TCM Security Academy Notes - by syselement
Ask or search...
Ctrl
K
🏠 Home Blog
GitHub
📚 Buy Me a Book
More
Courses
TCM - Practical Ethical Hacking
PEH References
Previous
8. Legal Documentation & Report Writing
Last updated
3 months ago
Was this helpful?
Introduction
Note Keeping
Networking
Lab Set Up
Python
The Ethical Hacker Methodology
Information Gathering
Scanning & Enumeration
Vulnerability Scanning with Nessus
Exploitation Basics
Active Directory
Post Exploitation
Web Application
Wireless Penetration Testing
Legal Documents and Report Writing
+
🌐
Practical Ethical Hacking - The Complete Course
TCM Course Resources - Github
Practical-Ethical-Hacking-Resources
PNPT Certification
Course and FAQs - Discord
Why You Shouldn't Be an Ethical Hacker
Notetaking Apps Ranked (Alex Olsen)
Notion
Joplin
GitBook
Obsidian
FlameShot - Screenshot tool
ShareX - Screenshot tool
GreenShot - Screenshot tool
Professor Messer - Seven Second Subnetting - Youtube
Subnet Guide - TCM
Networking Fundalmentals - Practical Networking Youtube
Subnetting Mastery - Practical Networking Youtube
Network Fundamentals - Network Direction Youtube
SMB University - Cisco Networking Fundamentals
guru99 - TCP 3-Way Handshake
guru99 - OSI Model Layers
OSI Cyber Attacks - byos.io
Subnet Calculator - mxtoolbox.com
CIDR to IPv4 Conversion
VMware Workstation Player
VMWare Workstation Pro (Free)
VirtualBox + VirtualBox Extension Pack
Kali Linux
Kali VM Installation - VMware - syselement
pimpmykali
ParrotOS
TCM Linux-101 - syselement
chmod Calculator
explainshell.com
What is a ping sweep (ICMP sweep)?
Python Documentation
LearnPython.org
Python Tutorial - W3Schools
Python Cheatsheet
Automate the Boring Stuff with Python - Book
Socket Programming in Python (Guide) - RealPython
Phases of Ethical Hacking - InfosecTrain
Bugcrowd
Hunter.io
Phonebook.cz
Clearbit Connect
EmailHippo Email address verifiy
Email-checker
HaveIBeenPwned
breach-parse
DeHashed.com
Hashes.com
Sublist3r
crt.sh
amass
httprobe
assetfinder
gowitness
subjack
waybackurls
BuiltWith.com
Wappalyzer.com
WhatWeb
Burp Suite
Google Search Syntax
Google Search Operators: The Complete List (44 Advanced Operators)
Open-Source Intelligence Fundamentals - TCM Security
sumrecon script - Gr1mmie
The Bug Hunter's Methodology Full 2-hour Training by Jason Haddix
Nahamsec Recon Playlist
PEH Course VMs - TCM Security
PEH Course Capstone VMs (updated) - TCM Security
VulnHub
nmap
nikto
dirbuster
dirb
ffuf
HTTP response codes
Metasploit
Vulnerability & Exploit Database - Rapid7
How to Enumerate SMB with Enum4linux & Smbclient - Null Byte
smbclient
exploit-db
searchsploit
Nessus
Nessus Essentials - syselement
Hacking with Netcat part 2: Bind and reverse shells
netcat
Metasploit Unleashed - OffSec
Apache mod_ssl < 2.8.7 OpenSSL - Remote Buffer Overflow
Top 13 Vulnerable Web Applications and Websites for Ethical Hacking Practice | by ByteBusterX | Medium
Damn Vulnerable Web Application (DVWA)
Credential stuffing
Password spraying
CVE-2017-0144 - MS17-010
CrackStation - Online Password Hash Cracking
hashcat
GitHub - pentestmonkey/php-reverse-shell
LinPEAS
WinPEAS
pspy
Reverse Shell Cheat Sheet | pentestmonkey
fcrackzip
GTFO Bins
Pure Groovy/Java Reverse Shell
Unquoted Service Paths | Red Team Notes
dnsrecon
Spawning a TTY Shell | SecWiki
Linux Privilege Escalation - SUDO and SUID | HackTricks
Linux Privilege Escalation | TCM Security
Windows Privilege Escalation for Beginners | TCM Security
Active Directory Domain Services
Introduction to Active Directory - HTB Academy
Compromising Active Directory module - TryHackMe
PimpmyADLab
Building a Windows AD lab
GrouppVM
