{"version":1,"pages":[{"id":"-MEO1FbJLJfasA-SPJvS","title":"InfoSec Notes","pathname":"/","siteSpaceId":"sitesp_DK6f1","description":""},{"id":"g1ceyxhE7q6wwMw7PTlN","title":"External recon","pathname":"/general/external_recon","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"General"}]},{"id":"-MEO1asoniYBVtxMdZzo","title":"Ports scan","pathname":"/general/ports_scan","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"General"}]},{"id":"-MEO1atwUtk1ndlrSE5O","title":"Bind / reverse shells","pathname":"/general/shells","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"General"}]},{"id":"-MEO1auI5dS4lDBm7DuC","title":"File transfer / exfiltration","pathname":"/general/file_transfer","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"General"}]},{"id":"-MEO1auK5O68-QKm9sxe","title":"Pivoting","pathname":"/general/pivoting","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"General"}]},{"id":"-MEO1asKf9SVLVBwStZK","title":"Passwords cracking","pathname":"/general/passwords_cracking","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"General"}]},{"id":"-Mj0lx-4oyx2opcuVrvk","title":"Recon - Domain Recon","pathname":"/active-directory/recon-domain_recon","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-5YiZ4IPI5DS-1","title":"Recon - AD scanners","pathname":"/active-directory/recon-ad_scanners","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-6JBApX9-Cya2p","title":"Exploitation - NTLM capture and relay","pathname":"/active-directory/exploitation-ntlm_capture_and_relay","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-7_Ax4f8n3htiZ","title":"Exploitation - Password spraying","pathname":"/active-directory/exploitation-password_spraying","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-MLsoINt_tFc5uhC8hiA","title":"Exploitation - Domain Controllers CVE","pathname":"/active-directory/exploitation-dc_cve","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-9nlhidDY9FYWu","title":"Exploitation - Kerberos AS_REP roasting","pathname":"/active-directory/exploitation-kerberos_as_rep_roasting","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-AdYei80O5qzk_","title":"Exploitation - Credentials theft shuffling","pathname":"/active-directory/exploitation-credentials_theft_shuffling","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-MEO1ar6lO_T4EWsQHgc","title":"Exploitation - GPP and shares searching","pathname":"/active-directory/exploitation-gpp_and_shares_searching","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-C2FKzNuZAR--x","title":"Exploitation - Kerberos Kerberoasting","pathname":"/active-directory/exploitation-kerberos_kerberoasting","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-DIF8QDDICkqCl","title":"Exploitation - ACL exploiting","pathname":"/active-directory/exploitation-acl_exploiting","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-ERO3rhj9uo2im","title":"Exploitation - GPO users rights","pathname":"/active-directory/exploitation-gpo_users_rights","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"e5RG6cM3J3qdbAtw0nGn","title":"Exploitation - Active Directory Certificate Services","pathname":"/active-directory/exploitation-certificate_services","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-FFtW2IeawJMKa","title":"Exploitation - Kerberos tickets usage","pathname":"/active-directory/exploitation-kerberos_tickets_usage","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-GBViaXBz9_LMq","title":"Exploitation - Kerberos silver tickets","pathname":"/active-directory/exploitation-kerberos_silver_tickets","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-HmmP1tXDDDVNm","title":"Exploitation - Kerberos delegations","pathname":"/active-directory/exploitation-kerberos_delegations","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"RUnBham9j2vEKDhhQc7b","title":"Exploitation - gMS accounts (gMSAs)","pathname":"/active-directory/exploitation-gms_accounts","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-I9E_Oty6t6xyD","title":"Exploitation - Azure AD Connect","pathname":"/active-directory/exploitation-azure_ad_connect","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-JnqiQCQurSWvm","title":"Exploitation - Operators to Domain Admins","pathname":"/active-directory/exploitation-operators_to_domain_admins","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-K_KDg_RVdx0u7","title":"Post