Skip to content
Hacking Life
Abusing Windoes Library Files
Initializing search
amandaguglieri/hackinglife
Hacking Life
amandaguglieri/hackinglife
Cheat sheets
Cheat sheets
7z
active directory powershell module
ADB
adidnsdump
amass
apktool
aquatone
arjun
arspoof- dniff
awscli
azure CLI
azure powershell
bash
bashfuscator
beef
bloodhound
braa
burpsuite
certutil
cewl
cff explorer
chisel
cmd
crackmapexec
crowbar
cupp
curl
cyber acronyms
crt.sh
crunch
darkarmour
default creds
depix
dig
dirb
diskshadow
dnscan
dnsenum
dnspy
dnsrecon
docker
DomainPasswordSpray
DOSfuscation
dotpeek
dread
droopescan
drozer
dsquery
echo mirage
emacs
empire
enum
enum4linux
evil-winrm
exiftool
eyewitness
fatRat
feroxbuster
fierce
figlet
finalrecon
fping
frida
ffuf
gcloudCLI
git
github dorks
gitleak
gitrob
gobuster
gopherus
google dorks
grep
hashcat
httprint
HTTRack
hydra
hugo
i3
impacket
inmunity debugger
impacket GetUserSPNs
impacket ntlmrelayx
impacket psexec
impacket secretsdump
impacket smbexec
interactsh
inveigh
iptables
ipmitool
jaws Just Another Windows Enumeration Script
john the ripper
joomlascan
jwt-tool
kerbrute
keytabExtract
kirbi2john
kiterunner
knockpy
laudanum
lazagne
ldap
ligolo
linenum
linikatz
linPEAS
M365 CLI
mailsniper
markdown
mariadb
masscan
medusa
metasploit
mimikatz
mitm_relay
MMC Microsoft Management Console
mobsf
mongo
moodlescan
msfvenom
msSQL
mySQL
mythic
nessus
netcat
netcraft
netdiscover
nikto
nishang
nmap
noip
nslookup
nxc netexec
o365spray
objection
odat
onesixtyone
openSSL
openVAS
openVASreporting
ophcrack
owasp-zap
p0f
pentesmonkey
PeSecurity
phpggc
ping
postfix
powercat
powershell
powerup.ps1
powerupsql
powerview.ps1
process hacker tool 2
proxychains
proxychains
pspy
pstools
pyftpdlib
pyinstaller
pypykatz
rdesktop
regex
regshot
responder.py
rpcclient
RSAT Remote Server Administrations Tools
rubeus
samba suite
samrdump
scrcpy
searchsploit
seatbelt
sed
sharpview
sherlock
smbclient
smbmap
smbserver
snaffler
snmpwalk
sharpup
shodan
sshuttle
sirepRAT
sql injection (manual)
sqlite
sqlmap
sqlplus
sqsh
sslyze
ssh-audit
ssh tunneling
sshpass
ssh2john
sys internals suite
subfinder
subbrute
sublist3r
swaks
tcpdump
the harvester
tmux
unshadow
unredacter
uploadserver
username Anarchy
veil
vim
Visual Studio
vnstat
w3af
wafw00f
waybackurl
webdav
weevely
wget
winrar
wfuzz
whatweb
white winter wolf webshell
windapsearch
Window Detective
windows exploit suggester
winfo
winPEAS
winspy
wmctrl
wpscan
xfreerdp
xsltproc
xsser
xxeinjector
ysoserial
Courses and certificates
Courses and certificates
Az-900 Azure Fundamentals
Az-900 Azure Fundamentals
Notes for the Az-900 exam
Exams- Practice the Az-900
Az-104 Microsoft Azure Administrator
Az-500 Microsoft Azure Security Engineer
Az-500 Microsoft Azure Security Engineer
Notes on the certification
Identity and access
Platform protection
Data and applications
Security operations
Keep learning
Questions for the exam
Burpsuite
Burpsuite
BurpSuite Labs
Broken access control labs
Insecure deserialization
JWT labs
SSTI labs
SQLi labs
SSRF labs
XSS labs
XXE labs
CPTS
CPTS
Index of modules
Cheat sheet
Lab resolution
Lab resolution
Lab Index
Getting started
Network Enumeration with nmap
Footprinting
Information Gathering
Vulnerability assessment
File Transfers
Shell and Payloads
Using the Metasploit Framework
Password attacks
Attacking Common Services
Pivoting, Tunneling, and Port Forwarding
Active Directory Enumeration and Attacks
Using Web proxies
Attacking Web Applications with Ffuf
Login Brute Forcing
SQL Injection Fundamentals
SQLMap Essentials
Cross-Site Scripting XSS
File Inclusion
File Upload Attacks
Command injections
Web attacks