How To Setup Red Team And Blue Team Lab 2024 - Part 2 - InfoSec Pat
LLMNR Poisoning and How to Prevent It - TCM Security
LLMNR | Pentest Everything - viperone.gitbook.io
Responder
SMB Relay Attacks and How to Prevent Them - TCM Security
ntlmrelayx.py
mitm6 - compromising IPv4 networks via IPv6 - Fox-IT
mitm6
How to Hack Through a Pass-Back Attack: MFP Hacking Guide
PRET
Printer Security Testing Cheat Sheet - Hacking Printers
Praeda
ldapdomaindump
BloodHound
PlumHound
PingCastle
Forest Druid
Purple Knight
crackmapexec
CrackMapExec Cheat Sheet 2024 (Commands & Examples) - Stationx
netexec
secretsdump.py
HTB: Cicada | 0xdf hacks stuff
Kerberoasting - CrowdStrike
Kerberoast | HackTricks
Kerberoasting | Red Team Notes
GetUserSPNs.py
Token Impersonation | Pentest Everything
Fun with Incognito - Metasploit Unleashed
Forced Authentication | Red Team Notes
Finding Passwords in SYSVOL & Exploiting Group Policy Preferences – Active Directory Security
MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege: May 13, 2014 - Microsoft Support
Exploiting-GPP-AKA-MS14_025-vulnerability
GPP attacks | Internal Pentest
mimikatz
Kerberos Golden Ticket Attack Explained - StationX
Golden Ticket Attack Explained | Semperis Identity Attack Catalog
Golden Ticket Attack Explained - MITRE ATT&CK T1558.001
rycon.hu - mimikatz's Golden Ticket
Zerologon
ZeroLogon testing script
dirkjanm/CVE-2020-1472: PoC for Zerologon
What Is Zerologon? | Trend Micro (US)
PrintNightmare Exposes Windows Servers to RCE | Huntress
Playing with PrintNightmare | 0xdf hacks stuff
cube0x0/CVE-2021-1675: C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
calebstewart/CVE-2021-1675: Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)
AD Case Study #1 - You Spent How Much on Security? - TCM Security
AD Case Study #2 - #Pentest Tales #002: Digging Deep - TCM Security
proxychains
sshuttle
chisel
Alex Olsen - AppSecExplained
AppSecExplained
Burp Suite documentation - PortSwigger
Web Security Academy - PortSwigger
OWASP Top Ten
Webhook.site - Test, transform and automate Web requests and emails
SQL injection cheat sheet | Web Security Academy
SQL Injection | OWASP Foundation
Cross-Site Scripting (XSS) Cheat Sheet - 2024 Edition | Web Security Academy
What is cross-site scripting (XSS) and how to prevent it? | Web Security Academy
Cross Site Scripting (XSS) | OWASP Foundation
alert() is dead, long live print() | PortSwigger Research
The Modern JavaScript Tutorial
PayloadsAllTheThings - Command Injection
What is OS command injection, and how to prevent it? | Web Security Academy
Command Injection | OWASP Foundation
Command injection | AppSecExplained
Reverse Shell Cheat Sheet - Internal All The Things
PayloadsAllTheThings - Upload Insecure Files
File uploads | Web Security Academy
Insecure file upload | AppSecExplained
List of file signatures (Magic bytes) - Wikipedia
Authentication | AppSecExplained
Authentication vulnerabilities | Web Security Academy
PayloadsAllTheThings - XXE Injection
What is XXE (XML external entity) injection? | Web Security Academy
XXE (XML external entity) injection | AppSecExplained
PayloadsAllTheThings - Insecure Direct Object References
Insecure direct object references (IDOR) | Web Security Academy
Pentesting Wifi - HackTricks
ricardojoserf/wifi-pentesting-guide
Offensive Security Tool: WEF (WiFi Exploitation Framework) | Black Hat Ethical Hacking
D3Ext/WEF: Wi-Fi Exploitation Framework
Curso Gratis de Hacking Wifi | D3Ext
Best Kali Linux Compatible USB Adapters 2024 – WirelesSHack
OpenWrt & WiFi Exploitation | syselement's Blog
aircrack-ng Usage
airmon-ng
airodump-ng
Sample pentest report provided by TCM Security
Writing a Pentest Report - TCM video
