/MindMap

This is a collection of some of mine mindmaps abount pentesting created with Obsidian.

GNU General Public License v3.0GPL-3.0

MindMap

This is a collection of some of mine mindmaps in Obsidian. No I did not design all mindmaps myself, some are from other awesome people. I ported some of them to an Obsidian variant since I use Obsidian for my cheatsheets. The mindmaps which I have in Obsidian are listed below:

  • AD penetration testing
  • Privilege Escalation
  • Webapplication penetration testing
  • SSTI
  • File transfer techniques
  • Pivot / Tunnels
  • Wireless network pentesting

AD penetration testing Mindmap

The famous AD penetration testing mind map of Orange Cyberdefense made by mayfly (@M4yFly), viking (@Vikingfr) and Sat0rryu (@Sant0rryu) is high in my favorites. I regularly use the mind map to view a certain scenario and command. Unfortunately it is not possible to copy the text from the SVG file. Sometimes to great frustration that I have to retype it and make a typing error. For several months now I have been restructuring my notes from Joplin to Obsidian. While working with Obsidian I found out that you can make a mind map (canvas) and then copy commands. A good time to convert the AD mind map to something I can copy and paste from. Of course I also want to share this with you. If there are things in it that are not correct, or something is missing. Then let me know and I can update it.

Direct link to the Mindmap (canvas)

AD penetration testing mindmap - inspired by Orange Cyberdefense


AD Enumeration with PowerView

Within the AD directory I put the Obsidian minmap for enumerating AD with PowerView. The mindmap could be used to copy and paste commands to gather information about everything in AD.


Pivot

There are several ways to pivot into a network. The mindmaps are available in the pivot directory. One of my favourite pivot tools is Ligolo-ng. There is an awesome video about this on youtube (https://youtu.be/DM1B8S80EvQ) Based on this video I created a mindmap with all commands and where it should be executed.

Pivot with Ligolo-NG


Privilege escalation mindmap

Now that I'm updating my cheat sheet, I like to also make mind maps that I put at the beginning of my category. I use this as a reference. In this case I have divided the Privilege escalation mindmaps between Linux and Windows. I am still developing this one.

The mindmap for Linux. Direct link Privilege escaltion Linux Mindmap

The mindmap for Windows. Direct link Privilege escaltion Windows Mindmap


Web Penetration Testing Mindmap

I've created this mindmap for web penetration testing. I started with this mindmap during the eWPT course and I've updated it with some other techniques. This is something that should be updated regulary in the near future. The mindmap was origanally created in Freemind. But since I started moving all my notes to Obsidian and I allready importerd other mindmaps in my Obsidian notes, it was time to port this one as well. The mindmap is now available for Obsidian. Now I have to update the mindmap with some extra techniques and descriptions.

The mindmap for Obsidian can be found here

The mindmap for Freemind can be found here

Mindmap web penetration testing


SSTI Mindmap

A while ago I noticed a mindmap to detect which technology is used if you are looking for an SSTI vulnerability. As usual I love those mindmaps, but in this one I could not copy the code for injection and paste it on the target. Therfore I created a variant on this mindmap and added it to my notes in Obsidian. If you would like to add it to your notes in Obsidian you can download the mindmap from here. The mindmap looks like this: Mindmap SSTI


File transfer mindmap

Mindmap transfer files from attacker to victim

There are many ways to transfer files as an attacker to a victim. Sometimes there are so many options that choosing the right technique can be difficult. With this mind map I try to provide insight into the possibilities of moving files from the attacker to the victim.

The mindmap is created within Obsedian, so you could import the file within Obsedian without any problem. The file could be downloaded from here.

The mindmap fo transfering file from the attacker to the victim looks like this: Mindmap File transfer from attacker to victim

Mindmap transfer files from victim to attacker

As mentioned earlier, there are many ways to transfer files from one machine to another. This mindmap is to show some possibilities from the victim machine to the attacker machine. Check which technologies are used on the victim. Use those technologies firstbefore starting any other technique.

The mindmap is created within Obsedian, so you could import the file within Obsedian without any problem. The file could be downloaded from here Mindmap File transfer from victom to attacker


Wireless network pentesting

While preparing for the OSWP exam I had to build my own WiFi lab until I noticed WiFiChallenge Lab from r4ulcl. Based on the virtual environment he created I tested several attack methods and techniques. I have tried to document the whole thing into a mind map so that it becomes clear which attack paths and techniques can be used. The commands are easy to use and require a little tweaking here and there to use them. I would like to thank r4ulcl, BloodyPhoenix and Nick for reviewing the mind map.

It is possible that I will add additional tools and techniques in the future, such as attacks with Kistmet/WiFite/Fluxion, etc. The mindmap is created for Obsidian, se download the file here

Mindmap File transfer from victom to attacker