Index - Terms By Keyword (SANS 504-B)

Attack Phase | 3 Phases of an Attack [ 1 / 20 ]

Command Shell .vs Terminal | Ctrl Charactors are not handled correctly -- Cause Shell Collapse [ 3 / 150 ]

Command Shell .vs Terminal Access | General Overview [ 3 / 149 ]

Enum Accounts | Enum Syntax [ 2 / 159 ]

Enum Accounts | Enum tool - Usage [ 2 / 166 ]

Enum Accounts | Enumerating Domain Users via Auth Session \\ Syntax [ 2 / 166 ]

Enum Accounts | Enumerating SIDs [ 2 / 160 ]

Enum Accounts | General Sources [ 2 / 156 ]

Enum Accounts | LookupAccountSID [ 2 / 161 ]

Enum Accounts | LooupAccount API [ 2 / 161 ]

Enum Accounts | Pulling Account Names Linux [ 2 / 157 ]

Enum Accounts | Pulling Accounts / Windows [ 2 / 157 ]

Enum Accounts | SID Overview // Components that makeup a SID [ 2 / 160 ]

Enum Accounts | sid2user - General [ 2 / 161 ]

Enum Accounts | sid2user // automated loop; pulls usr accts from host [ 2 / 162 ]

Enum Accounts | User2sid - General Usage [ 2 / 161 ]

Enum Accounts | user2sid // acquire tgt machine SID portion [ 2 / 162 ]

Enum Accounts | Win 2K // SMB Null Sessions enabled by default (Restrict Anon=0) [ 2 / 158 ]

Enum Accounts | Winxp > // SMB Null Sessions disabled by default (AnonSAM=0) [ 2 / 158 ]

Enum Users | Nix Hosts sources : /etc/passwd; finger; who; [ 2 / 157 ]

Enum Users | SID2user Tool Overview [ 2 / 161 ]

Enum Users | SMB Authenticasted Grp Enum: enum -G {tgtip} -u {Uname} -P {pswd} [ 2 / 159 ]

Enum Users | SMB Authenticated - User Enum: enum -U {tgtip} -u {uname} -p {pswd} [ 2 / 159 ]

Enum Users | User2SID Tool Overview [ 2 / 161 ]

Enum Users | Using SMB in Hydra (SID Ranges) [ 2 / 144 ]

Enum Users | Windowns null session: net use \\{tgt} "" /u:"" [ 2 / 158 ]

Enum Users | Windows Null Session Regkeys Affecting Null Sessions [ 2 / 158 ]

Enum Users | Windows: SMB Null session; User2SID; Sid2User [ 2 / 157 ]

Enum Users | Windwos SID fields Overview [ 2 / 160 ]

Ethical Hacking | Definition [ 1 / 10 ]

Ethical Hacking | Purpose [ 1 / 15 ]

Exploit | 3 Categories of Exploits [ 3 / 8 ]

Exploit | Client-Side - Determine Programs in Use [ 3 / 13 ]

Exploit | Client-side // Browsers [ 3 / 11 ]

Exploit | Client-side // Document Readers [ 3 / 11 ]

Exploit | Client-side // Media Players [ 3 / 11 ]

Exploit | Client-side // Runtime Enviroments [ 3 / 11 ]

Page 1 of 19

Index - Terms By Keyword (SANS 504-B)

Exploit | Client-side Exploit - Invenroy Software [ 3 / 14 ]

Exploit | Client-side Exploit Delivery Considerations [ 3 / 12 ]

Exploit | Client-side exploitation // Method for testing Apps [ 3 / 15 ]

Exploit | Client-Side Exploits // Generals [ 3 / 10 ]

Exploit | Client-side test hosts // Using repersentative client machines [ 3 / 16 ]

Exploit | Cmd Shell .vs Terminal Access [ 3 / 149 ]

Exploit | Common Client-side Exploit Categories [ 3 / 11 ]

Exploit | Definition [ 3 / 4 ]

Exploit | Definition [ 1 / 8 ]

Exploit | Evading AV // Automating AV Evasion [ 3 / 103 ]

Exploit | Evading AV // General Approach [ 3 / 101 ]

Exploit | Evading AV // General Overview [ 3 / 100 ]

Exploit | Evading AV // Ghostwriting {inj NOPS & other TTPs chg hash value} [ 3 / 100 ]

Exploit | Evading AV // msfvenom [ 3 / 103 ]

Exploit | Evading AV // Starting Veil-Evasion [ 3 / 110 ]

Exploit | Evading AV // V-Day Monthlyu Release overview [ 3 / 106 ]

Exploit | Evading AV // Veil Evasion - Cleaning prior Config .rc / Payloads [ 3 / 113 ]

Exploit | Evading AV // Veil Evasion - Creating the Exploit Code (Generate) [ 3 / 115 ]

Exploit | Evading AV // Veil Evasion - Exiting [ 3 / 117 ]

Exploit | Evading AV // Veil Evasion - General overview [ 3 / 105 ]

Exploit | Evading AV // Veil Evasion - List Modules [ 3 / 111 ]

Exploit | Evading AV // Veil Evasion - Loading .rc file in msfconsole [ 3 / 120 ]

Exploit | Evading AV // Veil Evasion - Naming Payload Files [ 3 / 116 ]

Exploit | Evading AV // Veil Evasion - Payload Info cmd [ 3 / 112 ]

Exploit | Evading AV // Veil Evasion - Selecting a Payload [ 3 / 114 ]

Exploit | Evading AV // Veil Evasion - Viewing / Setting Payload Options [ 3 / 115 ]

Exploit | Evading AV // Veil Evasion - Viewing the MSFConsole .rc config file [ 3 / 119 ]

Exploit | Evading AV // Veil Evasion Spt'd Coding Languages [ 3 / 105 ]

Exploit | Evading AV // Veil-Evasion .rc file {auto session conf file} [ 3 / 108 ]

Exploit | Evading AV // Veil-Evasion Focus [ 3 / 105 ]

Exploit | Evading AV // VirusTotal Overview [ 3 / 102 ]

Exploit | Exploit Example Actions [ 3 / 4 ]

Exploit | Exploit Resource: Exploit-DB.com - Resource [ 1 / 33 ]

Exploit | Exploit Resource: Packetstorm Security - Resource [ 1 / 33 ]

Exploit | Exploit Resource: SEBUG Vulnerabilty DB - Resource [ 1 / 33 ]

Exploit | Exploit Resource: Security Focus BID Search - Resource [ 1 / 33 ]

Exploit | Local Privledge Escalation - Categories [ 3 / 18 ]

Exploit | Local Privledge Escalation - Suites [ 3 / 18 ]

Page 2 of 19

Index - Terms By Keyword (SANS 504-B)

Exploit | Local Privledge Escallation - General [ 3 / 17 ]

Exploit | msf - <tab><tab> // same as wild card for selecting options [ 3 / 130 ]

Exploit | msf - Backgrounding Active Session [ 3 / 58 ]

Exploit | msf - dabases import - supported 3rd party tools [ 3 / 133 ]

Exploit | msf - Database // Adding information [ 3 / 129 ]

Exploit | msf - Database Command Cmds [ 3 / 127 ]

Exploit | msf - Database Manual Add / Delete syntax [ 3 / 131 ]

Exploit | msf - Database Table Overview [ 3 / 128 ]

Exploit | msf - Database Usage Overview [ 3 / 127 ]

Exploit | msf - db-export cmd overview [ 3 / 127 ]

Exploit | msf - Exploit Module // General desc and OS breakdown [ 3 / 27 ]

Exploit | msf - getgui \\ automates provision of TDP on tgt client (has roll-back opt) [ 3 / 170 ]

Exploit | msf - gettelnet \\ automates provision of telnet on tgt client (no Rollback opt) [ 3 / 168 ]

Exploit | msf - hosts -S \\ searchs msf DB for following criteria [ 3 / 144 ]

Exploit | msf - Meterpreter // ?; exit;quit;sysinfo;shutdow;reg [ 3 / 63 ]

Exploit | msf - Meterpreter \\Screenshot; Idletime;uictl [ 3 / 67 ]