Exploitation - ntds.dit dumping","pathname":"/active-directory/post_exploitation-ntds_dit_dumping","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-LxF8eJehGDi6A","title":"Post Exploitation - Kerberos golden tickets","pathname":"/active-directory/post_exploitation-kerberos_golden_tickets","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-MJjqY8onuxRLH","title":"Post Exploitation - Trusts hopping","pathname":"/active-directory/post_exploitation-trusts_hopping","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-Mj0lx-NFl9xwVLyflov","title":"Post Exploitation - Persistence","pathname":"/active-directory/post_exploitation-persistence","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Active Directory"}]},{"id":"-MEO1arDOQxxW-2l83tn","title":"Methodology","pathname":"/l7/1-methodology","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1arYPhgbAhO20-WO","title":"21 - FTP","pathname":"/l7/methodology","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1auQ3rYTzk4rnN_f","title":"22 - SSH","pathname":"/l7/methodology-1","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-Mj0lx-TplDLOtUmScZn","title":"25 - SMTP","pathname":"/l7/methodology-2","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-Mj0lx-U5L1dS1uDBskx","title":"53 - DNS","pathname":"/l7/methodology-3","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1asGJZ-LpbX_hxop","title":"111 / 2049 - NFS","pathname":"/l7/methodology-4","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1as3uVBLeyVXaKK7","title":"113 - Ident","pathname":"/l7/methodology-5","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-Mj0lx-YJNKxqzLY3Dn1","title":"135 - MSRPC","pathname":"/l7/methodology-6","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-Mj0lx-Z0Ijre6tHqH4t","title":"137-139 - NetBIOS","pathname":"/l7/methodology-7","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-Mj0lx-_9Qu0lmG3bMEa","title":"161 - SNMP","pathname":"/l7/methodology-8","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"ks6KyMfWGTOm1GvjcQQo","title":"389 / 3268 - LDAP","pathname":"/l7/methodology-9","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-Mj0lx-bJuDad2xkfxmq","title":"445 - SMB","pathname":"/l7/methodology-10","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1arlv0QQGUjqX1vE","title":"512 / 513 - REXEC / RLOGIN","pathname":"/l7/methodology-11","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1auU8s1BvXit2Z-7","title":"554 - RTSP","pathname":"/l7/methodology-12","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-Mj0lx-eqmwoSDrk7w7X","title":"1099 - JavaRMI","pathname":"/l7/methodology-13","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-Mj0lx-f8UkBXUjvy1q9","title":"1433 - MSSQL","pathname":"/l7/methodology-14","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1arSzHJqslSXSX10","title":"1521 - ORACLE_DB","pathname":"/l7/methodology-15","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MTzfYciWLHNCKx6dIuA","title":"3128 - Proxy","pathname":"/l7/methodology-16","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1auWt-inIIRuy2UO","title":"3306 - MySQL","pathname":"/l7/methodology-17","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1arht9wousWWfCbp","title":"3389 - RDP","pathname":"/l7/methodology-18","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"gLOSxX8dmfyCK4k18rZM","title":"5985 / 5986 - WSMan","pathname":"/l7/methodology-19","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-Mj0lx-lRjXUkJ_TQZoe","title":"8000 - JDWP","pathname":"/l7/methodology-20","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1asyR3L5fbGo6VGr","title":"9100 - Printers","pathname":"/l7/methodology-21","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-Mj0lx-np0b5U2QgZK5e","title":"11211 - memcached","pathname":"/l7/methodology-22","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"-MEO1arc_M4DGUHeShHD","title":"27017 / 27018 - MongoDB","pathname":"/l7/methodology-23","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"L7"}]},{"id":"VQ9FypN600rhsqbDtaIp","title":"Shellcode and PE loader","pathname":"/windows/shellcode_and_pe_loader","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"}]},{"id":"-MQK0lMoVg65t3JSMrkI","title":"Bypass PowerShell ConstrainedLanguageMode","pathname":"/windows/bypass_ps_constrainedlanguagemode","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"}]},{"id":"-MEO1atOsBv_gzXKQXGR","title":"Bypass