Reporting
eJPT
eWPT
Oracle Cloud Infrastructure
Walkthroughs
Walkthroughs
Index of walkthroughs
Vulnhub GoldenEye 1
Vulnhub Raven 1
Vulnhub Raven 2
HTB active
HTB appointment
HTB archetype
HTB artificial
HTB bank
HTB base
HTB Cap
HTB Cascade
HTB crocodile
HTB data
HTB explosion
HTB Escape Two
HTB forest
HTB friendzone
HTB funnel
HTB greenhorn
HTB included
HTB ignition
HTB lame
HTB markup
HTB metatwo
HTB mongod
HTB nibbles
HTB nunchucks
HTB oopsie
HTB omni
HTB pennyworth
HTB photobomb
HTB popcorn
HTB redeemer
HTB resolute
HTB responder
HTB sauna
HTB sequel
HTB support
HTB tactics
HTB trick
HTB undetected
HTB unified
HTB usage
HTB vaccine
HTB Voleur
OSCP Access
OSCP Algernon
OSCP Heist
OSCP Twiggy
Beginners' guide
Beginners' guide
Access Control List
Authentication
Authentication
Kerberos Authentication
Setting up a server
All about SHELLS
All about SHELLS
Bind shells
Reverse shells
Spawn a shell
Web shells
apt packet manager
checksum
Clon a site
Compilations
crawlers
cve
cvss
Data encoding
dictionaries
Scans
File tranfer techniques
File tranfer techniques
Linux
Windows
Code- netcat python php and others
Bypassing file upload restrictions
File encryption
Evading techniques when tranferring files
LOLbas Living off the land binaries
How to resolve run of the mill problems
How to remove bloatware
HTTP Authentication schemes
HTTP headers
Input filtering
Kubernetes madness
Machines and lab resources
macros
My mkdocs and material customized setup
NetBIOS
Network traffic capture
NT Authority System
Obsidian
operating systems
proxies
ssh for github
VirtualBox
VPN notes
Pentesting network services
Pentesting network services
Index of services
0-255 icmp
21 ftp
22 ssh
23 telnet
25 smtp
43 whois
53 dns
69 tftp
110 pop3
111 rpcbind
135 wmi
137 smb
137 smb
137 smb
110 pop3
161 snmp
161 snmp
389 ldap
137 smb
512 r services
512 r services
512 r services
25 smtp
25 smtp
623 ipmi
389 ldap
873 rsync
110 pop3
110 pop3
1090 java rmi
1433 mssql
1521 oracle transparent network substrate
1720 voip
623 ipmi
2049 nfs
3128 squid
3306 mariadb
3389 RDP
5355 LLMNR
5432 postgresql
1720 voip
1720 voip
5985 winrm
5985 winrm
6379 redis
6653 openflow
8080 jboss
8089 splunk universal Forwarder
14147 filezilla
14147 filezilla
25672 erlang port
27017 mongodb
27017 mongodb
55007 dovecot
55007 dovecot
Pentesting APIs
Pentesting APIs
Rest APIs
Rest APIs
Setting up the environmet
Api Reconnaissance
Endpoint Analysis
Scanning APIs
API authentication attacks
Exploiting API Authorization
Testing improper assets management
Mass assignment
Server-side Request Forgery
Injections attacks
Evasion and combining techniques
Setting up the labs + writeups
GraphQL
SOAP
Pentesting web
Pentesting web
OWASP Framework
OWASP Framework
1.Information Gathering
1.Information Gathering
1.1. Search engine for Information leakage
1.2. Fingerpring Web server
1.3. Review Webserver Metafiles for Information Leakage
1.4. Enumerate Applications on Webserver
1.5. Review Webpage content for Information Leakage
1.6. Identify Application Entry Points
1.7. Map Execution Paths through applications
1.8. Fingerprint Web Application Framework
1.9. Fingerprint Web Applications
1.10. Map Application architecture
2.Configuration and Deployment Management Testing
2.Configuration and Deployment Management Testing
2.1. Test Network Infrastructure Configuration
2.2. Test Application Platform Configuration
2.3. Test File Extensions Handling for Sensitive Information
2.4. Review Old Backup and Unreferenced Files for Sensitive Information
2.5. Enumerate Infrastructure and Application Admin Interfaces
2.6. Test HTTP Methods
2.7. Test HTTP Strict Transport Security