Exploit | msf - Meterpreter Addl Modules Overview [ 3 / 71 ]

Exploit | msf - Meterpreter \\ Console IF [ 3 / 67 ]

Exploit | msf - Meterpreter \\ execute {exe's a file on the target host] [ 3 / 92 ]

Exploit | msf - Meterpreter \\ exit {returns to the prior prompt level in msfconsole} [ 3 / 93 ]

Exploit | msf - Meterpreter \\ exploit (backgrounded - z) [ 3 / 87 ]

Exploit | msf - Meterpreter \\ exploit -j (Jobify execution) [ 3 / 51 ]

Exploit | msf - Meterpreter \\ File System Cmds [ 3 / 64 ]

Exploit | msf - Meterpreter \\ General Overview / Specs [ 3 / 62 ]

Exploit | msf - Meterpreter \\ getsystem [ 3 / 73 ]

Exploit | msf - Meterpreter \\ getsystem not loaded via Privs if not admin/system [ 3 / 73 ]

Exploit | msf - Meterpreter \\ getuid [ 3 / 90 ]

Exploit | msf - Meterpreter \\ hashdump [ 3 / 72 ]

Exploit | msf - Meterpreter \\ Hashdump (Priv Module) [ 3 / 72 ]

Exploit | msf - Meterpreter \\ Ideltime [ 3 / 67 ]

Exploit | msf - Meterpreter \\ Jobs [ 3 / 54 ]

Exploit | msf - Meterpreter \\ Keyscan Options (Keylogger) [ 3 / 69 ]

Exploit | msf - Meterpreter \\ keystroke logger options [ 3 / 96 ]

Exploit | msf - Meterpreter \\ ls {list dir contents current location} [ 3 / 91 ]

Exploit | msf - Meterpreter \\ Mic Cmds [ 3 / 68 ]

Exploit | msf - Meterpreter \\ migrate {migrates to a different process} [ 3 / 95 ]

Exploit | msf - Meterpreter \\ msfmap general oveview (optional) [ 3 / 74 ]

Exploit | msf - Meterpreter \\ Networking Cmds [ 3 / 66 ]

Page 3 of 19

Index - Terms By Keyword (SANS 504-B)

Exploit | msf - Meterpreter \\ Pivoting via Route Cmd; Redirect traffic from attacker host->thru tgt1 -> tgt2 [ 3 / 70 ]

Exploit | msf - Meterpreter \\ Priv Module [ 3 / 72 ]

Exploit | msf - Meterpreter \\ privs (used when not sys on host) [ 3 / 71 ]

Exploit | msf - Meterpreter \\ Process Cmds [ 3 / 65 ]

Exploit | msf - Meterpreter \\ ps {display processes} [ 3 / 90 ]

Exploit | msf - Meterpreter \\ pwd (show current dir location) [ 3 / 91 ]

Exploit | msf - Meterpreter \\ resource - Designated a .rc file to load [ 3 / 120 ]

Exploit | msf - Meterpreter \\ Screenshot [ 3 / 67 ]

Exploit | msf - Meterpreter \\ sessions [ 3 / 89 ]

Exploit | msf - Meterpreter \\ sessions -K (Kill a session) [ 3 / 59 ]

Exploit | msf - Meterpreter \\ shell {opens a shell prompt to tgt host} [ 3 / 93 ]

Exploit | msf - Meterpreter \\ sysinfo {displays host info} [ 3 / 90 ]

Exploit | msf - Meterpreter \\ uictl (Disable kb / mouse) [ 3 / 67 ]

Exploit | msf - Meterpreter \\ Webcam [ 3 / 68 ]

Exploit | msf - Meterpreter \\ Webcams and Mic's [ 3 / 68 ]

Exploit | msf - Meterpreter \\Keylogger [ 3 / 69 ]

Exploit | msf - Meterpreter \\TimeStomp [ 3 / 72 ]

Exploit | msf - Meterpreter Port Forwarding \\ pivoting [ 3 / 66 ]

Exploit | msf - Meterpreter Route Cmd \\ Chgs tgt host routing tbls; not route traffic from attacker to other host [ 3 / 70 ]

Exploit | msf - Module Definitions [ 3 / 20 ]

Exploit | msf - Module Types / Definitions [ 3 / 26 ]

exploit | msf - msdopcode // looks up machine lang opcodes to find snipets for given functionality [ 3 / 24 ]

Exploit | msf - msfpescan // Seeks win EXE/Dll's likely to spt/embed exploits [ 3 / 24 ]

Exploit | msf - nmap & Import Results directly to msf database [ 3 / 132 ]

exploit | msf - Payload Single (Windows) // General Use and Use Cases [ 3 / 31 ]

Exploit | msf - Payloads // General [ 3 / 30 ]

exploit | msf - Payloads // stager + stage(s) = Full Payload deployment [ 3 / 30 ]

Exploit | msf - Remove ALL Hosts from msf-db (hosts --delete) [ 3 / 146 ]

Exploit | msf - RHOSTS // multiple target selection overview [ 3 / 130 ]

Exploit | msf - run vnc \\ converts meterpertur access to full vnc access [ 3 / 173 ]

Exploit | msf - session options / interaction [ 3 / 59 ]

Exploit | msf - Stage Overview // Description of general categories [ 3 / 33 ]

Exploit | msf - Stager Types // Overview [ 3 / 32 ]

Exploit | msf - Upload / Download / Cat / Edit \\ File Movement options [ 4 / 9 ]

Exploit | msf - vulns -p {port#} \\ lists from msf DB all hosts with vulns on said port # [ 3 / 145 ]

Exploit | msf // Displaying / Interacting with Sessions [ 3 / 56 ]

Page 4 of 19

Index - Terms By Keyword (SANS 504-B)

Exploit | msf // Exploit/multi/handler [ 3 / 27 ]

Exploit | MSF // Metasploit Framework- General [ 3 / 20 ]

Exploit | MSF Arsenal [ 3 / 21 ]

Exploit | msf Interface Definitions [ 3 / 25 ]

Exploit | msf Modules (Exploits / Payloads / Aux / Post-Module) [ 3 / 20 ]

Exploit | msf user interfaces - General Overview [ 3 / 25 ]

Exploit | Risks of Exploitation [ 3 / 6 ]

Exploit | Server-Side Exploit // General [ 3 / 9 ]

Exploit | STD Input Issues .vs Terminal \\ *nix Opt 1 CLI work arounds [ 3 / 174 ]

Exploit | STD Input Issues .vs Terminal \\ *nix Opt 2 Enable SSHd [ 3 / 179 ]

Exploit | STD Input Issues .vs Terminal \\ *nix Opt 2 Enable Telnetd [ 3 / 178 ]

Exploit | STD Input Issues .vs Terminal \\ *nix Opt 2 Enabling Terminal Access [ 3 / 176 ]

Exploit | STD Input Issues .vs Terminal \\ *nix Opt 2 NC Portfwd Relax to bypass FW [ 3 / 182 ]

Exploit | STD Input Issues .vs Terminal \\ more and less differnces [ 3 / 159 ]

Exploit | STD Input Issues .vs Terminal \\ Problem Commands [ 3 / 150 ]

Exploit | STD Input Issues .vs Terminal \\ su - and sudo Cmd Issues [ 3 / 160 ]

Exploit | STD Input Issues .vs Terminal \\ Testing fo sh .vs Terminal access [ 3 / 157 ]

Exploit | STD Input Issues .vs Terminal \\ Windows Opt 1: Workarounds (Cmd Alternatives) [ 3 / 164 ]

Exploit | STD Input Issues .vs Terminal \\ Windows Opt 2 Enabling RDP Svc via CLI [ 3 / 169 ]

Exploit | STD Input Issues .vs Terminal \\ Windows Opt 2 Enabling SSHd on Win [ 3 / 171 ]

Exploit | STD Input Issues .vs Terminal \\ Windows Opt 2 Enabling Telnet Svc via CLI [ 3 / 168 ]

Exploit | STD Input Issues .vs Terminal \\ Windows Opt 2 Enabling VNC on Win [ 3 / 173 ]