AppLocker","pathname":"/windows/bypass_applocker","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"}]},{"id":"-MEO1arEAfTnpLCZ6kxc","title":"Local privilege escalation","pathname":"/windows/local_privilege_escalation","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"}]},{"id":"-MEO1areqCIkTEe2n5MH","title":"Post exploitation","pathname":"/windows/post_exploitation","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"}]},{"id":"YoGA61o7qx7hCpiryb1a","title":"Credentials dumping","pathname":"/windows/post_exploitation/credentials_dumping","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"},{"label":"Post exploitation"}]},{"id":"XGWbtdIpbIWyjcnjk9l0","title":"Defense evasion","pathname":"/windows/post_exploitation/defense_evasion","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"},{"label":"Post exploitation"}]},{"id":"iVrZ2dkR1dtMKw99nBNv","title":"Local persistence","pathname":"/windows/post_exploitation/local_persistence","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"},{"label":"Post exploitation"}]},{"id":"-MEO1at0v87lGntWa2jE","title":"Lateral movements","pathname":"/windows/lateral_movements","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"}]},{"id":"EakVdqmjhWSZk7fDxteD","title":"Local credentials re-use","pathname":"/windows/lateral_movements/local_credentials_reuse","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"},{"label":"Lateral movements"}]},{"id":"Ol0RV9qjNvnsof1kSM8O","title":"Over SMB","pathname":"/windows/lateral_movements/over_smb","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"},{"label":"Lateral movements"}]},{"id":"EG4NHL7KQzp8o63dYpyG","title":"Over WinRM","pathname":"/windows/lateral_movements/over_winrm","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"},{"label":"Lateral movements"}]},{"id":"vROVZXOzJUDtaScUgoUd","title":"Over WMI","pathname":"/windows/lateral_movements/over_wmi","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"},{"label":"Lateral movements"}]},{"id":"BhBjtBV5FuDCl3DNrGEx","title":"Over DCOM","pathname":"/windows/lateral_movements/over_dcom","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"},{"label":"Lateral movements"}]},{"id":"5CRufCcyb21eJ7HSwduL","title":"CrackMapExec","pathname":"/windows/lateral_movements/crackmapexec","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Windows"},{"label":"Lateral movements"}]},{"id":"-MEO1as6riOFMK-w2Acj","title":"Local privilege escalation","pathname":"/linux/local_privilege_escalation","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Linux"}]},{"id":"-MLXr-jyZyYeN0-zbxO5","title":"Post exploitation","pathname":"/linux/post_exploitation","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Linux"}]},{"id":"kJUSsIDqv9LjsLUCV4RH","title":"Common","pathname":"/dfir/common","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"}]},{"id":"VD0QnywPoaH2OUTmLivq","title":"Image acquisition and mounting","pathname":"/dfir/common/image_acquisition_and_mounting","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Common"}]},{"id":"dSTvDHXY9ujl2gscingm","title":"Memory forensics","pathname":"/dfir/common/memory_forensics","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Common"}]},{"id":"c2WaqijTNrinEf5WtTzg","title":"Web logs analysis","pathname":"/dfir/common/web_logs_analysis","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Common"}]},{"id":"tVthKl84IGOh2MyfNAC2","title":"Browsers forensics","pathname":"/dfir/common/browsers_forensics","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Common"}]},{"id":"2DC115sGK86A1o2JRFJ8","title":"Email forensics","pathname":"/dfir/common/email_forensics","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Common"}]},{"id":"s85mcOHrixk7RdNVdIns","title":"Docker forensics","pathname":"/dfir/common/docker_forensics","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Common"}]},{"id":"-MEO1arPhSnujA3HvfgX","title":"Windows","pathname":"/dfir/windows","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"}]},{"id":"-Mj0lx057X5zFtmnnHwl","title":"Artefacts