2.8. Test RIA Cross Domain Policy
2.9. Test File Permission
2.10. Test for Subdomain Takeover
2.11. Test Cloud Storage
2.12. Testing for Content Security Policy
2.13. Test Path Confusion
3.Identity Management Testing
3.Identity Management Testing
3.1. Test Role Definitions
3.2. Test User Registration Process
3.3. Test Account Provisioning Process
3.4. Testing for Account Enumeration and Guessable User Account
3.5. Testing for Weak or Unenforced Username Policy
4.Authentication Testing
4.Authentication Testing
4.1. Testing for Credentials Transported over an Encrypted Channel
4.2. Testing for Default Credentials
4.3. Testing for Weak Lock Out Mechanism
4.4. Testing for Bypassing Authentication Schema
4.5. Testing for Vulnerable Remember Password
4.6. Testing for Browser Cache Weaknesses
4.7. Testing for Weak Password Policy
4.8. Testing for Weak Security Question Answer
4.9. Testing for Weak Password Change or Reset Functionalities
4.10. Testing for Weaker Authentication in Alternative Channel
4.11. Testing Multi-Factor Authentication (MFA)
5.Authorization Testing
5.Authorization Testing
5.1. Testing Directory Traversal File Include
5.2. Testing for Bypassing Authorization Schema
5.3. Testing for Privilege Escalation
5.4. Testing for Insecure Direct Object References
5.5. Testing for OAuth Weaknesses
6.Session Management Testing
6.Session Management Testing
6.1. Testing for Session Management Schema
6.2. Testing for Cookies Attributes
6.3. Testing for Session Fixation
6.4. Testing for Exposed Session Variables
6.5. Testing for Cross Site Request Forgery
6.6. Testing for Logout Functionality
6.7. Testing Session Timeout
6.8. Testing for Session Puzzling
6.9. Testing for Session Hijacking
6.10. Testing JSON Web Tokens
7.Input Validation Testing
7.Input Validation Testing
7.1. Testing for Reflected Cross Site Scripting
7.2. Testing for Stored Cross Site Scripting
7.3. Testing for HTTP Verb Tampering
7.4. Testing for HTTP Parameter Pollution
7.5. Testing for SQL Injection
7.6. Testing for LDAP Injection
7.7. Testing for XML Injection
7.8. Testing for SSI Injection
7.9. Testing for XPath Injection
7.10. Testing for IMAP SMTP Injection
7.11. Testing for Code Injection
7.12. Testing for Command Injection
7.13. Testing for Format String Injection
7.14. Testing for Incubated Vulnerability
7.15. Testing for HTTP Splitting Smuggling
7.16. Testing for HTTP Incoming Requests
7.17. Testing for Host Header Injection
7.18. Testing for Server-side Template Injection
7.19. Testing for Server-Side Request Forgery
7.20. Testing for Mass Assignment
8.Testing for Error Handling
8.Testing for Error Handling
8.1. Testing for Improper Error Handling
8.2. Testing for Stack Traces
9.Testing for Weak Cryptography
9.Testing for Weak Cryptography
9.1. Testing for Weak Transport Layer Security
9.2. Testing for Padding Oracle
9.3. Testing for Sensitive Information Sent via Unencrypted Channels
9.4. Testing for Weak Encryption
10.Business Logic Testing
10.Business Logic Testing
10.1. Test Business Logic Data Validation
10.2. Test Ability to Forge Requests
10.3. Test Integrity Checks
10.4. Test for Process Timing
10.5. Test Number of Times a Function Can Be Used Limits
10.6. Testing for the Circumvention of Work Flows
10.7. Test Defenses Against Application Misuse
10.8. Test Upload of Unexpected File Types
10.9. Test Upload of Malicious Files
10.10. Test Payment functionality
11.Client-side Testing
11.Client-side Testing
11.1. Testing for DOM-Based Cross Site Scripting
11.2. Testing for JavaScript Execution
11.3. Testing for HTML Injection
11.4. Testing for Client-side URL Redirect