Exploit | STD Input Issues .vs Terminal \\ Windows Opt 2: Terminal Access [ 3 / 166 ]

Exploit | STD Input Issues .vs Terminal \\ Windows Opt 2: Workarounds - Telnet [ 3 / 167 ]

Exploit | STD Input Issues .vs Terminal \\ Windows Opt 2: Workarounds (Reconfig) [ 3 / 166 ]

Exploit | STD Input Issues .vs Terminal \\ Work Arounds - General [ 3 / 163 ]

Exploit | uid=0 ; Root-level access [ 99 / 99 ]

Exploit | What is an Exploit [ 3 / 4 ]

Exploit | What is Exploitation [ 3 / 4 ]

Exploit | Why Exploitation [ 3 / 5 ]

Exploitation | Definition [ 1 / 20 ]

Hashes | Dumping via Metasploit [ 4 / 171 ]

IPV4 | Handling - TTL=0 // ICMP Type 11 TTL Time Exceeded in Transit [ 2 / 21 ]

IPV4 | Header - Destiniation port // 32bits [ 2 / 21 ]

IPv4 | Header - TTL 8-bits [ 2 / 21 ]

IPv4 | Headers and fields [ 2 / 21 ]

IPv4 | Packet Header - Source IP 32-bits [ 2 / 21 ]

Page 5 of 19

Index - Terms By Keyword (SANS 504-B)

IPv6 | Header - Destination 128-bits [ 2 / 22 ]

IPV6 | Header - Hop Limit // Same as TTL in IPv4 [ 2 / 22 ]

IPv6 | Header - Source 128-bits [ 2 / 22 ]

IPV6 | Header and Fields [ 2 / 22 ]

ISECOM | Term [ 1 / 23 ]

LANMAN | Charactoristics - <15/padding/(2) 7char parts / DES Key: KGS!@#$ Key [ 4 / 149 ]

LANMAN Challenge | Client - Server Challenge - Response walkthru [ 4 / 152 ]

NT Hash | Charactoristics: MD4 / Case Preserved / < 256char / Not Salted [ 4 / 150 ]

NTLM v2 | Challenge / Response \\ HMAC-MD5 --> OWF (incl svr challenge,time,client challenge) [ 4 / 154 ]

OSSTMM | Definition [ 1 / 23 ]

Password Encryption Functions (NIX) | How / Crypt functions (by symbol (e.g. 1$ =DES; 5$=SHA-256; 6$=SHA-512) [ 4 / 156 ]

Passwords | Capture Challenge / Response (Think Responder) [ 4 / 177 ]

Passwords | Shadow Volume Copy via ntds.dit [ 4 / 175 ]

Passwords | via psexec, relay, MSFconsole [ 4 / 179 ]

Pentest | 5 Pentest Types / Methodolgies [ 1 / 22 ]

Pentest | Commercial Tools [ 1 / 35 ]

Pentest | Definition [ 1 / 10 ]

Pentest | GOOJFC - Get out of Jail Free Card [ 1 / 71 ]

Pentest | Mindset and Concepts [ 1 / 6 ]

Pentest | Purpose [ 1 / 15 ]

Pentest | Risk Definition [ 1 / 8 ]

Pentest | Role Definition [ 1 / 8 ]

Pentest | Type - Ride-Along [ 1 / 23 ]

Pentest Methdology | NIST 800_115 - Defintion [ 1 / 25 ]

Pentest Methdology | Open Source Security Testing (OSSTMM) - Definition [ 1 / 23 ]

Pentest Methdology | OWASP Testing Guide - Definition [ 1 / 26 ]

Pentest Methdology | Penetration Testing Exercution Standard - Definition [ 1 / 24 ]

Pentest Methdology | Penetration Testing Framework - Definition [ 1 / 27 ]

Pentest Process | Overall High-level Process [ 1 / 64 ]

Pentest Process | Preparation // Black Box Testing [ 1 / 77 ]

Pentest Process | Preparation // Crystal Box Testing [ 1 / 77 ]

Pentest Process | Preparation // Daily Debrief - General [ 1 / 73 ]

Pentest Process | Preparation // Date & Time of Day for Ops [ 1 / 74 ]

Pentest Process | Preparation // Designated Internal POC [ 1 / 72 ]

Pentest Process | Preparation // Encrypted Comms [ 1 / 72 ]

Pentest Process | Preparation // Excluded from Rules of Engagement [ 1 / 71 ]

Page 6 of 19

Index - Terms By Keyword (SANS 504-B)

Pentest Process | Preparation // International Laws [ 1 / 67 ]

Pentest Process | Preparation // Limitation of Liability & Insurance [ 1 / 66 ]

Pentest Process | Preparation // Loot Viewing on Compromised Host [ 1 / 78 ]

Pentest Process | Preparation // Permission Memo [ 1 / 65 ]

Pentest Process | Preparation // Planning Sign-off [ 1 / 79 ]

Pentest Process | Preparation // Points of Contact [ 1 / 72 ]

Pentest Process | Preparation // Rules of Engagement - Definition [ 1 / 70 ]

Pentest Process | Preparation // Rules of Engagement - Emergency Stop Actions [ 1 / 72 ]

Pentest Process | Preparation // Scope - Definition [ 1 / 70 ]

Pentest Process | Preparation // Shunning Pentest Traffic [ 1 / 76 ]

Pentest Process | Rules of Engagement .vs Project Scope [ 1 / 69 ]

Pentest Process | Scope // In & Out of Scope [ 1 / 83 ]

Pentest Process | Scoping // 3rd Party Resources [ 1 / 84 ]

Pentest Process | Scoping // Cloud-based Considerations [ 1 / 85 ]

Pentest Process | Scoping // Dangerous Exploits [ 1 / 91 ]

Pentest Process | Scoping // DOS Verification Language [ 1 / 90 ]

Pentest Process | Scoping // Exploring Customer Primary Risk / Concerns [ 1 / 61 ]

Pentest Process | Scoping // How to Test [ 1 / 89 ]

Pentest Process | Scoping // Internal and Psudo Internal Tests [ 1 / 88 ]

Pentest Process | Scoping // Pentesting from Cloud [ 1 / 86 ]

Pentest Process | Scoping // Ping / Port / Vuln, Client-side/Social [ 1 / 89 ]

Pentest Process | Scoping // Production .vs Test Enviroment Targets [ 1 / 87 ]

Pentest Process | Scoping // Scope Creep [ 1 / 82 ]

Pentest Reports | Appendixes (usage for clairity) [ 1 / 101 ]

Pentest Reports | Appendixes Content [ 1 / 112 ]

Pentest Reports | Conclusion Guidelines [ 1 / 111 ]

Pentest Reports | Conclusions [ 1 / 101 ]

Pentest Reports | Executive Summary [ 1 / 101 ]

Pentest Reports | Executive Summary [ 1 / 102 ]

Pentest Reports | Findings [ 1 / 106 ]

Pentest Reports | Findings (H/M/L) [ 1 / 101 ]

Pentest Reports | Format [ 1 / 101 ]

Pentest Reports | Intro [ 1 / 101 ]

Pentest Reports | Introduction Components [ 1 / 104 ]

Pentest Reports | Methdology Components [ 1 / 105 ]

Pentest Reports | Recommendation Guidelines [ 1 / 109 ]

Pentest Reports | Recording Inventory [ 1 / 116 ]

Pentest Reports | Screen Shot Guidelines [ 1 / 107 ]

Page 7 of 19

Index - Terms By Keyword (SANS 504-B)

Pentest Reports | Vuln Scan Results [ 1 / 100 ]

Pentest Reports | When to Write [ 1 / 99 ]

Pentest Tools | In-house Developed [ 1 / 36 ]

Pentest Types | Client-Side Test [ 1 / 18 ]

Pentest Types | Cryptanalysis Attack [ 1 / 19 ]

Pentest Types | Network Services Test [ 1 / 18 ]

Pentest Types | Physical Security Test [ 1 / 19 ]

Pentest Types | Product Security Test [ 1 / 19 ]

Pentest Types | Remote Dial-up War Dialing Test [ 1 / 18 ]

Pentest Types | Shrink-wrapped Software Test [ 1 / 19 ]

