Skip to main content
Advanced Search
Search Terms
Content Type

Exact Matches
Tag Searches
Date Options
Updated after
Updated before
Created after
Created before

Search Results

98 total results found

ADMinions

We're a team of cybersecurity professionals who love to learn, compete, and push our limits.More than just competitors, we’re a group of friends who tackle challenges together—sharpening our skills through CTFs and real-world security research. Here is the lin...

The Team

We're little minions working on Active Directory and sometimes doing CTFs for fun

Articles

ADMinions research articles and technical deep dives into offensive security topics, including malware behavior, Windows internals, and persistence techniques.

Azure AD (AAD)

A collection of offensive Azure AD and Microsoft 365 cheatsheets, covering enumeration, privilege escalation, persistence, and log evasion techniques used in cloud-based red teaming and post-exploitation scenarios.

ADCS

A collection of cheatsheets for abusing Active Directory Certificate Services, documenting ESC1 to ESC15 attack paths used for authentication bypass, impersonation, and privilege escalation.

Domain Trust Attacks

A collection of cheatsheets for attacking Active Directory trusts across forest and domain boundaries, including child/parent domain abuse and one-way trust exploitation for lateral movement and domain escalation.

Windows Attacks and Enumerations

A collection of cheatsheets for post-compromise enumeration, privilege escalation, persistence, and evasion techniques in Windows environments.

Web Attacks

A collection of cheatsheets for discovering and exploiting common web application vulnerabilities and misconfigurations.

Active Directory Enumeration and Exploitation

A collection of cheatsheets for attacking Active Directory environments — from enumeration and authentication attacks to ACL abuse, delegation, and lateral movement techniques.

HackTheBox Challenges

A collection of writeups and technical notes for HackTheBox challenges.

Information Gathering

A collection of cheatsheets for the reconnaissance phase of offensive security, covering Nmap scanning, service enumeration, DNS analysis, and target identification techniques.

OtterSec

The Team

I like otters... a lot ʕ •ᴥ•ʔ Currently focusing on honing my AD skills and recently got into AV/EDR evasion Find me on HackTheBox here and on VulnLab :)

serioton

The Team

I love cats, Active Directory and playing CTFs Hack The Box: https://app.hackthebox.com/profile/768975 Github: https://github.com/seriotonctf Twitter: https://x.com/seriotonctf

Kerberos Attacks

Active Directory Enumeration and Exploi...

A cheatsheet for Kerberos Attacks targeting Active Directory vulnerabilities, including Kerberoasting, AS-REP Roasting, Coerced Authentication, and NoPac for privilege escalation. Author: BobBuilder Kerberoasting Kerberoasting is an attack against service ac...

SQL Injection

Web Attacks

A cheatsheet for SQL Injection targeting database enumeration, error-based exploitation, file read/write, remote code execution, and DNS exfiltration techniques. Author: 22sh Database enumeration MySQL SELECT GROUP_CONCAT(schema_name,',') FROM information_sc...

Persistence

Windows Attacks and Enumerations

A cheatsheet for persistence techniques on Windows, targeting long-term access using task scheduling, startup folders, and registry autorun methods. Author: serioton Persistence on Windows The commands that include execute-assembly have been executed from a ...

Recon

Windows Attacks and Enumerations

A cheatsheet for Recon targeting comprehensive information gathering and system enumeration techniques to enhance offensive security operations. Authors: BobBuilder, otter Windows recon Some commands are meant to be executed from a Sliver beacon but can easi...

Windows Local Privilege Escalation

Windows Attacks and Enumerations

A cheatsheet for Windows Local Privilege Escalation targeting methods to gain elevated access on Windows systems, including exploiting SeDebugPrivilege and SeImpersonatePrivilege. Authors: BobBuilder, Bryan McNulty, otter SeDebugPrivilege Migrate PID to priv...

LueRader

The Team

Interested in everything to do with enterprise network security. Usually big fan of web and pwn too, but not very active lately.

pr0m0ly

The Team

Passionate about cybersecurity, specializing in Active Directory environments. CTF Player focused on Web, Forensics and Blockchain. You'll find me on platforms like HackTheBox and VulnLab!

Defense Evasion

Windows Attacks and Enumerations

A cheatsheet for Defense Evasion targeting techniques to bypass security measures, including application whitelisting, using HTA and XSL scripts. Author: otter Defense Evasion Useful Links Win32 API docs NTAPI Undocumented Functions Kernel-specific str...

Server Side Request Forgery SSRF

Web Attacks

A cheatsheet for Server Side Request Forgery (SSRF) targeting server manipulation to exploit vulnerabilities and access internal or external resources by bypassing restrictions. Author: 22sh Definition Server-Side Request Forgery (SSRF) is a vulnerability th...

fsharp

The Team

Hey there! I'm interested in cybersecurity and I play CTFs as a hobby. My biggest interests are in reverse engineering and forensics. You can find me on CTF Discord servers (fsharp123), GitHub (G-flat), and Twitter (currently known as X; fsharp123). Personal a...

Useful links

Azure AD (AAD)

dirkjanm.io Blog AADInternals Blog List of Managed Identities Web applications Portal.azure.com admin.exchange.microsoft.com compliance.microsoft.com security.microsoft.com Graph Explorer Graph PWSH SDK Documentation MSOnline PWSH Module docume...

Overview of Azure & M365

Azure AD (AAD)

A cheatsheet for targeting Azure & M365 environments, focusing on identity management, resource access, and authentication methods for offensive security operations. Author: otter AAD (Azure Active Directory) is an identity and access management service: it ...

Enumerate Users and Domains

Azure AD (AAD)

A cheatsheet for targeting user and domain enumeration using public APIs and DNS suffixes to extract tenant and authentication data. Author: otter MS has a series of public APIs and DNS public suffixes that we can check during the enumeration phase. Enumerat...

Post-exploitation Reconnaissance

Azure AD (AAD)

A cheatsheet for post-exploitation reconnaissance targeting Active Directory tenant information, admin roles, high-value targets, and conditional access policies for comprehensive network analysis. Author: otter Enumerate AD tenant information admin roles a...

Password Spraying M365

Azure AD (AAD)

A cheatsheet for targeting Microsoft 365 accounts using password spraying techniques to bypass security measures such as account lockouts and IP blacklisting. Author: otter This attack is not complex as it only consists in "guessing" a user's password but th...

OAuth 2.0 Abuse

Azure AD (AAD)

A cheatsheet for OAuth 2.0 Abuse targeting unauthorized access by exploiting access tokens through malicious applications, bypassing credential changes and MFA protections. Author: otter OAUth is a protocol that allows third-party applications to access serv...

Abusing Device Code Authentication

Azure AD (AAD)

A cheatsheet for exploiting Device Code Authentication to target Azure AD and Microsoft 365 accounts, enabling unauthorized access and token acquisition. Author: otter Device Code Authentication allows to compromise a AAD / M365 account just like OAuth Abuse...

Abusing Cloud Administrator Role

Azure AD (AAD)

A cheatsheet for targeting cloud environments by abusing the Cloud Administrator role to gain unauthorized application access and control. Author: otter In this section we'll tackle an attack scenario that sees us compromising a Cloud Administrator account a...
More Results
Back to top