11.5. Testing for CSS Injection
11.6. Testing for Client-side Resource Manipulation
11.7. Testing Cross Origin Resource Sharing
11.8. Testing for Cross Site Flashing
11.9. Testing for Clickjacking
11.10. Testing WebSockets
11.11. Testing Web Messaging
11.12. Testing Browser Storage
11.13. Testing for Cross Site Script Inclusion
11.14. Testing for Reverse Tabnabbing
12.API Testing
12.API Testing
12.1. Testing GraphQL
Penetration testing process
Information Gathering
Enumeration phase
Vulnerability assessment
Web Exploitation
Web Exploitation
HTTP Authentication schemes
Broken access control
Brute forcing
Buffer overflow attack
Creating malware and custom payloads
Captcha Replay Attack
Command injection
CRLF attack- Carriage Return and Linefeed attack
CSRF attack- Cross-Site Request Forgery
Directory traversal and File Inclusion attacks
Directory traversal and File Inclusion attacks
File inclusion
LFI attack- Local File Inclusion attack
RFI attack- Remote File Inclusion attack
Log poisoning
Bypassing file upload restrictions
HTTP verb tampering
Insecure deserialization
JWT attacks
Password attacks
PHP type juggling vulnerabilities
RCE attack- Remote Code Execution attack
RFD attack- Reflected File Download attack
SSTI attack- Server Side Template Injection attack
Session puzzling attack
SSRF attack- Server Side Request Forgery attack
SQL injection attack
NoSQL injection
XFS attack- Cross-frame Scripting attack
XEE attack- XML External Entity attack
XSS attack- Cross-site Scripting attack
Web Mass assignment
Pentesting applications and frameworks
Pentesting applications and frameworks
Common apps
browsers
coldfusion
common gateway interfaces
django
dotnetnuke DNN
drupal
gibbon LMS
gitlab
grafana
jenkins
joomla
keycloak
Log4j
Magnolia
Microsof Internet Information Services IIS
MyBB
Nagios
oData
osTicket
powerapps
ptrg network monitoring
splunk
tomcat
wordpress
Pentesting mobile
Pentesting mobile
Setting up the mobile pentesting environment
Rooting Samsung Galaxy A515F
Pentesting Thick applications
Pentesting Thick applications
ELF executables examination
Tools for pentesting thick clients applications
Basic lab setup
First challenge- Enabling a button
Information gathering phase
Traffic analysis
Attacking thick clients applications
Reversing and patching thick clients applications
Common vulnerabilities
Attack examples
Checklist when pentesting Thick applications
Pentesting Cloud
Pentesting Cloud
Cloud essentials
Cloud essentials
aws essentials
Notes for the Az-900 exam
gcp essentials
openstack
apache cloudstack
Pentesting Azure
Pentesting AWS
Pentesting docker
Pentesting kubernetes
Pentesting RFID
Pentesting RFID
RFID
Cards
Cards
Mifare classic
Mifare desfire
Install proxmark3 in Kali
Proxmark3 cheat sheet
Python
Python
Python installation
Packet management
Packet management
pdm
pip
pyenv
Virtual environments
Pentesting with python
Pentesting with python
Tools and scripts
Gaining persistence shells (TCP + HTTP)
Gaining persistence shells (TCP + HTTP)
Coding a TCP reverse shell
Coding a http reverse shell
Coding a data exfiltration script for a TCP reverse shell
Coding a data exfiltration script for a http server
Tunning the connection attempts
Including cd command into TCP reverse shell
Advanced scriptable shells
Advanced scriptable shells
Using a Dynamic DNS instead of your bared attacker public ip
Making your binary persistent
Making a screenshot
Coding a reverse shell that searches files
Coding a reverse shell that scans ports
Techniques for bypassing filters
Techniques for bypassing filters
Hickjack the Internet Explorer process to bypass an host based firewall
