssh1
- ssh -o "ProxyCommand=ncat --proxy-type socks5 --proxy 127.0.0.1:1080 %h %p" user@ssh2
- sudo nano /etc/proxychains.conf
- socks5 127.0.0.1 1080
- proxychains ssh user@ssh2