Cardboard Iguana Security
/
tags
/
OS
/
Windows
Dark mode
Light mode
Search
Search
101 items with this tag.
Sunday, January 5, 2025
Access the Windows Registry using PowerShell
HowTo
OS/Windows/Registry
Application/PowerShell
Sunday, January 5, 2025
Add Windows users at the command line
OS/Windows
Application/net
OS/Windows/Registry
Application/reg
Sunday, January 5, 2025
AS-REP roasting
Protocol/Kerberos
OS/Windows/ActiveDirectory
Cryptography/Hashes/NT
AttackCycle/Exploitation/AS-REPRoasting
AttackCycle/Exploitation/Kerberoasting
Sunday, January 5, 2025
AS-REP roasting with Impacket
OS/Windows/ActiveDirectory
AttackCycle/Exploitation/AS-REPRoasting
Application/Impacket
Protocol/Kerberos
Sunday, January 5, 2025
AS-REP roasting With Rubeus
OS/Windows/ActiveDirectory
AttackCycle/Exploitation/AS-REPRoasting
Application/Rubeus
Application/Hashcat
Sunday, January 5, 2025
Backdoor Visual Basic Scripts
AttackCycle/Exploitation
HowTo
Language/VisualBasic
FileFormat/VBS
Protocol/SMB
OS/Windows
Sunday, January 5, 2025
Bulk edit Windows permissions
OS/Windows/Permissions
Application/secedit
HowTo
Sunday, January 5, 2025
Bypass the PowerShell execution policy
Application/PowerShell
OS/Windows
HowTo
AttackCycle/Exploitation
Sunday, January 5, 2025
Bypass Windows antivirus with C#
HowTo
AttackCycle/AntiForensics
OS/Windows
Application/PowerShell
Application/PowerShell/Invoke-Mimikatz
Sunday, January 5, 2025
Calculate a file hash on Windows with CertUtil
HowTo
OS/Windows
Application/CertUtil
Cryptography/Hashes/SHA1
Sunday, January 5, 2025
Call Mimikatz from a meterpreter shell
Application/Metasploit/meterpreter
OS/Windows/ActiveDirectory
Protocol/Kerberos
AttackCycle/PrivEsc
AttackCycle/LateralMovement
AttackCycle/Exploitation
Sunday, January 5, 2025
Common Windows user types
OS/Windows
Sunday, January 5, 2025
Compact VM disk images
HowTo
Application/libVirt
Application/VirtualBox
OS/Windows
OS/Linux
Application/SDelete
Application/dd
Sunday, January 5, 2025
DCERPC
Protocol/DCERPC
OS/Windows/Server
Sunday, January 5, 2025
Default CIFS shares
Protocol/SMB
OS/Windows
AttackCycle/PrivEsc
AttackCycle/Exploitation
Sunday, January 5, 2025
dir
Application/dir
OS/Windows
Sunday, January 5, 2025
Disable AMSI
HowTo
OS/Windows/AMSI
AttackCycle/AntiForensics
Application/PowerShell
OS/Windows/Defender
Sunday, January 5, 2025
DRSUAPI
OS/Windows/Server
OS/Windows/ActiveDirectory
Protocol/DRSUAPI
Sunday, January 5, 2025
Enumerate AD CS templates with CertUtil
HowTo
Application/CertUtil
OS/Windows/ActiveDirectory
AttackCycle/Reconnaissance
Protocol/Kerberos
Application/Rubeus
Sunday, January 5, 2025
Equivalent Windows and *NIX commands
OS/AIX
OS/Linux
OS/macOS
OS/Android
OS/Windows
Application/cat
Application/type
Application/dig
Application/nslookup
Application/grep
Application/findstr
Application/select
Application/ifconfig
Application/ipconfig
Application/ls
Application/dir
Application/more
Application/netstat
Application/ping
Application/shutdown
Application/sleep
Application/timeout
Application/sudo
Application/RunAs
Application/tcpdump
Application/windump
Application/traceroute
Application/tracert