overview","pathname":"/dfir/windows/_artefacts_overview","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"}]},{"id":"-Mj0lx07qEJuJD06NOgz","title":"Amcache","pathname":"/dfir/windows/_artefacts_overview/amcache","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-MVOMbO-UUtrARfmNRe0","title":"EVTX","pathname":"/dfir/windows/_artefacts_overview/evtx","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-Mj0lx09x0jV_n2s3ps-","title":"Jumplist","pathname":"/dfir/windows/_artefacts_overview/jumplist","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-Mj0lx0AaixEXq6EU5az","title":"LNKFile","pathname":"/dfir/windows/_artefacts_overview/lnkfile","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-MNLC0OK0mv5rfHZPoQ2","title":"MFT","pathname":"/dfir/windows/_artefacts_overview/mft","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"R6ClPlYh9ONahHKQUh0a","title":"Outlook_files","pathname":"/dfir/windows/_artefacts_overview/outlook_files","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-M_k4zl1MxoYghwMzRB8","title":"Prefetch","pathname":"/dfir/windows/_artefacts_overview/prefetch","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-MNLC0M4SO3cOOv5dYz2","title":"RecentFilecache","pathname":"/dfir/windows/_artefacts_overview/recentfilecache","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-MlPPhKCiVf8JTO7l4hT","title":"RecycleBin","pathname":"/dfir/windows/_artefacts_overview/recyclebin","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-Mj0lx0GD3iDV-DE1_US","title":"Shellbags","pathname":"/dfir/windows/_artefacts_overview/shellbags","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-Mj0lx0HwEHeEwMIRNCj","title":"Shimcache","pathname":"/dfir/windows/_artefacts_overview/shimcache","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"x2rYnNjOQwGuqitNbhh7","title":"SRUM","pathname":"/dfir/windows/_artefacts_overview/srum","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-MWREKkohfRzb0pAnO7s","title":"Timestamps","pathname":"/dfir/windows/_artefacts_overview/timestamps","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"ufbpqcPbnOAOxNWRz97Y","title":"User Access Logging (UAL)","pathname":"/dfir/windows/_artefacts_overview/user_access_logging","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-Mj0lx0JtCaXl3vi_1mN","title":"UsnJrnl","pathname":"/dfir/windows/_artefacts_overview/usnjrnl","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"M01U31MDFCru3lt4VNKK","title":"Miscellaneous","pathname":"/dfir/windows/_artefacts_overview/misc","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"Artefacts overview"}]},{"id":"-M_k4zkLAZAz7HEzeXHo","title":"TTPs analysis","pathname":"/dfir/windows/ttps_analysis","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"}]},{"id":"-M_k4zmG2dW4OA1b19_f","title":"Accounts usage","pathname":"/dfir/windows/ttps_analysis/accounts_usage","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"TTPs analysis"}]},{"id":"-MNLC0P3fYKPmtfLpynh","title":"Local persistence","pathname":"/dfir/windows/ttps_analysis/local_persistence","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"TTPs analysis"}]},{"id":"I2l5xcKFlRDgH1Hb4lll","title":"Lateral movement","pathname":"/dfir/windows/ttps_analysis/lateral_movement","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"TTPs analysis"}]},{"id":"-MNLC0LZVa2NVsEASe9G","title":"PowerShell activity","pathname":"/dfir/windows/ttps_analysis/powershell_activity","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"TTPs analysis"}]},{"id":"-MNLC0MjcKuZyGQ7SUTE","title":"Program execution","pathname":"/dfir/windows/ttps_analysis/program_execution","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"TTPs analysis"}]},{"id":"-MVOMbODWATBH5hCO2Go","title":"Timestomping","pathname":"/dfir/windows/ttps_analysis/timestomping","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"TTPs analysis"}]},{"id":"-MNLC0PZARoquTmj_Cf4","title":"EVTX integrity","pathname":"/dfir/windows/ttps_analysis/evtx_integrity","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"TTPs analysis"}]},{"id":"6yZCdMd6gsvB31YxRnxP","title":"System uptime","pathname":"/dfir/windows/ttps_analysis/system_uptime","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"TTPs analysis"}]},{"id":"-M_k4zkkiBzcqfF5xNCj","title":"ActiveDirectory replication metadata","pathname":"/dfir/windows/ttps_analysis/activedirectory_replication_metadata","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"TTPs analysis"}]},{"id":"-MVxSHZYM7NKgBjgTHR0","title":"ActiveDirectory