Skip to content

Syslifters Handbook

Main Navigation Home Pentesting Manual Organization Blog

English

Deutsch

English

Deutsch

Appearance

Sidebar Navigation

Our Pentesting Manual

About the handbook

Contact us

Pentesting

Pentest planning process

Pentest operation rules

Working together

Reporting

Report writing

Findings

Titles

Summaries

Descriptions

Recommendations

Executive summaries

Screenshots

Sending reports

Web Applications

Recon & tooling

Katana recon pipeline

Downloading m3u8 playlists

ASP.NET endpoint checklist

Search Shodan for SSH keys

Cheat sheets

Authentication & account flows

Normalization and Unicode attacks

Parameter pollution

Mass assignment in password resets

CRLF injection to add email CC

UUID v1 sandwich attack

OIDC

JWT attacks

WebSocket hijacking

File uploads

XMP metadata injection in PNG uploads

XSS via SVG file upload

SQLi and XSS payloads in filenames

XXE payloads

Universal WAF bypass (request padding)

NTLM channel binding for web apps

ASP.NET ViewState

Common security issues in financial web apps

Wordlists

API endpoints wordlists

User agent wordlists

Framework-specific wordlists

Small brute force password lists

Learn and practice

Active Directory

Enumeration

Host enumeration

AD enumeration

Fileshare enumeration

Network enumeration

Defense evasion

Lateral movement

SMB relaying

LDAP relaying

HTTP / RPC relaying

ADCS

DNS manipulation

IPv6 MitM

Kerberos delegation

Delegations overview

Shadow credentials

Privilege escalation

LPE

WSUS

Credential access

Hash cracking

Hijack RDP session

Password spraying

Credential dumping

PXE boot

Tool cheat sheet

Entra ID / Azure

Checklist

Tools

RoadTools

Conditional access bypasses

Azure Arc abuse

Other

Mobile

Android emulation

Remote debugging

Flutter app setup

Power Platform

Basic knowledge

Overview of Microsoft Power Platform

Power Platform dataverse

Power Platform environments

Solutions in Power Platform

Canvas apps vs model-driven apps

Default permissions and access

License to role mapping risks

Security roles and permissions

Misconfigurations

Read access to compiled assemblies

Missing DLP policy

Limit environment creation

Limited audit trail (auditing)

Plain-text environment variables

Traffic inspection

HTTPS traffic decryption with Wireshark

Java RMI

Physical security

Tools & Providers

Pentesting toolset

Internal toolset

Social security numbers

On this page

Are you an LLM? You can read better optimized documentation at /pentesting-manual/active-directory/privilege-escalation/wsus.md for this page in Markdown format

WSUS

SharpWSUS

TODO

PyWSUS

TODO

Pager

Previous pageLPE

Next pageHash cracking

Privacy · Imprint

WSUS ​

SharpWSUS ​

PyWSUS ​

WSUS

SharpWSUS

PyWSUS