Bypassing Next Generation Firewalls
Bypassing IPS with XOR encryption
Malware and crytography
Malware and crytography
Building a TCP reverse shell with AES encryption
Building a TCP reverse shell with RSA encryption
Building a TCP reverse shell with hybrid encryption
Password Hickjacking
Password Hickjacking
Simple keylogger in python
Hijacking Keepass Password Manager
Dumping saved passwords from Google Chrome
Man in the browser attack
DNS Poisoning
Privilege escalation
Privilege escalation
Weak service file permission
Pentesting Linux
Pentesting Linux
General notes
Linux enumeration
Privilege Escalation
Privilege Escalation
Index
Linux enumeration
Crack sensitive files
Cron jobs
Dirty cow
Dirty Pipe
Escaping restricted shells
Pentesting docker
Pentesting kubernetes
Hijacking tmux sessions
Kernel vulnerabilities
Lxd privilege escalation
Logrotate
Netfilter
Path abuse
Polkit
Process capabilities getcap
Python Library Hickjacking
Shared libraries
Shared object hijacking
SSH keys
Sudo rights abuse
Suid binaries
Vulnerable services
Vulnerable services
Screen
Wildcard abuse
Tools
Tools
Enumerate with Linux Privilege Checker
Linux Exploit Suggester
linPEAS
Pentesting Infrastructure
Pentesting Infrastructure
Honeypots
Active directory
Active directory
Index
From Linux
From Linux
Linux in Active Directory
Reconnaissance
Attacks
Attacks
Attacking Active Directory from Linux
Invoke the hash
NoPac - SamAccountName Spoofing
Pass the hash
Pass the ticket
Lateral Movement
Privilege Escalation
From Windows
From Windows
Reconnaissance
Connecting
Attacks
Lateral movement
Privilege escalation
Hardening and auditing Active Directory
Resources
Lateral movements
Pivoting
Pentesting Windows
Pentesting Windows
How login happens
Execution Policy bypasses
Footprinting windows
Privilege Escalation
Privilege Escalation
Index of Privilege escalation
Abusing User privileges
Abusing User privileges
Index of Abusing User Privileges
SeBackupPrivilege
SeImpersonatePrivilege
SeImpersonatePrivilege
SeImpersonatePrivilege
JuicyPotato- SeImpersonate or SeAssignPrimaryToken
PrintNightmare
Print Spooler / PrintSpoofer - SeImpersonatePrivilege + Windows Print Spooler service
SeDebugPrivilege
SeLoadDriverPrivilege
SeManageVolumePrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeTcbPrivilege
Abusing Group privileges
Abusing Windoes Library Files
Access Control List ACL Abuse
Access Control List ACL Abuse
Index
WriteOwner
UAC User Account Control
Abusing weak permissions
Services
Services
Abusing processes in windows
Abusing vulnerable services
DLL injections
Named pipes
Windows binaries
Kernel exploits
Kernel exploits
Index
HiveNightmare
PrintNightmare
Print Spooler / PrintSpoofer - SeImpersonatePrivilege + Windows Print Spooler service
Password Mining
Password Mining
Credentials hunting
Privilege escalation
Privilege escalation
Pass the hash
Registries
Registries
Always Install Elevated
Certificates CVE-2019-1388 hhupd.exe
Index
ARP Poisoning
Attacking Domain Trusts
Attacking LSASS
Attacking SAM
Attacking NTDS
End of Life Systems
Kerberoasting
Invoke the hash
Null session attack
Pass the ticket
Pillaging
Restricted environments- Citrix breakout
Scheduled tasks
User-Computer Description field
User interaction
Virtual hard drives
Persistence
Persistence
Create a Registry
Windows hardening
Cryptography
Forensic
Reverse engineering
Reverse engineering
The basics of reverse engineering
Malware -custom payloads -phishing
Ruby
Wireless security
Downloads
Pentesting Windows
Privilege Escalation
Abusing Windows Library Files
Last update:
2025-12-21
Created: December 21, 2025 12:46:39
Back to top