Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Nowafen/pE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

3 Commits
README.md
README.md
Β 
Β 

Repository files navigation

Post-Exploitation Roadmap

This repository documents, hands-on roadmap for Post-Exploitation in offensive security operations.
It covers techniques, custom tooling, and practical development in Bash, Python, C, and Go.

πŸ“Œ Table of Contents

  1. Environment Setup
  2. Host-Based Post-Exploitation
  3. Credential Access & Abuse
  4. Persistence Techniques
  5. Lateral Movement
  6. Active Directory & Kerberos Abuse
  7. Defense Evasion
  8. Data Exfiltration
  9. Custom Tool Development
  10. OPSEC & Cleanup

1. Environment Setup

  • AD Lab with multiple domains & forests (e.g., via pfsense, ESXi, or Terraform)
  • C2 Setup: Sliver, Mythic, or custom C2
  • Redirector + CDN infrastructure
  • Python virtual environment & Go workspace

2. Host-Based Post-Exploitation

  • Host Enumeration (users, groups, scheduled tasks)
  • File/Process/Service inspection
  • AV/EDR detection & response analysis
  • PowerShell, Bash & Python one-liners
  • Bash and Python post-exploitation scripts

3. Credential Access & Abuse

  • LSASS dumping (with & without Mimikatz)
  • SAM & SYSTEM hive parsing
  • DPAPI secrets extraction
  • Credential Manager abuse
  • Credential theft in Python and Go
  • Token impersonation (Python + Windows API)

4. Persistence Techniques

  • Registry run keys / WMI / Scheduled tasks
  • DLL Hijacking & Service abuse
  • Go-based persistence agent
  • Python script for autoload persistence
  • C loader with shellcode & beacon callbacks

5. Lateral Movement

  • Pass-the-Hash / Pass-the-Ticket
  • PSExec, WinRM, RDP hijacking
  • SMB & Named Pipe relays (Impacket)
  • Lateral tools in Python
  • Go-based PsExec-like binary

6. Active Directory & Kerberos Abuse

  • BloodHound & SharpHound path analysis
  • DCSync / DCShadow
  • Kerberoasting with Python & Go
  • AD ACL abuse automation
  • Abusing AdminSDHolder & GPOs
  • Ticket forging with Rubeus / Go

7. Defense Evasion

  • AMSI Bypass (C & PowerShell)
  • ETW patching
  • Inline syscall injection (C)
  • LOLBins (Living Off the Land Binaries)
  • Obfuscation: Python/Go payload splitters
  • Shellcode encryption loaders

8. Data Exfiltration

  • DNS Tunneling (Python)
  • Steganography (Python-based encoder)
  • Exfil to Dropbox, Google Drive via API
  • Archive + AES encryption
  • Custom Go client for stealth exfil

9. Custom Tool Development

πŸ”§ Python

  • Host recon & enumeration scripts
  • Credential dumpers
  • Covert channels

πŸ”§ C

  • Shellcode loaders (PE injection, DLL injection)
  • Custom stagers with inline syscalls
  • AV/EDR evasion payloads

πŸ”§ Go

  • Cross-platform agents
  • Custom HTTP/DNS C2 beacons
  • Process injection with Go syscall wrappers

πŸ”§ Bash

  • Unix-based enumeration & persistence
  • SSH agent hijacking

10. OPSEC & Cleanup

  • Cleaning artifacts (prefetch, logs, registry)
  • Disabling Defender logs temporarily
  • Secure deletion of payloads
  • OPSEC-safe beaconing
  • Python & Go cleanup scripts

πŸ“š References

🧠 Contribution

Pull requests are welcome for additional scripts, techniques, or tool enhancements.

About

Simple roadmap for "Post Exploitation"

Topics

post-exploitation post-ex

Resources

Readme
Activity

Stars

14 stars

Watchers

0 watching

Forks

1 fork
Report repository