Starting windows pentesting

Hey guys,

Here's the deal, i have never pentested windows machines and what i'm asking is: what you recommend as a learning path?

I dont have VIP but if it really leverages in this case, i might get it!

On linux i'm very confortable with the medium machines (they start to become easier, with some hickups but i can really see the progress from a month ago)

Cheers

Comments

  • edited February 25
    I dont know alot about windows but imo the biggest diference is Active Directory,since every company uses AD I think its critical to know it well if youre gonna do internal pentests(there is a retired box for that to practice once you learn it).There is a course for that on hackthebox academy also.Apart from that I think a bit of powershell may be good to know.To practice hacking windows I really recommend VIP as there's alot of boxes to choose from.Also forgot to mention windows registry aswell.
  • This link is worth looking at:
    https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_windows.html

    To add on what @ShreKy said:

    Active Directory
    DNS - Zone Transfers
    SMB
    Kerberoasting (part of Active Directory) using impacket
    Registry (see link above)
    Powershell will do you good
    

    Always happy to help others. 100% human

    https://www.mindfueldaily.com/livewell/thank-you/

  • Hey guys, thanks a lot !

    I did the academy windows fundamentals and it was pretty straight forward!

    Guess i'll upgrade to VIP just to start messing with easy boxes together with some reading on those subjects you suggested

Sign In to comment.