Application/wget
Application/whoami
Application/hostname
Language/Bash
Application/cmd
Sunday, January 5, 2025
Exploit local Windows services
OS/Windows/Services
AttackCycle/Exploitation
Application/Metasploit/msfvenom
OS/Windows/EventLog
HowTo
Sunday, January 5, 2025
Exploit local Windows tasks
OS/Windows/Tasks
AttackCycle/Exploitation
Application/PsExec
OS/Windows/Registry
AttackCycle/AntiForensics
HowTo
Application/icacls
Sunday, January 5, 2025
Exploit remote Windows services
OS/Windows/Services
AttackCycle/LateralMovement
OS/Windows/UAC
Protocol/RCP
Protocol/SMB
Protocol/NetBIOS
HowTo
Sunday, January 5, 2025
Exploit remote Windows tasks
OS/Windows/Tasks
AttackCycle/LateralMovement
OS/Windows/UAC
Protocol/RCP
Protocol/SMB
Protocol/NetBIOS
HowTo
Sunday, January 5, 2025
Exploit VBA scripts with msfvenom
HowTo
Application/Metasploit/msfvenom
Language/VisualBasic
Application/Metasploit/meterpreter
Application/Excel
Application/Word
OS/Windows/WSH
Sunday, January 5, 2025
Exploit the Windows DLL search order
AttackCycle/Exploitation
HowTo
OS/Windows
Sunday, January 5, 2025
Exploit the Windows “Feature on Demand” Helper
OS/Windows/Registry
AttackCycle/PrivEsc
HowTo
Sunday, January 5, 2025
Exploit Windows file associations
HowTo
AttackCycle/Exploitation
OS/Windows/Registry
Application/PowerShell
Application/netcat
Sunday, January 5, 2025
Exploit Windows services
OS/Windows/Services
AttackCycle/Exploitation
AttackCycle/LateralMovement
HowTo
Sunday, January 5, 2025
Exploit Windows shortcut files
AttackCycle/Exploitation
HowTo
Application/PowerShell
Application/netcat
OS/Windows
Sunday, January 5, 2025
Exploit Windows tasks
OS/Windows/Tasks
AttackCycle/Exploitation
AttackCycle/LateralMovement
HowTo
Sunday, January 5, 2025
Exploit the WinLogon initialization sequence
OS/Windows/WinLogin
OS/Windows/Registry
AttackCycle/Exploitation
HowTo
Sunday, January 5, 2025
findstr
Application/findstr
Application/grep
OS/Windows
Sunday, January 5, 2025
Get-WinEvent
OS/Windows/EventLog
Application/PowerShell
AttackCycle/Reconnaissance
Sunday, January 5, 2025
Git on Windows
OS/Windows
Application/Git
Application/SSH
Application/PowerShell
Sunday, January 5, 2025
Golden and silver ticket attacks
Protocol/Kerberos
OS/Windows/ActiveDirectory
Cryptography/Hashes/NT
AttackCycle/PrivEsc/GoldenTickets
AttackCycle/LateralMovement/SilverTickets
Sunday, January 5, 2025
HTML applications
FileFormat/HTML
FileFormat/HTA
OS/Windows
Sunday, January 5, 2025
icacls
Application/icacls
Application/PowerShell
OS/Windows/Permissions
Sunday, January 5, 2025
IIS configuration data
OS/Windows/IIS
AttackCycle/Reconnaissance
Sunday, January 5, 2025
Impacket
Application/Impacket
Application/PsExec
Protocol/Kerberos
OS/Windows/ActiveDirectory
Sunday, January 5, 2025
Invoke-Mimikatz
Application/PowerShell/Invoke-Mimikatz
AttackCycle/PrivEsc
AttackCycle/LateralMovement
Protocol/Kerberos
OS/Windows/ActiveDirectory
AttackCycle/Reconnaissance
AttackCycle/PrivEsc/PassTheHash
AttackCycle/LateralMovement/PassTheHash
Sunday, January 5, 2025
ipconfig
OS/Windows
Application/ipconfig
Sunday, January 5, 2025
Kerberoasting
