These are my notes on how to esclate Windows machines, it isn't exhaustive and it certainly isn't complete but it is a start for now.
- Escalation Paths
- a. Active Directory
- b. DLL Hijacking
- c. Executable Files
- d. getsystem escalation path
- e. Impersonination and Potato Attacks
- f. Kernel exploits
- g. Passwords and Port Forwarding
- h. Registry Escalation Path
- i. RunAs
- j. Service Permissions
- k. Startup Applications
- l. Windows Subsystem for Linux (WSL)
- Exploring Automated Tools
- a. jaws-enum
- b. powerup
- c. Seatbelt
- d. Sharup
- e. sherlock
- f. Watson
- g. winPEAS
- Initial Enumeration
- a. Active Directory Enumeration
- b. AV and Firewall Enumeration
- c. Network Enumeration
- d. Password Hunting
- e. System Enumeration
- f. User Enumeration