Active Directory (AD) Hacking Cheat Sheet
What is Active Directory? Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It’s widely used to manage permissions and access to network resources. Compromising…
SQLMap Cheat Sheet
What is SQLMap? SQLMap is an open-source penetration testing tool that automates the detection and exploitation of SQL injection flaws and takes over database servers. Basic SQLMap Commands CommandDescriptionsqlmap -u…
FFuF (Fuzz Faster U Fool) Cheat Sheet
Basic Commands CommandDescriptionffuf -u <URL/FUZZ> -w <wordlist>Basic directory/file brute-forcingffuf -u <URL/FUZZ> -w <wordlist> -e <ext>Brute-force directories/files with specific extensionsffuf -u http://FUZZ.example.com/ -w <wordlist>Brute-force subdomainsffuf -u <URL>?FUZZ=value -w <wordlist>Brute-force parameters in…
Impacket Kerberoasting Cheat Sheet
What is Kerberoasting? Kerberoasting is an attack where an adversary requests service tickets for Service Principal Names (SPNs) from a Domain Controller, extracts these tickets, and attempts to crack their…
Gobuster Cheat Sheet
Basic Commands CommandDescriptiongobuster dir -u <URL> -w <wordlist>Directory brute-force against a web servergobuster dns -d <domain> -w <wordlist>DNS subdomain brute-force against a domaingobuster vhost -u <URL> -w <wordlist>Virtual host brute-force…
Metasploit Cheat Sheet
Starting Metasploit CommandDescriptionmsfconsoleStart Metasploit FrameworkmsfupdateUpdate the Metasploit FrameworkmsfdRun the Metasploit DaemonmsfvenomStandalone payload generator Basic Commands CommandDescriptionsearch <keyword>Search for modules using a keyworduse <module>Select a module (e.g., use exploit/windows/smb/ms17_010_eternalblue)info <module>Show information…
Nmap Cheat Sheet
Basic Scan Types CommandDescriptionnmap <target>Simple scan, default is a TCP connect scannmap -sS <target>Stealth SYN scan (default for privileged users)nmap -sT <target>TCP connect scan (used if SYN scan isn’t an…
What is the OWASP Top 10?
The OWASP Top 10 is a crucial resource in the field of cybersecurity, especially for web application security. Published by the Open Web Application Security Project (OWASP), this list represents…
TryHackMe vs Parrot CTFs: A Comprehensive Comparison
Parrot CTFs vs. TryHackMe: A Comprehensive Comparison Capture the Flag (CTF) competitions and interactive cybersecurity platforms have become essential tools for anyone looking to enhance their cybersecurity skills. Among the…
Become a Parrot CTFs Subject Matter Expert
Join our exclusive SME club and get your expert insights featured on Parrot CTFs' blogs, newsletters, webinars, and more—reaching a dedicated audience of cybersecurity enthusiasts and professionals! Parrot CTFs Article…