Protocol/Kerberos
OS/Windows/ActiveDirectory
AttackCycle/Exploitation/Kerberoasting
Application/PowerShell/Invoke-Kerberoast
Application/Hashcat
Application/JohnTheRipper
Sunday, January 5, 2025
Kerberoasting with Impacket
OS/Windows/ActiveDirectory
Protocol/Kerberos
AttackCycle/Exploitation/Kerberoasting
Application/Impacket
Application/Hashcat
OS/Linux/Distros/Kali
Sunday, January 5, 2025
Kerberoasting with Rubeus
OS/Windows/ActiveDirectory
Protocol/Kerberos
AttackCycle/Exploitation/Kerberoasting
Application/Rubeus
Application/Hashcat
Sunday, January 5, 2025
Kerberos
Protocol/Kerberos
OS/Windows/ActiveDirectory
Application/Mimikatz
Application/Rubeus
FileFormat/kirbi
Cryptography/Hashes/NT
AttackCycle/PrivEsc
AttackCycle/LateralMovement
AttackCycle/Exploitation/Kerberoasting
Application/PowerShell/Invoke-Kerberoast
Application/Hashcat
Application/JohnTheRipper
OS/Linux/Distros/Kali
AttackCycle/Exploitation/AS-REPRoasting
AttackCycle/PrivEsc/GoldenTickets
AttackCycle/LateralMovement/SilverTickets
Sunday, January 5, 2025
Kerbrute
Protocol/Kerberos
Protocol/UDP
OS/Windows/ActiveDirectory
Application/Kerbrute
AttackCycle/Reconnaissance/BruteForcing
Sunday, January 5, 2025
meterpreter
Application/Metasploit/meterpreter
AttackCycle/Exploitation
AttackCycle/Reconnaissance
AttackCycle/AntiForensics
Cryptography/Hashes/NT
OS/Windows/SAM
AttackCycle/PrivEsc/GoldenTickets
Application/Mimikatz
OS/Windows/EventLog
Application/PowerShell
AttackCycle/PrivEsc
OS/Windows/LSASS
Sunday, January 5, 2025
Mimikatz
Application/Mimikatz
AttackCycle/Reconnaissance
AttackCycle/LateralMovement
AttackCycle/PrivEsc
OS/Windows/ActiveDirectory
Protocol/Kerberos
Cryptography/Hashes/NT
Application/PsExec
Application/Evil-WinRM
Application/XFreeRDP
OS/Windows/LSASS
OS/Windows/SAM
AttackCycle/LateralMovement/SilverTickets
AttackCycle/PrivEsc/GoldenTickets
AttackCycle/PrivEsc/PassTheHash
AttackCycle/LateralMovement/PassTheHash
Sunday, January 5, 2025
msfconsole
Application/Metasploit/msfconsole
AttackCycle/CommandAndControl
AttackCycle/AntiForensics
AttackCycle/Exploitation
Application/SSH
Application/Nmap
Protocol/TCP
Protocol/UDP
Protocol/HTTP
Protocol/SMB
Protocol/SMTP
Application/MySQL
AttackCycle/Exploitation/BruteForcing
Cryptography/Hashes/NT
Application/Metasploit/msfvenom
Application/Metasploit/meterpreter
Application/PsExec
OS/Windows
Application/JohnTheRipper
Protocol/RDP
AttackCycle/LateralMovement
Application/proxychains
Protocol/SOCKS
Sunday, January 5, 2025
msfvenom
Application/Metasploit/msfvenom
AttackCycle/Exploitation
Application/netcat
OS/Linux
OS/Windows
OS/macOS
FileFormat/HTA
Application/Metasploit/meterpreter
Language/VisualBasic
Language/Bash
Language/Python
Language/Perl
Language/PHP
Language/Java
Sunday, January 5, 2025
MS SQL
Application/MSSQL
OS/Windows
Application/PowerShell/Powercat
Application/netcat
AttackCycle/PrivEsc
Sunday, January 5, 2025
net
OS/Windows
Application/net
AttackCycle/Reconnaissance
LoLBins
AttackCycle/PrivEsc
Sunday, January 5, 2025
netsh
Application/netsh
OS/Windows/Firewall
Sunday, January 5, 2025
netstat
Application/netstat
OS/Linux
OS/Windows
Application/findstr
