Public resources for PEN-300 Training.
- 3.1.3.1: JavaScript
- 3.2.2.1: MyMarco
- 3.2.3.1: MyMarco and PowerShell
- 3.4.3.1: Calling Win32 APIs from VBA
- https://sites.google.com/site/jrlhost/links/excelcdll
- MessageBoxA
- FindWindowA
- 3.5.1.1: Calling Win32 APIs from PowerShell
- 3.5.2.1: Porting Shellcode Runner to PowerShell
- 3.6.2.1: Leveraging UnsafeNativeMethods
- 3.6.3.1: DelegateType Reflection
- 4.1.1.1: Creating a Basic Dropper in Jscript
- 4.1.2.1: Jscript Meterpreter Dropper
- 4.2.2.1: DotNetToJscript
- 5.1.2.1: Process Injection in C# (VirtualAlloc and WriteProcessMemory Injection)
- http://pinvoke.net/default.aspx/kernel32/OpenProcess.html
- http://pinvoke.net/default.aspx/kernel32/VirtualAllocEx.html
- http://pinvoke.net/default.aspx/kernel32/WriteProcessMemory.html
- http://pinvoke.net/default.aspx/kernel32/CreateRemoteThread.html
- https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process.getprocessesbyname?view=netframework-4.8
- https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process.id?view=net-5.0
- https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/CodeExecution/Invoke-Shellcode.ps1
- 5.1.2.2: Extra Mile (NTMap Injection)
- https://www.ired.team/offensive-security/code-injection-process-injection/ntcreatesection- -ntmapviewofsection-code-injection
- http://joyasystems.com/list-of-ntstatus-codes
- NtCreationSection
- NtMapViewOfSection
- NtUnmapViewOfSection
- NtClose
- 6.6.2.1: Non-emulated APIs
- 6.7.2.1: Stomping On Microsoft Word
- 6.8.3.1: Obfuscating VBA
- https://download.serviio.org/releases/serviio-1.8-win-setup.exe
- https://www.exploit-db.com/exploits/41959
- https://medium.com/@SumitVerma101/windows-privilege-escalation-part-1-unquoted-service-path-c7a011a8d8ae
- https://www.vergiliusproject.com/kernels/x64/Windows 10 | 2016/1809 Redstone 5 (October Update)/_PEB32
- 7.4.2.1: Patching the internals
- 7.4.2.2: Extra Mile
- 8.2.2.2: Extra Mile
- 8.4.5.2: Extra Mile
- https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild?view=vs-2019
- https://docs.microsoft.com/en-us/visualstudio/msbuild/msbuild-inline-tasks?view=vs-2019
- https://docs.microsoft.com/en-us/visualstudio/msbuild/walkthrough-creating-an-inline-task?view=vs-2019
- https://www.ired.team/offensive-security/code-execution/using-msbuild-to-execute-shellcode-in-c
- 8.5.2.2: Extra Mile
- 9.3.1.1: Case Study: Bypassing Norton HIPS with Custom Certificates
- 9.6.1.2: Extra Mile
- 9.6.2.2: Extra Mile
- 10.1.2.1: VIM Config Simple Keylogger
- 10.3.2.2: Extra Mile
- 11.2.4.2: Extra Mile
- 12.4.1.1: Memory Dump
- 13.1.4.1: RDP as a Console
- 13.1.5.1: Stealing Clear Text Credentials from RDP
- 13.2.2.1: Implementing Fileless Lateral Movement in C#
- 14.3: Kerberos on Linux
- 14.3.4.2: Extra Mile
- 15.2.1.1: Privilege Escalation using SQL Impersonation
- 15.3.1.1: Linked Server
- 15.3.1.2: Extra Mile
- 15.3.2.2: Extra Mile
- 16.2.1.1: Keroberos Unconstrained Delegation
- 16.2.2.1: I Am a Domain Controller
- 16.2.3.1: Constrained Delegation
- 16.2.4.1: Resource-Based Constrained Delegation
- 16.4.1.2: Extra Mile