Pentest Types | Social Engineering Test [ 1 / 18 ]

Pentest Types | Stolen Equipment [ 1 / 19 ]

Pentest Types | Web Application Test [ 1 / 18 ]

Pentest Types | Wireless Security Test [ 1 / 18 ]

Pentesting Infrastructure | 3 Areas Required - Definition [ 1 / 29 ]

Pentesting Lab | Encrypt Test Machines [ 1 / 45 ]

Pentesting Lab | Firewall Concerns [ 1 / 42 ]

Pentesting Lab | Hack Naked [ 1 / 42 ]

Pentesting Lab | Hardening Templates [ 1 / 44 ]

Pentesting Lab | ISP Considerations [ 1 / 41 ]

Pentesting Lab | ISP Port Filtering [ 1 / 41 ]

Pentesting Lab | System Hardening [ 1 / 44 ]

Pentesting Lab | Test machine - Configuration [ 1 / 43 ]

Pentesting Lab | Virtualization [ 1 / 40 ]

Pentesting Lab | VM Networking [ 1 / 40 ]

Pentesting Lab | Wipe Systems btwn Engagements [ 1 / 46 ]

Pentesting OS | Windows .vs Linux [ 1 / 30 ]

Post-Exploit | ARP Poisoning with Cain [ 5 / 29 ]

Post-Exploit | CLI Kung Fu (Win) \\ Changing Firewall Settings [ 4 / 24 ]

Post-Exploit | CLI Kung Fu (Win) \\ Deleting Usr Accts [ 4 / 22 ]

Post-Exploit | CLI Kung Fu (Win) \\ Enum Firewall Settings [ 4 / 23 ]

Post-Exploit | CLI Kung Fu (Win) \\ Controlling Services (Dealing w/ Disabled Svcs) [ 4 / 29 ]

Post-Exploit | CLI Kung Fu (Win) \\ Controlling Services (Enum) [ 4 / 28 ]

Post-Exploit | CLI Kung Fu (Win) \\ Controlling Services (start / stop) [ 4 / 29 ]

Post-Exploit | CLI Kung Fu (Win) \\ Converting CLI to Scripts (General Guidelines) [ 4 / 38 ]

Post-Exploit | CLI Kung Fu (Win) \\ Displaying Enviroment Varables (set) [ 4 / 19 ]

Post-Exploit | CLI Kung Fu (Win) \\ Enum Svc Names [ 4 / 30 ]

Post-Exploit | CLI Kung Fu (Win) \\ FOR /L Loops (Do While True) [ 4 / 32 ]

Page 8 of 19

Index - Terms By Keyword (SANS 504-B)

Post-Exploit | CLI Kung Fu (Win) \\ FOR /L Loops (Output Handling) [ 4 / 34 ]

Post-Exploit | CLI Kung Fu (Win) \\ FOR /F Loops (Gen Syntax) [ 4 / 36 ]

Post-Exploit | CLI Kung Fu (Win) \\ FOR /F Loops (Pswd Guess Example) [ 4 / 37 ]

Post-Exploit | CLI Kung Fu (Win) \\ FOR /L Loops (Ping Sweep Example) [ 4 / 35 ]

Post-Exploit | CLI Kung Fu (Win) \\ FOR Loops (FOR /L) [ 4 / 32 ]

Post-Exploit | CLI Kung Fu (Win) \\ FOR Loops (General) [ 4 / 31 ]

Post-Exploit | CLI Kung Fu (Win) \\ general [ 4 / 16 ]

Post-Exploit | CLI Kung Fu (Win) \\ Manage Accounts and Groups [ 4 / 21 ]

Post-Exploit | CLI Kung Fu (Win) \\ Registry Interaction [ 4 / 25 ]

Post-Exploit | CLI Kung Fu (Win) \\ Searching file System [ 4 / 20 ]

Post-Exploit | CLI Kung Fu (Win) \\ SMB Session (Establishing) [ 4 / 26 ]

Post-Exploit | CLI Kung Fu (Win) \\ SMB Session (Terminating) [ 4 / 27 ]

Post-Exploit | CLI Kung Fu (Win) \\ Typing and searching files [ 4 / 18 ]

Post-Exploit | General Overview [ 4 / 4 ]

Post-Exploit | Moving Files // File Trf Services [ 4 / 7 ]

Post-Exploit | Moving Files // Push .vs Pull [ 4 / 6 ]

Post-Exploit | Moving Files \\ ASCII Mode End of File Correction [ 4 / 7 ]

Post-Exploit | Moving Files \\ MSF, Paste, Echo [ 4 / 9 ]

Post-Exploit | Moving Files \\ Pilfering Loot (psdws, hashes, SAM, SSH Keys, etc…) [ 4 / 11 ]

Post-Exploit | Moving Files \\ System Comms (mapped drives\recent access\zone files\ email addresses\pswd files\source code) [ 4 / 14 ]

Post-Exploit | msf - Advanced Settings (show advanced) [ 4 / 168 ]

Post-Exploit | msf - Hashdump and Hashdump Script [ 4 / 164 ]

Post-Exploit | msf - migrate [ 4 / 188 ]

Post-Exploit | Password Attacks \\ Password Techniques - When to Use Each One [ 5 / 77 ]

Post-Exploit | Password Attacks \\ Cain - ARP-Poisoning [ 5 / 28 ]

Post-Exploit | Password Attacks \\ Cain - Extracting smb comms from PCAP [ 5 / 38 ]

Post-Exploit | Password Attacks \\ Cain - Invoke Password Cracker Routine [ 5 / 40 ]

Post-Exploit | Password Attacks \\ Cain - Sniffer Overview [ 5 / 27 ]

Post-Exploit | Password Attacks \\ Cain - ARP Poisoned Routing [ 5 / 29 ]

Post-Exploit | Password Attacks \\ Cain - General [ 5 / 25 ]

Post-Exploit | Password Attacks \\ Cain - Hash Calculator usage [ 5 / 33 ]

Post-Exploit | Password Attacks \\ Cain - Sniffer Helpers (Syskey Decoder) [ 5 / 28 ]

Post-Exploit | Password Attacks \\ Cain - Supported Pswd Types [ 5 / 26 ]

Post-Exploit | Password Attacks \\ John (JtR) - Config File \\ John.conf [ 5 / 5 ]

Post-Exploit | Password Attacks \\ John (JtR) - 4 Cracking Modes [ 5 / 5 ]

Post-Exploit | Password Attacks \\ John (JtR) - Conf files (by OS) \\.conf or .ini [ 5 / 5 ]

Post-Exploit | Password Attacks \\ John (JtR) - Distributed Cracking [ 5 / 10 ]

Page 9 of 19

Index - Terms By Keyword (SANS 504-B)

Post-Exploit | Password Attacks \\ John (JtR) - GPU Multi-threaded Pswd Cracking Tools [ 5 / 13 ]

Post-Exploit | Password Attacks \\ John (JtR) - GPU Pswd Cracking Tools [ 5 / 12 ]

Post-Exploit | Password Attacks \\ John (JtR) - john.pot \\ [ 5 / 6 ]

Post-Exploit | Password Attacks \\ John (JtR) - john.rec \\Recovery File overview [ 5 / 7 ]

Post-Exploit | Password Attacks \\ John (JtR) - Tuning for Speed (MMX, SSE2) [ 5 / 9 ]

Post-Exploit | Password Attacks \\ John (JtR) - Viewing Status \\ Gusses, time, %, pswd Range [ 5 / 8 ]

Post-Exploit | Password Attacks \\ PTH - Advantages [ 5 / 68 ]

Post-Exploit | Password Attacks \\ PTH - General Concept [ 5 / 67 ]

Post-Exploit | Password Attacks \\ PTH - MSF Psexec [ 5 / 70 ]