AttackCycle/Reconnaissance
Sunday, January 5, 2025
Nmap
Application/Nmap
Protocol/TCP
OS/Windows/Firewall
Protocol/ICMP
AttackCycle/Reconnaissance
Protocol/UDP
Protocol/HTTP
Protocol/SOCKS
Hardware/MACAddress
Protocol/ARP
Protocol/SMB
Protocol/NFS
AttackCycle/PrivEsc
Sunday, January 5, 2025
nslookup
Application/nslookup
OS/Windows
OS/Linux
Application/dig
Sunday, January 5, 2025
NTLM hashes
Cryptography/Hashes/NT
OS/Windows/SAM
Cryptography/Hashes/MD4
OS/Windows
Sunday, January 5, 2025
ping
Application/ping
OS/Windows
OS/Linux
Sunday, January 5, 2025
Pop a SYSTEM shell on the Windows login screen using sticky keys
Application/icacls
OS/Windows
Application/takeown
AttackCycle/Exploitation
HowTo
Sunday, January 5, 2025
Pop a SYSTEM shell on the Windows login screen using Utilman
Application/icacls
Application/takeown
AttackCycle/Exploitation
OS/Windows
HowTo
Sunday, January 5, 2025
Powercat
Application/PowerShell/Powercat
AttackCycle/LateralMovement
Application/netcat
OS/Linux/Distros/Kali
OS/Windows/AMSI
Sunday, January 5, 2025
PowerView
Application/PowerShell/PowerView
AttackCycle/Reconnaissance
OS/Windows/AMSI
Sunday, January 5, 2025
reg
OS/Windows/Registry
Application/reg
Sunday, January 5, 2025
Remotely install a Windows package with PowerShell
HowTo
OS/Windows
Application/PowerShell
AttackCycle/LateralMovement
AttackCycle/Exploitation
Sunday, January 5, 2025
Rubeus
Application/Rubeus
Protocol/Kerberos
OS/Windows/ActiveDirectory
AttackCycle/Reconnaissance
AttackCycle/Exploitation/BruteForcing
OS/Linux/Distros/Kali
AttackCycle/PrivEsc
Application/Certify
AttackCycle/LateralMovement
Sunday, January 5, 2025
RunAs
Application/RunAs
OS/Windows
Application/sudo
Application/cmdkey
Application/whoami
Sunday, January 5, 2025
Run a remote Windows command using PowerShell
Application/PowerShell
OS/Windows
AttackCycle/LateralMovement
HowTo
Sunday, January 5, 2025
Set the PATH in a session on Windows
Application/PowerShell
OS/Windows
HowTo
Sunday, January 5, 2025
Set up WMI in PowerShell
OS/Windows/WMI
Application/PowerShell
HowTo
AttackCycle/LateralMovement
Sunday, January 5, 2025
SSH
Application/SSH
AttackCycle/LateralMovement
Protocol/SOCKS
OS/Windows
Protocol/Kerberos
Sunday, January 5, 2025
systeminfo
Application/systeminfo
OS/Windows
Application/findstr
OS/Windows/ActiveDirectory
AttackCycle/Reconnaissance
Sunday, January 5, 2025
Unquoted path handling in Windows
OS/Windows
AttackCycle/Exploitation
Sunday, January 5, 2025
Useful built-in commands for Windows reconnaissance
OS/Windows
AttackCycle/Reconnaissance
Application/arp
Application/cmdkey
Application/driverquery
Application/hostname
Application/net
Application/query
Application/reg
OS/Windows/Services
OS/Windows/Tasks
Application/systeminfo
Application/whoami
Sunday, January 5, 2025
Useful scripts for Windows reconnaissance
AttackCycle/Reconnaissance
OS/Windows
Application/WinPEAS
Application/Metasploit
Application/WindowsExploitSuggester
OS/Windows/Defender
Application/PowerShell/PowerUp
Application/Metasploit/meterpreter
Application/systeminfo
Sunday, January 5, 2025
Use the Windows Firewall to relay ports
