1. AV bypass with in-memory process hollwing. just IEX it and load it in memory: https://gist.github.com/qtc-de/1ecc57264c8270f869614ddd12f2f276
2. This for any SQL exploitation related thing: https://github.com/Octoberfest7/OSEP-Tools/tree/main/sql
3. This for CLM bypass: https://github.com/calebstewart/bypass-clm (comment the AMSI bypass patch piece of code)
4. AD Enumeration: https://github.com/61106960/adPEAS
5. Execute Bloodhound
6. Execute LinPeas and WinPEAS on each machine to extract secrets and other important stuff.
7. Ssh proxy
   • ssh -D 1080 -q -C -N user@ssh1
     • ssh -o "ProxyCommand=ncat --proxy-type socks5 --proxy 127.0.0.1:1080 %h %p" user@ssh2
   • sudo nano /etc/proxychains.conf
   • socks5 127.0.0.1 1080
   • proxychains ssh user@ssh2