persistence","pathname":"/dfir/windows/ttps_analysis/activedirectory_persistence","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Windows"},{"label":"TTPs analysis"}]},{"id":"-MWfZnUVNG2VFsybsfXK","title":"Linux","pathname":"/dfir/linux","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"}]},{"id":"dqkA7JczBgL32Iv9L4Io","title":"Artefacts overview","pathname":"/dfir/linux/_artefacts_overview","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Linux"}]},{"id":"-MlPPhK9u8AVGtvfDRe_","title":"TTPs analysis","pathname":"/dfir/linux/ttps_analysis","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Linux"}]},{"id":"LV4kaj1g0En4GCfF95cU","title":"Timestomping","pathname":"/dfir/linux/ttps_analysis/timestomping","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Linux"},{"label":"TTPs analysis"}]},{"id":"C1YYQmIyG20EB2OZ4chP","title":"Cloud","pathname":"/dfir/cloud","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"}]},{"id":"qr25qlWFwWTgcmWCHTq2","title":"Azure","pathname":"/dfir/cloud/azure","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Cloud"}]},{"id":"b9Khch2vdcN4IsF0CP48","title":"AWS","pathname":"/dfir/cloud/aws","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Cloud"}]},{"id":"-MMkDi24Mg3ERHssb3rN","title":"Tools","pathname":"/dfir/tools","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"}]},{"id":"-MMkDi20MpAJ-DV-mCQt","title":"Velociraptor","pathname":"/dfir/tools/velociraptor","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Tools"}]},{"id":"ghF2nXUyan5IpXF0r0b6","title":"KAPE","pathname":"/dfir/tools/kape","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Tools"}]},{"id":"Ad9S9vE3yYWF7BCneUsz","title":"Dissect","pathname":"/dfir/tools/dissect","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Tools"}]},{"id":"3FahPHmN88DaHbomrhm8","title":"plaso","pathname":"/dfir/tools/plaso","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Tools"}]},{"id":"i8ULj4ZbaAscXDGZFUWP","title":"Splunk usage","pathname":"/dfir/tools/splunk","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"DFIR"},{"label":"Tools"}]},{"id":"Oycn8ckuL0m2NTXvOex1","title":"Phishing - Office Documents","pathname":"/red-team-specifics/phishing_officedocuments","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Red Team specifics"}]},{"id":"EZmrWB7IwvehRS777QZ7","title":"OpSec Operating Systems environment","pathname":"/red-team-specifics/opsec_operatingsystems","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Red Team specifics"}]},{"id":"opG05HmF88aRdGjcviW9","title":"EDR bypass with EDRSandBlast","pathname":"/red-team-specifics/edr_bypass_with_edrsandblast","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Red Team specifics"}]},{"id":"tYBdLGj0qhX89Z1ryjJr","title":"Cobalt Strike","pathname":"/red-team-specifics/cobalt_strike","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Red Team specifics"}]},{"id":"-MEO1asl7ShmcCr-wolp","title":"Recon - Server exposure","pathname":"/web-applications/recon-server_exposure","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-MEO1arQbk1OsFCpldcd","title":"Recon - Hostnames discovery","pathname":"/web-applications/recon-hostnames_discovery","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-MEO1atNdf0T146Jh4sf","title":"Recon - Application mapping","pathname":"/web-applications/recon-application_mapping","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-MEO1auP6A-LPMNmAC6_","title":"Recon - Attack surface overview","pathname":"/web-applications/recon-attack_surface","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-Mj0lx0fKxXuZto9NSCU","title":"CMS & softwares","pathname":"/web-applications/cms_and_softwares","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-Mj0lx0gBn9S_bXEGAIA","title":"ColdFusion","pathname":"/web-applications/cms_and_softwares/coldfusion","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"CMS & softwares"}]},{"id":"-Mj0lx0hEpVlzAMYOISc","title":"DotNetNuke","pathname":"/web-applications/cms_and_softwares/dotnetnuke","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"CMS & softwares"}]},{"id":"-Mj0lx0iCkR692pyq0CY","title":"Jenkins","pathname":"/web-applications/cms_and_softwares/jenkins","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"CMS & softwares"}]},{"id":"-MEO1as8aaD9PsocBxin","title":"Jira","pathname":"/web-applications/cms_and_softwares/jira","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"CMS & softwares"}]},{"id":"-MEO1asCPA2b2ZUieyc0","title":"Ovidentia","pathname":"/web-applications/cms_and_softwares/ovidentia","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"CMS & softwares"}]},{"id":"-MEO1atCJk-1f9kPbgIp","title":"WordPress","pathname":"/web-applications/cms_and_softwares/wordpress","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"CMS & softwares"}]},{"id":"2XO542mDCIzPHcUT0L49","title":"WebDAV","pathname":"/web-applications/cms_and_softwares/webdav","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"CMS & softwares"}]},{"id":"-Mj0lx0mSdyWbI0LUm6N","title":"Exploitation - Overview","pathname":"/web-applications/exploitation-overview","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-MEO1arJYVZuhMNrsZGh","title":"Exploitation - Authentication","pathname":"/web-applications/exploitation-authentication","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-Mj0lx0oigftxXELsdfl","title":"Exploitation - LDAP injections","pathname":"/web-applications/exploitation-ldap_injections","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-Mj0lx0pof6NJZu1dQ3A","title":"Exploitation - Local and remote file inclusions","pathname":"/web-applications/exploitation-local_and_remote_file_inclusions","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-Mj0lx0q7QYyAs0_FhNF","title":"Exploitation - File upload","pathname":"/web-applications/exploitation-file_upload","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-MEO1arG5LzXnakYxOhL","title":"Exploitation - SQL injections","pathname":"/web-applications/exploitation-sql_injections","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-Mj0lx0sytZ24HinV-GH","title":"SQLMAP.md","pathname":"/web-applications/exploitation-sql_injections/sqlmap","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"Exploitation - SQL injections"}]},{"id":"-Mj0lx0tK6t0BwwnsiYd","title":"MSSQL.md","pathname":"/web-applications/exploitation-sql_injections/mssql","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"Exploitation - SQL injections"}]},{"id":"-MEO1as5s2hcvdENryPJ","title":"MySQL.md","pathname":"/web-applications/exploitation-sql_injections/mysql","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"Exploitation - SQL injections"}]},{"id":"-Mj0lx0vhhDEv2IblgWK","title":"SQLite.md","pathname":"/web-applications/exploitation-sql_injections/sqlite","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"Exploitation - SQL injections"}]},{"id":"-Mj0lx0wn-RGrxhEHgt7","title":"Exploitation - NoSQL injections","pathname":"/web-applications/exploitation-nosql_injections","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-MEO1asE65XcYKNJdC1w","title":"NoSQLMap.md","pathname":"/web-applications/exploitation-nosql_injections/nosqlmap","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"Exploitation - NoSQL injections"}]},{"id":"-MEO1atmIV19OXC-7A9q","title":"mongoDB.md","pathname":"/web-applications/exploitation-nosql_injections/mongodb","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"},{"label":"Exploitation - NoSQL injections"}]},{"id":"-MEO1asrSEJQvTMoF2DC","title":"Exploitation - GraphQL","pathname":"/web-applications/exploitation-graphql","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Web applications"}]},{"id":"-MEO1aroA9pUWpncORJ8","title":"Linux - ELF64 ROP leaks","pathname":"/binary-exploitation/elf64_rop_leaks","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Binary exploitation"}]},{"id":"-Mj0lx12wXdQOxetTn24","title":"(Very) Basic reverse","pathname":"/binary-exploitation/reverse","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Binary exploitation"}]},{"id":"-Mj0lx15UJkLki4DPF9d","title":"Basic static analysis","pathname":"/android/static_analysis","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Android"}]},{"id":"P1RWwys44Zl0bAeciH6c","title":"Regex 101","pathname":"/miscellaneous/regex101","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Miscellaneous"}]},{"id":"pEoWBB7YL5NlksDBmO8H","title":"WinDbg Kernel","pathname":"/miscellaneous/windbg_kernel","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Miscellaneous"}]},{"id":"y1KnOoG4JkiDxUui1IFq","title":"Basic coverage guided fuzzing","pathname":"/miscellaneous/coverage_guideded_fuzzing","siteSpaceId":"sitesp_DK6f1","description":"","breadcrumbs":[{"label":"Miscellaneous"}]}]}