✍️
OSCP Study Group Workbook
  • Starting Your OSCP Journey!
  • OSCP Roadmap
  • HackTheBox CheckList
    • OpenAdmin
  • Buffer Overflow
  • Bounties & CTFs
  • References
  • Cheatsheet Commands
    • credential-access
    • privilege-escalation-linux
    • privilege-escalation-win
    • reverse-shells
    • enumeration
    • wordlists
    • recon
    • recon-win
  • Hacker Haikus
  • Write Ups
    • Noah's Spacejam KOTH writeup
    • Vincent's Shrek KOTH writeup
    • Vincent's Tyler KOTH writeup
    • Drew's HTB OpenAdmin writeup
  • Interviews
    • Dhruv Verma
    • Aaron Goldstein
    • Will Bonk
    • Home
Powered by GitBook
On this page

Was this helpful?

  1. Interviews

Aaron Goldstein

PreviousDhruv VermaNextWill Bonk

Last updated 4 years ago

Was this helpful?

Interview is .

Links

  • - Great site for tracking progress against machines (can import nmap data for tracking too). I use this all the time for the Venom builder (shell creation) and other cool stuff. The free version works great.

  • is the tool I used for automating the enumeration process (and OSCP exam approved) I also used a LOLBIN (Living off the Land Binary) to download files from the Windows box - the command was "Certutil -urlcache -split -f <link to file to download>"These are great because most systems will already have them installed.

  • is a great site that outlines TONS of them.

  • A few links / tools that helped me with Windows Privesc:List of pre-compiled binaries for different exploits -

  • -tool for identifying exploits for Windows privesc - requires .NET - runs on target host Quick method to check what version of .NET is installed on host (needed for Watson)- reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"

  • - This is a great tool for finding exploits on windows hosts for privesc too - but this one takes in the "systeminfo" from the target host and runs locally on the attacker system

    ---

Key takeaways :

here
https://pentest.ws/
AutoRecon
Here
https://github.com/abatchy17/WindowsExploits
WATSON
Windows Exploit Suggester