OSEP: Checklist

Stuck?

Try the following:

  1. Re-use hashes/passwords on all possible machines -> Netexec (former CME)

  2. Password re-use? Very common for offsec

  3. Check local admin account on all possible machines

  4. Check all possible other authentication services

  5. If having any issues with permissions -> klist purge (tickets could be messy)

Keep track of:

  • All (new) pwned principals (machines/users/groups) -> fully check in Bloodhound

Can't catch shell / no response? Might be very strict ports, try most common:

  • 80

  • 443

  • 8080

Last updated