# Misc

### AD Resource / Checklists

* [**Active Directory Cheat Sheet**](https://github.com/Integration-IT/Active-Directory-Exploitation-Cheat-Sheet)
* [**Living Off The Land Binaries, Scripts and Libraries**](https://lolbas-project.github.io/#t)
* [**Red Teaming Toolkit**](https://github.com/infosecn1nja/Red-Teaming-Toolkit)
* [**Active Directory Kill Chain Attack & Defense**](https://github.com/infosecn1nja/AD-Attack-Defense)
* [**OSEP Code Snippets**](https://github.com/chvancooten/OSEP-Code-Snippets)
* [**SharpCollection**](https://github.com/Flangvik/SharpCollection)

### Windows / AD Attack Tools

This is common tools for AD / Windows exploitation. I give the keyword, Google it how to use.

* **NetExec** / **CrackMapExec**
* **Impacket**
* **Bloodhound / Sharphound /Rusthound**
* **Powersploit** / **PowerView** / **PowerUp**
* **GhostPack-Compiled Binaries**
* **PowerUpSQL**
* **UACME** (for UAC bypass)
* **Mimikatz / LaZagne**
* **WinPEAS / Moriarty**
* **Windows Exploit Suggester - Next Generation (WES-NG)**
* **GodPotato (**&#x66;or Impersonate P&#x45;**)**

### **Linux Attack Tools**

Common tools for Linux enumeration and exploitation.

* **LinPEAS**
* **pspy**
* **sund3num**
* **traitor**

### Pivoting

Common tools for pivoting. Google it.

* **chisel**
* **rpivot**
* **sshuttle**
* **ligolo**
* **ligolo-ng**

### **Thick Client Pentest**

Common tools for thick client pentesting.

* [**Proccess Monitor**](https://learn.microsoft.com/id-id/sysinternals/downloads/procmon) (For DLL Hijacking Enumeration)&#x20;
* [**Echo Mirage**](https://sourceforge.net/projects/echomirage.oldbutgold.p/) (Request sniffing and modification)&#x20;
* [**WinSpy**](https://github.com/strobejb/winspy/releases) (For UI modification)&#x20;
* [**Wireshark**](https://www.wireshark.org/download.html) (For network monitoring)&#x20;
* [**Proccess Hacker**](https://processhacker.sourceforge.io/downloads.php) (For Proccess Monitoring)&#x20;
* [**Signcheck**](https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck) (For digital signature details enumeration)
* **dnSpy** / **ILSpy** (A .NET debugger and assembly editor)

#### Thick Client Playground:

* <https://github.com/srini0x00/dvta>

### Other Useful Checklists

* <https://notes.vulndev.io/wiki>
* <https://www.thehacker.recipes/>
* <https://notthehiddenwiki.com/>
* <https://www.ired.team/>
* <https://www.pudn.com/Download/item/id/1705669525391893.html>
* <https://swisskyrepo.github.io/PayloadsAllTheThings/>

## Living Off The Land Projects

**What is LOTL Technique?**&#x20;

Unlike traditional malware attacks, which leverage signature files to carry out the attack plan, LOTL attacks are fileless — meaning they do not require an attacker to install any code or scripts within the target system. Instead, the attacker uses tools that are already present in the environment, such as PowerShell, Windows Management Instrumentation (WMI) or the password-saving tool, Mimikatz, to carry out the attack.

Using native tools makes LOTL attacks far more difficult to detect, especially if the organization is leveraging traditional security tools that search for known malware scripts or files. Because of this gap in the security toolset, the hacker is often able to dwell undetected in the victim’s environment for weeks, months or even years.

* [**Living Off The Land Active Directory**](https://lolad-project.github.io/)
* [**Living Off The Land Drivers**](https://www.loldrivers.io/)
* [**GTFOBins**](https://gtfobins.github.io/)
* [**Living Off The Land Binaries, Scripts and Libraries**](https://lolbas-project.github.io/)
* [**Living Off The Land Applications**](https://lolapps-project.github.io/)

{% hint style="info" %}
**Note**: This page is incomplete and will be regularly updated. If you have any ideas or resources that need to be added, please contact me at <yuyudhn@gmail.com>.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://htb.linuxsec.org/quickstart/misc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.