Post-Exploit | Password Attacks \\ PTH - WCE [ 5 / 69 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl - Building Tables [ 5 / 51 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl - Components [ 5 / 50 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl - Hash Function [ 5 / 50 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl - Obtaining Tables [ 5 / 55 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl - Reduction Function [ 5 / 50 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl - Requirements [ 5 / 48 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl - Salted .vs Non-Salted [ 5 / 48 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl - Storage Calculations [ 5 / 49 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl - Time Memory Trade Off [ 5 / 46 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl - Why? [ 5 / 47 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl .vs Cracking [ 5 / 45 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl Step - Phase I is harder than Phase @ [ 5 / 54 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl Step 1 - Finding Correct Chain [ 5 / 53 ]

Post-Exploit | Password Attacks \\ Rainbow Tbl Step 2 - Reinflate Chain [ 5 / 54 ]

Post-Exploit | Passwords \\ Account Lockout (NIX) Locking root Acct via pam.d [ 4 / 128 ]

Post-Exploit | Passwords \\ Cautionary Notes for Movement and Cracking on Hosts [ 4 / 122 ]

Post-Exploit | Passwords \\ Clear-text Capture [ 4 / 120 ]

Post-Exploit | Passwords \\ Destroying Cracked Pswds after Reported [ 4 / 123 ]

Post-Exploit | Passwords \\ Determing case using Im2ntcrack (MSF) [ 4 / 115 ]

Post-Exploit | Passwords \\ Dictionary Generation Tools [ 4 / 117 ]

Post-Exploit | Passwords \\ Improving Speed of Cracking [ 4 / 119 ]

Post-Exploit | Passwords \\ Info Leakage (leaving artifacts behind) [ 4 / 121 ]

Post-Exploit | Passwords \\ LANMAN passwords are always stored Upper-Case [ 4 / 115 ]

Post-Exploit | Passwords \\ Mimikatz kiwi overview [ 4 / 174 ]

Post-Exploit | Passwords \\ NIX MD5 Password Scheme [ 4 / 158 ]

Post-Exploit | Passwords \\ Rainbow Tables [ 4 / 118 ]

Post-Exploit | Passwords \\ SAM - LANMAN Storage [ 4 / 147 ]

Post-Exploit | Passwords \\ THC-Hydra | Default tuning 16 tasks except SMB (1) [ 4 / 144 ]

Page 10 of 19

Index - Terms By Keyword (SANS 504-B)

Post-Exploit | Passwords \\ What if root / Admin acct locked out - Manual rescue TTPs [ 4 / 131 ]

Post-Exploit | Passwords \\ Win Password Repersentation (where to get hashes) [ 4 / 161 ]

Post-Exploit | Passwords \\ Account Lockout (NIX) Avoiding Acct Lockout [ 4 / 129 ]

Post-Exploit | Passwords \\ Account Lockout (NIX) Technical [ 4 / 128 ]

Post-Exploit | Passwords \\ Cracking - Faster & Safer than Guessing [ 4 / 112 ]

Post-Exploit | Passwords \\ Dictionaries (usage and building) [ 4 / 116 ]

Post-Exploit | Passwords \\ Fgdump - Part of PWDump Familiy for windows [ 4 / 163 ]

Post-Exploit | Passwords \\ Guessing .vs Cracking [ 4 / 112 ]

Post-Exploit | Passwords \\ Hashdump (DEP Avoidance) [ 4 / 164 ]

Post-Exploit | Passwords \\ LANMAN Challenge/Response Overview [ 4 / 152 ]

Post-Exploit | Passwords \\ Meterpreter Hashdump - General [ 4 / 164 ]

Post-Exploit | Passwords \\ Mimikatz Kiwi general [ 4 / 189 ]

Post-Exploit | Passwords \\ NIX DES Pswd Scheme - General [ 4 / 157 ]

Post-Exploit | Passwords \\ NIX Encryption methods (as repersented in /etc/shadow) [ 4 / 156 ]

Post-Exploit | Passwords \\ NIX Password Repersentations [ 4 / 156 ]

Post-Exploit | Passwords \\ NIX Unshadow - General (/etc/passwd & shadow files) [ 4 / 160 ]

Post-Exploit | Passwords \\ NTLMv1 Challenge/Response - Gereral Overview [ 4 / 152 ]

Post-Exploit | Passwords \\ NTLMv2 Challenge/Response [ 4 / 154 ]

Post-Exploit | Passwords \\ NTLMv2 HMAC-MD5 - Combo of: usr,domain hashed w/nt-pwd hash) [ 4 / 154 ]

Post-Exploit | Passwords \\ NTMLv2 One-Way Function (OWF) [ 4 / 154 ]

Post-Exploit | Passwords \\ Password Guessing (THC-Hydra) [ 4 / 133 ]

Post-Exploit | Passwords \\ pwdump family - overview and charactoristics [ 4 / 162 ]

Post-Exploit | Passwords \\ SAM ntds.dit (AD storage of accts)` [ 4 / 148 ]

Post-Exploit | Passwords \\ SAM NT Algorithm - General overview [ 4 / 150 ]

Post-Exploit | Passwords \\ Sync'd Password Tips ** Always crack all hashes incase of reuse [ 4 / 114 ]

Post-Exploit | Passwords \\ THC-Hydra (pw-inspector) tool // removes pswds <> org Pswd pol [ 4 / 134 ]

Post-Exploit | Passwords \\ VSS Copying ntds.dit - General Guidelines [ 4 / 175 ]

Post-Exploit | Passwords \\ Win - Sniffing Challenge/Response [ 4 / 177 ]

Post-Exploit | Passwords \\ WIN Crypto types (LANMAN; NTLMv1; NTLMv2; MS-Kerberos) [ 4 / 151 ]

Post-Exploit | Passwords \\ Windows SAM - General [ 4 / 147 ]

Post-Exploit | Passwords - General Overview [ 4 / 111 ]

Post-Exploit | Passwords \\ Account Lockout - General [ 4 / 125 ]

Post-Exploit | Passwords \\ Account Lockout (Win) Technical Overview [ 4 / 126 ]

Post-Exploit | Passwords \\ Pass-the-Hash (PTH) - General [ 4 / 120 ]

Post-Exploit | Passwords \\ SAM LANMAN (2) 7 char chunks KGS!@#$% DES fix key [ 4 / 149 ]

Post-Exploit | Passwords \\ SAM LANMAN Hash Algorithm - Explained [ 4 / 149 ]

Page 11 of 19

Index - Terms By Keyword (SANS 504-B)

Post-Exploit | Passwords \\ THC-Hydra [ 4 / 133 ]

Post-Exploit | Passwords \\ WIN Challenge and Response - How it works [ 4 / 151 ]

Post-Exploit | Poswrshell \\ Cmdlets overview / running [ 4 / 77 ]

Post-Exploit | Powershell \\ 5 Essential PS Things to Remember [ 4 / 98 ]

Post-Exploit | Powershell \\ If an Echo fails, all later echo's fail [ 4 / 97 ]

Post-Exploit | Powershell \\ PS Port scanner example [ 4 / 97 ]

Post-Exploit | Powershell \\ Counting Loops [ 4 / 95 ]

Post-Exploit | Powershell \\ Handling Output (Quotes / ranges / Count operations) [ 4 / 94 ]

Post-Exploit | Powershell \\ Out-Host - Display Output [paginate] via [ 4 / 96 ]

Post-Exploit | Powershell \\ Pipeline - Select-String (examples) [ 4 / 93 ]

Post-Exploit | Powershell \\ Pipeline - Select-String (grep) [ 4 / 93 ]

Post-Exploit | Powershell // General [ 4 / 76 ]

Post-Exploit | Powershell // Usage construct: verb-noun Pattern [ 4 / 76 ]

Post-Exploit | Powershell \\ Wildcard Searching Cmdlets [ 4 / 77 ]

Post-Exploit | Powershell \\ Built-in Varables | System, Host etc… [ 4 / 92 ]

Post-Exploit | Powershell \\ Cmdlet Aliases [ 4 / 78 ]

Post-Exploit | Powershell \\ Cmdlet Common Verbs [ 4 / 77 ]

Post-Exploit | Powershell \\ Command Flag Shortening [ 4 / 82 ]

Post-Exploit | Powershell \\ Exploiting Registry w/ autocomplete [ 4 / 81 ]

Post-Exploit | Powershell \\ Help with Commands [ 4 / 80 ]

