This is simply a big fat sloppy list of things I want to work into BPATTY eventually:
https://github.com/fireeye/gocrack
Swagger Parser, Wsdler, python scripter, json decoder, paramalyzer, ... (Lanmaster53)
retire.js, software vuln scanner, WAF detect, headers analyzer for some good starters (Sunny)
This is an interesting write-up on how to protect DA creds. https://blogs.technet.microsoft.com/askpfeplat/2017/10/31/protecting-domain-administrative-credentials/
https://www.n00py.io/2017/10/detecting-crackmapexec-cme-with-bro-sysmon-and-powershell-logs/
https://blog.zsec.uk/ltr101-method-to-madness/
/opt/nessus/etc/nessus/nessusd.rules
https://github.com/oliviaguest/git-and-github-cheat-sheet
http://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/
https://www.youtube.com/watch?v=4u5gCoCu88Q
https://jordanpotti.com/2017/11/06/honey-accounts/
https://www.youtube.com/watch?v=-biQTSUk0Lc
query user /server: localhost
Here are some neat ideas on managing the local admins group via GPO. We have some of his setup in our environment and I’ve used similar concepts at a handful of clients. https://blogs.technet.microsoft.com/askpfeplat/2017/11/06/use-group-policy-preferences-to-manage-the-local-administrator-group/
ping -a ip
Create a folder called BurpProjectFiles
Create a new one on disk. Under the BurpProjectFiles dir. Make a new project in there called NonAdmin_Juice_Shop.burp.
Take the defaults.
Setup options:
Proxy Intercept is off. Go to options, go to Intercept Server responses and check "Intercept server responses - YES". Also "unhide hidden form fields."
Spider Options tab - spider engine...put number of threads to 5.
Scanner In Options, check "URL path folders" and "URL path name". Click "url to body" and "body to url" to see if posts can be sent as GETs.
Turn down number of threads to 5.
Under Active Scanning optimization: THOROUGH>
In active scanning area, click SELECT ALL!
Left off on section 3 - Hybrid Spidering Your Web App
https://support.portswigger.net/customer/portal/questions/11516769-ntlm-authentication
https://docs.kali.org/general-use/install-vmware-tools-kali-guest
sudo sostat - gives detailed information on service status
sudo sostat-quick guided tour of sostat output
sudo sostat-redacted gives REDACTED information to share with our mailing list
/etc/nsm/rules/downloaded.rules - rules downloaded by Pulledpork
/etc/nsm/pulledpork - local rules
sudo so-allow starts prompt for unblocking ports and stuff from firewall
This helped: https://www.slideshare.net/centralohioissa/jon-gorenflo-burp-collaborator
This helped: https://portswigger.net/burp/help/collaborator_deploying#dns
Open all the ports on Lightsail...then get a static IP...authentication
sudo apt-get install openjdk-8-jre
sudo java -Xms10m -Xmx200m -XX:GCTimeRatio=19 -jar burp.jar --collaborator-server
Issue net accounts commands
Put in stuff about VLAN support as well as the external network test?
https://tools.kali.org/information-gathering/sublist3r
https://er.educause.edu/blogs/2017/10/time-for-password-expiration-to-die
https://help.dreamhost.com/hc/en-us/articles/214981288-Flushing-your-DNS-cache-in-Mac-OS-X-and-Linux