OS/Windows/Firewall
AttackCycle/LateralMovement
HowTo
Application/netsh
Sunday, January 5, 2025
Use WinRM with PowerShell
HowTo
Protocol/WinRM
Application/PowerShell
OS/Windows
Sunday, January 5, 2025
Visual Basic for Applications
Language/VisualBasic
OS/Windows/WSH
AttackCycle/Exploitation
Sunday, January 5, 2025
whoami
Application/whoami
OS/Linux
OS/macOS
OS/AIX
OS/Windows
Sunday, January 5, 2025
Windows DLL search order
OS/Windows
Application/ProcMon
Sunday, January 5, 2025
Windows event IDs
OS/Windows/EventLog
Sunday, January 5, 2025
Windows event logs
OS/Windows/EventLog
Sunday, January 5, 2025
Windows local service accounts
OS/Windows/Services
Sunday, January 5, 2025
Windows logon scripts
OS/Windows/UserInit
OS/Windows/Registry
AttackCycle/Exploitation
AttackCycle/PrivEsc
Sunday, January 5, 2025
Windows permissions
OS/Windows/Permissions
OS/Linux/Permissions
Sunday, January 5, 2025
Windows reconnaissance with PowerShell
OS/Windows/ActiveDirectory
OS/Windows/Firewall
Application/PowerShell
OS/Windows
AttackCycle/Reconnaissance
OS/Windows/EventLog
OS/Windows/Services
Sunday, January 5, 2025
Windows Remote Management
Application/PowerShell
OS/Windows/Registry
OS/Windows/UAC
AttackCycle/LateralMovement
Protocol/WinRM
Sunday, January 5, 2025
Windows Run and RunOnce Registry keys
OS/Windows/Registry
Sunday, January 5, 2025
Windows Scripting Host
OS/Windows/WSH
Language/VisualBasic
AttackCycle/Exploitation
Sunday, January 5, 2025
Windows SeBackup and SeRestore permissions
OS/Windows/SAM
OS/Windows/Permissions/SeBackup
OS/Windows/Permissions/SeRestore
Application/reg
Application/Impacket
Sunday, January 5, 2025
Windows SeImpersonate and SeAssignPrimaryToken permissions
OS/Windows/Permissions/SeImpersonate
OS/Windows/Permissions/SeAssignPrimaryToken
Protocol/WinRM
Application/RogueWinRM
Application/PowerShell
AttackCycle/LateralMovement
AttackCycle/PrivEsc
Sunday, January 5, 2025
Windows service ACLs
OS/Windows/Permissions
OS/Windows/Services
Protocol/WinRM
Application/PowerShell
Sunday, January 5, 2025
Windows services
OS/Windows/Services
OS/Windows/Registry
OS/Windows/Drivers
Sunday, January 5, 2025
Windows SeTakeOwnership permission
Application/icacls
OS/Windows/Permissions/SeTakeOwnership
Application/takeown
OS/Windows
Sunday, January 5, 2025
Windows Startup folder
OS/Windows
Sunday, January 5, 2025
Windows unattended installation data
OS/Windows
AttackCycle/Reconnaissance
Sunday, January 5, 2025
winrs
OS/Windows
Application/winrs
Protocol/WinRM
Application/PowerShell
Sunday, January 5, 2025
wmic
OS/Windows
Application/wmic
Application/WindowsExploitSuggester
AttackCycle/Reconnaissance
AttackCycle/Exploitation
AttackCycle/LateralMovement
Application/PowerShell
Sunday, January 5, 2025
Working with services in PowerShell
Application/PowerShell
OS/Windows/Services
Sunday, January 5, 2025
Work with remote services using WMI and PowerShell
OS/Windows/WMI
Application/PowerShell
OS/Windows/Services
HowTo
Sunday, January 5, 2025
Work with remote tasks using WMI and PowerShell
HowTo
Application/PowerShell
OS/Windows/Tasks
AttackCycle/Exploitation
AttackCycle/PrivEsc
OS/Windows/WMI