Post-Exploit | Powershell \\ History [ 4 / 83 ]

Post-Exploit | Powershell \\ Most Useful Cmdlets [ 4 / 79 ]

Post-Exploit | Powershell \\ Most Useful Cmdlets & Aliases [ 4 / 79 ]

Post-Exploit | Powershell \\ Pipeline - ForEach-Object constructs [ 4 / 88 ]

Post-Exploit | Powershell \\ Pipeline - Filter based on object properties [ 4 / 89 ]

Post-Exploit | Powershell \\ Pipeline - Select-Object construct [ 4 / 90 ]

Post-Exploit | Powershell \\ Pipeline - Sending Obj to other PS commands [ 4 / 86 ]

Post-Exploit | Powershell \\ Pipeline - Where-Object Cmdlet Construct [ 4 / 89 ]

Post-Exploit | Powershell \\ Search example | filter output / hide Std Error / build custom lists [ 4 / 91 ]

Post-Exploit | Powershell \\ Shell History Invocation [ 4 / 84 ]

Post-Exploit | Powershell \\ Tab-Autocomplete [ 4 / 81 ]

Post-Exploit | Powershell \\ -Whatif option [ 4 / 85 ]

Post-Exploit | Powrshell \\ Format-List cmdlet [ 4 / 87 ]

Post-Exploit | Running Remote Cmds - Windows (at & schtasks cmds) [ 4 / 57 ]

Post-Exploit | Running Remote Cmds - Windows (General) [ 4 / 52 ]

Post-Exploit | Running Remote Cmds - Windows (Metasploit - PSEXEC) [ 4 / 55 ]

Post-Exploit | Running Remote Cmds - Windows (psexec) [ 4 / 53 ]

Page 12 of 19

Index - Terms By Keyword (SANS 504-B)

Post-Exploit | Running Remote Cmds - Windows (Using a Service - sc) [ 4 / 59 ]

Post-Exploit | Running Remote Cmds - Windows (WMIC Invoke Programs) [ 4 / 61 ]

Post-Exploit

Post-Exploit | Password Attacks \\ John (JtR) - Free .vs Commercial [ 5 / 4 ]

Post-ExploitPost-Exploit | Password Attacks \\ Rainbow Tbl - Storing Chains in Tables [ 5 / 52 ]

Recon | Bing Dorking - Bishop Fox BHDB [ 1 / 166 ]

Recon | Definition [ 1 / 119 ]

Recon | Definition [ 1 / 20 ]

Recon | dig - use syntax [ 1 / 159 ]

Recon | Dig / DNS - Linux Zone Trf Tool [ 1 / 158 ]

Recon | Dig Command [ 1 / 158 ]

Recon | DNS - Record Types [ 1 / 154 ]

Recon | DNS Cache Snooping [ 1 / 157 ]

Recon | FSDB - Foundstone Data Base // Google Dorks [ 1 / 166 ]

Recon | Google Dork tool // SLDB [ 1 / 166 ]

Recon | Google Dorking - Search by topic // Categories [ 1 / 164 ]

Recon | Google Dorking - Search Directives // examples [ 1 / 161 ]

Recon | Google Dorking - Search Directives // examples - File types [ 1 / 163 ]

Recon | Google Dorking - Search Directives // examples cont… [ 1 / 162 ]

Recon | Maintaining Inventory - General [ 1 / 114 ]

Recon | Maintaining Inventory - How Discovered [ 1 / 115 ]

Recon | Metadata - Doc type of Interest [ 1 / 122 ]

Recon | Metadata - General [ 1 / 121 ]

Recon | Metadata - Sources of Documents [ 1 / 123 ]

Recon | nslookup - General usage [ 1 / 155 ]

Recon | OSINT - Comptetitive Intelligence [ 1 / 150 ]

Recon | OSINT - Job Openings [ 1 / 151 ]

Recon | OSINT - Personnel [ 1 / 152 ]

Recon | Recon-ng - Overview [ 1 / 170 ]

Recon | recon-ng // Groups overview [ 1 / 171 ]

Recon | recon-ng module groups [ 1 / 171 ]

Recon | Regional Internet Registeries (RIR's) [ 1 / 146 ]

Recon | RIR - Query by IP, Company, Domain [ 1 / 146 ]

Recon | Search Diggity - GUI Usage [ 1 / 168 ]

Recon | Search Diggity Suite [ 1 / 167 ]

Recon | Whois - ARIN Lookup Options [ 1 / 147 ]

Recon | Whois - CLI // Results [ 1 / 145 ]

Page 13 of 19

Index - Terms By Keyword (SANS 504-B)

Recon | Whois - CLI // Syntax [ 1 / 144 ]

Recon | Whois - Web based // General Results [ 1 / 143 ]

Scanning | 6 Scan Types [ 2 / 5 ]

Scanning | Definition [ 1 / 20 ]

Scanning | External host - Determine if being blocked [ 2 / 27 ]

Scanning | Filtered Responses - Not from device TCP Stack / something in middle [ 2 / 35 ]

Scanning | Firewall Detection via nmap --badsum scan [ 2 / 57 ]

Scanning | Firewall Spooting - nmap --badsum // sends invalid protocol checksum [ 2 / 57 ]

Scanning | Goals of Scanning [ 2 / 4 ]

Scanning | ICMP Unreachable Port Codes (Filtered Port) [ 2 / 39 ]

Scanning | ip neigh // nmap scan of host who share prot & link layer addr [ 2 / 59 ]

Scanning | namp - IPv6 Support General [ 2 / 58 ]

Scanning | Netcat - Banner Grabbing Syntax [ 2 / 173 ]

Scanning | netcat - Client Info Grabbing [ 2 / 175 ]

Scanning | Netcat - General Overview [ 2 / 170 ]

Scanning | Netcat - General Usage [ 2 / 172 ]

Scanning | netcat - Grabbing Client User Agent Strings [ 2 / 175 ]

Scanning | Netcat - Options / Flags [ 2 / 171 ]

Scanning | netcat - port scanner snytax [ 2 / 174 ]

Scanning | netcat - Service String gathering [ 2 / 174 ]

Scanning | netcat // Service-Is-Alive queries [ 2 / 176 ]

Scanning | Netcat \\ Piping stdin and stdout syntax [ 2 / 170 ]

Scanning | Netcat Client Mode - Generaql [ 2 / 171 ]

Scanning | Netcat Listener Mode - General [ 2 / 171 ]

Scanning | netcat Service-Is-Dead scanner [ 2 / 177 ]

Scanning | nmap - address probing (prot/port usage) for UID-0 .vs Non-UID-0 users [ 2 / 48 ]

Scanning | nmap - Connect Scan (-sT) [ 2 / 52 ]

Scanning | nmap - Invoke NSE [ 2 / 116 ]

Scanning | nmap - IPv6 // All Scan typs supported incl NSE scripts [ 2 / 58 ]

Scanning | nmap - LUA Scripting Engine (NSE) [ 2 / 116 ]

Scanning | nmap - NSE // Display output --Script-Trace [ 2 / 116 ]

Scanning | nmap - Option overview [ 2 / 43 ]

Scanning | nmap - Output options [ 2 / 47 ]

Scanning | nmap - -Pn (-P0) // skips tgt up status probe check [ 2 / 48 ]

Scanning | nmap - Runtime Interaction Commands [ 2 / 44 ]

Scanning | nmap - scripts.db // Repository of all nmap scripts and categories [ 2 / 119 ]

Scanning | nmap - sP (Sweeping scan) [ 2 / 49 ]

Scanning | nmap - stealth / half open scans [ 2 / 43 ]

Page 14 of 19

Index - Terms By Keyword (SANS 504-B)

Scanning | nmap - timing option / addition tuning options [ 2 / 46 ]

Scanning | nmap - Timing options (speed / serial .vs parallel) [ 2 / 45 ]

Scanning | nmap - top 100 ports by default [ 2 / 51 ]

Scanning | nmap -6 // address 128bits (16 bytes); groups of 4-hex digits sep by colon [ 2 / 58 ]

Scanning | nmap ACK Scan (-sA) // scan through ACLs and Filters [ 2 / 54 ]

Scanning | nmap ACK Scan \\ -sA [ 2 / 54 ]

Scanning | nmap -badsum // endpoints do not send RST during badsum scans, slower [ 2 / 68 ]

Scanning | nmap Connect Scan \\ -sT [ 2 / 52 ]

Scanning | nmap Connect Scan (SCADA perfered Scans) //-T2 -sT [ 2 / 52 ]

Scanning | nmap Fast option (Top 100 ports by default) [ 2 / 51 ]

Scanning | nmap FIN Scan (-sF) [ 2 / 54 ]

Scanning | nmap IPv6 supported options [ 2 / 58 ]

Scanning | nmap LUA Scripting Engine [ 2 / 116 ]

Scanning | nmap Maimon Scan (-sM) FIN/ACK to 1 [ 2 / 54 ]

Scanning | nmap Maimon Scan \\ -sM [ 2 / 54 ]

Scanning | nmap network sweeping (-sP) - general overview [ 2 / 49 ]

Scanning | nmap Null Scan (-sN) // All cntl bits to 0 [ 2 / 54 ]

Scanning | nmap null scan \\ -sN [ 2 / 54 ]

Scanning | nmap OS Fingerprinting methods used [ 2 / 72 ]

Scanning | nmap Output Options [ 2 / 47 ]

Scanning | nmap --packet-trace option [ 2 / 43 ]

Scanning | nmap port scanning // General [ 2 / 51 ]

Scanning | nmap Probing Overview (ports used usr / root access) [ 2 / 48 ]

Scanning | nmap --Scanflags // allows custom flag states to be specified [ 2 / 55 ]

Scanning | nmap Script Categories [ 2 / 117 ]

Scanning | nmap Stealth Scan (half-open) \\ -sS [ 2 / 53 ]

Scanning | nmap -sU (UDP scan) General rules and Payloaded ports [ 2 / 56 ]

Scanning | nmap -sV (or -A for all) // listens for response for 6sec; match = confirm [ 2 / 75 ]

Scanning | nmap Sweeping Options [ 2 / 50 ]

Scanning | nmap Sweeping Switches [ 2 / 50 ]

Scanning | nmap SYN Scan (aka Half-Open, Stealth, Default mode) -sS [ 2 / 53 ]

Scanning | nmap Timing Options [ 2 / 45 ]

Scanning | nmap UDP payload ports (7,53,111,123,137,161,500,1654,1812,2049) [ 2 / 56 ]

Scanning | nmap UDP scan // linux closed ports - ICMP Port Unreachable 1 per sec max [ 2 / 56 ]

Scanning | nmap UDP Scan \\ -sU [ 2 / 56 ]

Scanning | nmap Version Scanning [ 2 / 75 ]

Scanning | nmap version scanning - General [ 2 / 74 ]

Scanning | nmap version scanning (--version-trace) shows how it arrived at response [ 2 / 75 ]

Page 15 of 19

Index - Terms By Keyword (SANS 504-B)

Scanning | nmap Xmas Scan (-sX) sets FIN/PSH/URG to 1 [ 2 / 54 ]

Scanning | nmap Xmas Tree Scan \\ -sX [ 2 / 54 ]

Scanning | Order of scan phases [ 2 / 6 ]

Scanning | OS Fingerprinting - 2nd Generation (-O or -O2) [ 2 / 71 ]

Scanning | OS Fingerprinting - Concept [ 2 / 70 ]

Scanning | OS Fingerprinting - nmap tested value overview [ 2 / 72 ]

Scanning | OS Fingerprinting - nmap uses Active methds // sends packets measures response [ 2 / 71 ]

Scanning | OS Fingerprinting - Passive Fingerprinting [ 2 / 71 ]

Scanning | Packet Forgery - Scapy [ 2 / 84 ]

Scanning | Ping6 // IPv6 ping sweek utility in nmap [ 2 / 59 ]

Scanning | Scan speed // impacted by timeout .vs RST / Unreachables [ 2 / 36 ]

Scanning | Scan Types [ 2 / 5 ]

Scanning | Scan Types / Purposes [ 2 / 5 ]

Scanning | Scanning Workflow [ 2 / 6 ]

Scanning | Scapy - Constructing packets from separate varibles [ 2 / 88 ]

Scanning | Scapy - Crafting Packet fields [ 2 / 90 ]

Scanning | Scapy - Crafting Packets [ 2 / 87 ]

Scanning | Scapy - Destination Address Specification options [ 2 / 91 ]

Scanning | Scapy - Functions [ 2 / 86 ]

Scanning | Scapy - Inspecting crafted packet details [ 2 / 89 ]

Scanning | Scapy - Invoke Wireshark [ 2 / 99 ]

Scanning | Scapy - Launching Tool [ 2 / 84 ]

Scanning | Scapy - Overview [ 2 / 84 ]

Scanning | Scapy - Port Range Settings [ 2 / 92 ]

Scanning | Scapy - Sniffing packet(s) based on filter results [ 2 / 99 ]

Scanning | Scapy - Supported Protocols [ 2 / 85 ]

Scanning | Scapy Loops [ 2 / 98 ]

Scanning | Scapy Read from Pcap [ 2 / 99 ]

Scanning | Scapy Response Handling [ 2 / 95 ]

Scanning | Scapy Send / Receive Multiple Packet Example [ 2 / 97 ]

Scanning | Scapy Send / Receive Single Packet Example [ 2 / 96 ]

Scanning | Scapy Send Fine-grain Options [ 2 / 94 ]

Scanning | Scapy Send Packet Cmd Options [ 2 / 93 ]

Scanning | Scapy TCP Cntl Bit Range Setting [ 2 / 92 ]

Scanning | Scapy Write (filter) packets to a file [ 2 / 99 ]

Scanning | SYN > {no Response} (Blocked {Nmap=Filtered}) [ 2 / 35 ]

Scanning | SYN > ICMP Port Unreachable (Blocked {Nmap=Filtered}) [ 2 / 35 ]

Page 16 of 19

Index - Terms By Keyword (SANS 504-B)

Scanning | SYN > RST (Closed Port) [ 2 / 34 ]

Scanning | SYN > SYN-ACK (Open Port) [ 2 / 34 ]

Scanning | Targeting Workflow [ 2 / 6 ]

Scanning | TCP .vs UDP Differences [ 2 / 29 ]

Scanning | TCP 3-way Handshake - General [ 2 / 32 ]

Scanning | TCP Control Bit Overview [ 2 / 31 ]

Scanning | TCP Control Bits - General [ 2 / 31 ]

Scanning | TCP Control Flags - General [ 2 / 31 ]

Scanning | TCP Header (src /dst len=16bit) [ 2 / 30 ]

Scanning | TCP Header Overview [ 2 / 30 ]

Scanning | TCP: RFC 793 - General [ 2 / 33 ]

Scanning | TCP: 3 Way Handshake // Initial Sec # (ISN) [ 2 / 32 ]

Scanning | TCP: Blocked (Filtered) Port Behavior [ 2 / 35 ]

Scanning | TCP: Closed Port Behavior [ 2 / 34 ]

Scanning | TCP: Control Flag - RFC 3168 [ 2 / 31 ]

Scanning | TCP: Open Port Behavior [ 2 / 34 ]

Scanning | tcpdump - examples [ 2 / 19 ]

Scanning | tcpdump - expression syntax [ 2 / 18 ]

Scanning | tcpdump - Options [ 2 / 17 ]

Scanning | tcpdump switches [ 2 / 17 ]

Scanning | Tip: Large Scan - General [ 2 / 9 ]

Scanning | Tip: Large Scan - Speed Up Scan (1) [ 2 / 12 ]

Scanning | Tip: Scan and Sniff at same Time [ 2 / 15 ]

Scanning | Tip: Large Scan Scope Limiting [ 2 / 10 ]

Scanning | Tip: Large Scope - Best Approach [ 2 / 11 ]

Scanning | TIP: Scan by IP, not Host Name [ 2 / 8 ]

Scanning | Tip: Speeding Up Scan - Hyper Fast Scanners [ 2 / 13 ]

Scanning | Traceroute - start @ UDP 33434 by default [ 2 / 24 ]

Scanning | traceroute - T (tcp syn default port 80) [ 2 / 24 ]

Scanning | Traceroute (NIX) Switches / Port \\ UDP default; starts @ 33434 [ 2 / 24 ]

Scanning | Traceroute / Linux - General [ 2 / 24 ]

Scanning | Traceroute Overview [ 2 / 23 ]

Scanning | Tracert - Windows // General [ 2 / 26 ]

Scanning | Tracert (Win) Switches: ICMP; Max Hops=30; Max-wait=4000ms [ 2 / 26 ]

Scanning | UDP - General overview [ 2 / 38 ]

Scanning | UDP Header [ 2 / 37 ]

Scanning | UDP In > {No Resp} (Closed; FW Blocking; or Open but data sent incorrect format) [ 2 / 40 ]

Page 17 of 19

Index - Terms By Keyword (SANS 504-B)

Scanning | UDP In > ICMP Port Unreachable (Closed / Blocked) [ 2 / 39 ]

Scanning | UDP in > UDP Back (Open) [ 2 / 39 ]

Scanning | UDP: Open| filtered Nmap response [ 2 / 40 ]

Scanning | UDP: Closed Port Behavior (ICMP type 3/ code 3) [ 2 / 39 ]

Scanning | UDP: Filtered Port Behavior (ICMP 3 w/ codes 1,2,9,10,13) [ 2 / 39 ]

Scanning | UDP: Nothing back Scenarios [ 2 / 40 ]

Scanning | UDP: Open Port Behavior [ 2 / 39 ]

Scanning | Vuln Scan - Documenting Plug-in's [ 2 / 133 ]

Scanning | Vuln Scan - Metasploit // Stealth Scan uses Syn Scan!!! [ 3 / 130 ]

Scanning | Vuln Scan - Nessus // Recording Scan Policies Use on test [ 2 / 133 ]

Scanning | Vuln Scan - Nessus Architecture [ 2 / 131 ]

Scanning | Vuln Scan - Nessus Dangerous Plug-ins // General Info [ 2 / 134 ]

Scanning | Vuln Scan - Nessus Plug-in Updates [ 2 / 132 ]

Scanning | Vuln Scan - Nessus Results // General Oveview [ 2 / 135 ]

Scanning | Vuln Scan - OpenVAS // General Overview [ 2 / 131 ]

Scanning | Vuln Scan // Nessus - General [ 2 / 130 ]

Scanning | Vuln Scans // Discovery - General [ 2 / 111 ]

Scanning | Vuln Scans // nmap .vs Vuln Scanners [ 2 / 113 ]

Scanning | Vuln Scans // nmap NSE Scripts [ 2 / 116 ]

Scanning | Vuln Scans // nmap Scripting Engine (NSE) overview [ 2 / 115 ]

Scanning | Web-based Tracerouting // General [ 2 / 27 ]

Security Assessment | Definition [ 1 / 12 ]

Security Audit | Definition [ 1 / 13 ]

Threat | Definition [ 1 / 8 ]

Vulnerability | Assessment: Addressing Discovered Vulnerabilities [ 1 / 16 ]

Vulnerability | Assessment: Definition [ 1 / 12 ]

Vulnerability | Definition [ 1 / 8 ]

Vulnerability | Research: ExploitHub - Research [ 1 / 34 ]

Vulnerability | Research: Hackerstorm - Reseach [ 1 / 34 ]

Vulnerability | Research: Mitre CVE Repo - Research [ 1 / 34 ]

Vulnerability | Research: Secunia - Research [ 1 / 34 ]

Vulnerability | Research: US-CERT - Resource [ 1 / 34 ]

Web-Apps | Attack Proxy Tools List [ 5 / 97 ]

Web-Apps | Cross-Site Request Forgery (CSRF / XSRF) ** Not a Script (html Element) [ 5 / 110 ]

Web-Apps | Definition & Required Components [ 5 / 80 ]

Web-Apps | Injection Attack Types [ 5 / 108 ]

Web-Apps | Injection Attack Types - Cmd Injection [ 5 / 149 ]

Web-Apps | Injection Attack Types - Cmd Injection \\ Porting to a Shell w/o NC [ 5 / 158 ]

Page 18 of 19

Index - Terms By Keyword (SANS 504-B)

Web-Apps | Injection Attack Types - Cross-Site Request Forgery (CSRF / XSRF) General [ 5 / 110 ]

Web-Apps | Injection Attack Types - Cross-Site Request Forgery (CSRF / XSRF) More… [ 5 / 114 ]

Web-Apps | Injection Attack Types - Encoding XSS Attacks [ 5 / 136 ]

Web-Apps | Injection Attack Types - sp_makewebtask \\ Stored Proc Spwans Shell, send cmd to exec [ 999 / 999 ]

Web-Apps | Injection Attack Types - SQLi \\ Querying Multiple Tables [ 5 / 168 ]

Web-Apps | Injection Attack Types - SQLi \\ Blind Injection Output - General [ 5 / 171 ]

Web-Apps | Injection Attack Types - SQLi \\ Blind Injection Syntax [ 5 / 172 ]

Web-Apps | Injection Attack Types - SQLi \\ General Overview [ 5 / 161 ]

Web-Apps | Injection Attack Types - SQLi \\ Query DB Structure Syntax (by Vendor) [ 5 / 169 ]

Web-Apps | Injection Attack Types - SQLi \\ SQL Element Examples [ 5 / 167 ]

Web-Apps | Injection Attack Types - SQLi \\ SQL Statement Examples [ 5 / 166 ]

Web-Apps | Injection Attack Types - SQLi \\ Syntax Sources [ 5 / 165 ]

Web-Apps | Injection Attack Types - SQLi \\ Union Statement (Multiple Tables) [ 5 / 168 ]

Web-Apps | Injection Attack Types - SQLi \\ Cmd Injection [ 5 / 170 ]

Web-Apps | Injection Attack Types - SQLi \\ Common String Termination Error Msgs [ 5 / 164 ]

Web-Apps | Injection Attack Types - SQLi \\ Discovering Vulnerabilities [ 5 / 164 ]

Web-Apps | Injection Attack Types - SQLi Concept [ 5 / 162 ]

Web-Apps | Injection Attack Types - SQLi Detection Tool (Burp-Intruder) [ 5 / 164 ]

Web-Apps | Injection Attack Types - SQLi Detection Tool (ZAP) [ 5 / 164 ]

Web-Apps | Injection Attack Types - SQLi Process Steps [ 5 / 163 ]

Web-Apps | Injection Attack Types - XSS (Cross-Site-Scripting) - General [ 5 / 127 ]

Web-Apps | Injection Attack Types - XSS (General) [ 5 / 127 ]

Web-Apps | Injection Attack Types - XSS (More) [ 5 / 128 ]

Web-Apps | Injection Attack Types - XSS \\ BeEF Exploit Framework [ 5 / 131 ]

Web-Apps | Injection Attack Types - XSS \\ Two Types (Reflected and Stored) [ 5 / 132 ]

Web-Apps | Injection Attack Types - XSS Detecting Stored .vs Reflected Vulns [ 5 / 135 ]

Web-Apps | Nikto - General [ 5 / 82 ]

Web-Apps | Nikto - Usage (3 pages long) [ 5 / 84 ]

Web-Apps | OWASP Zed Attack Proxy (ZAP) - Features General [ 5 / 93 ]

Web-Apps | OWASP Zed Attack Proxy (ZAP) - Features Manual Request Editor/Hash Calc [ 5 / 95 ]

Web-Apps | OWASP Zed Attack Proxy (ZAP) - Features Proxies, Auth, Session Saving [ 5 / 96 ]

Web-Apps | OWASP Zed Attack Proxy (ZAP) - Features Scanning [ 5 / 94 ]

Web-Apps | OWASP Zed Attack Proxy (ZAP) - General [ 5 / 92 ]

Web-Apps | Wikto - Vuln Scanner (.Net Nikto Port) [ 5 / 83 ]

White Hat Hacker | Definition [ 1 / 10 ]

Page 19 of 19