added default note structures

note_templates/internal_pentest/attacks.md

@@ -0,0 +1,17 @@
+#|||ORG_NAME||| #internal #attack
+
+# Persistence via _
+(screenshot)
+
+(embed important info from initail_enum here.)
+
+# local privesc:
+powerup/sharpup findings:
+
+(screenshot)
+
+# local evasion:
+evasion notes:
+
+# Lateral Movement:
+lateral movement notes:

note_templates/internal_pentest/cleanup.md

@@ -0,0 +1,4 @@
+#|||ORG_NAME||| #internal #cleanup
+
+- [ ] Breach machine C-temp-fr
+- [ ] (continue to add as needed

note_templates/internal_pentest/general.md

@@ -0,0 +1,34 @@
+#|||ORG_NAME||| #internal #general
+
+# SCOPE
+(paste scope from workbook)
+
+On the call: 
+
+Introductions 
+    Let them know that their primary contact will be the PM and there should be 
+
+Go over general attack strategy/procedure. 
+    We will get a beacon payload by the time the test starts 
+        The beacon payload should be executed on a domain joined windows system. 
+            If the system is not domain joined/no domain - let Seth know as this modifies the standard beacon 
+        Select a user based on a department/role that they would like tested (Marketing, Sales, HR, IT) 
+            This can be a test system with a cloned user, but then we don't get keylogging or screen grabs 
+        The beacon is created using Cobalt Strike and communicates over HTTPS 
+        Since Cobalt Strike is very well signatured, remind them that they may need to add an exclusion in antivirus and/or web filter 
+    We will look at local privilege escalation, conduct portscans, password sprays, targeted vulnerability scanning (NOT NESSUS), lateral movement opportunities, and escalating to DOMAIN ADMIN privilege.  
+    Ask if they want a focus on any particular assets. for example, an old time logging system, or remote access system. 
+
+Confirm On Prem AD vs NoAD or Azure AD - 
+
+Ask if they have any questions or concerns 
+
+Do they have a specific contact - 
+
+emergency contact method - 
+
+Email any follow-up items from the call to the PM 
+
+sensitive systems - 
+
+secondary objectives -

note_templates/internal_pentest/initial_enum.md

@@ -0,0 +1,15 @@
+#|||ORG_NAME||| #internal #enumeration
+
+# important info
+
+| type               | info          |
+| ------------------ | ------------- |
+| FQDN               |               |
+| short domain       |               |
+| logon server       |               |
+| initial username   |               |
+| initial hostname   |               |
+| initial ip         |               |
+| logon server ip    |               |
+| azure ad joined    |               |
+| observation window |               |

note_templates/internal_pentest/l00t/creds.md

@@ -0,0 +1,12 @@
+#|||ORG_NAME||| #internal #l00t/creds
+
+# Passwords:
+
+| system | user | password |
+| ------ | ---- | -------- |
+
+
+# Hahses:
+
+| type | user | hash |
+| ---- | ---- | ---- |

note_templates/internal_pentest/l00t/dumps.md

@@ -0,0 +1,13 @@
+#|||ORG_NAME||| #internal #l00t/dumps
+
+# SAM
+
+systemname:
+```
+```
+
+# LSASS.EXE
+
+systemname: 
+```
+```

note_templates/internal_pentest/password_spray.md

@@ -0,0 +1,30 @@
+- [ ] useraspass
+- [ ] Seasonyear!
+- [ ] Service123!
+- [ ] admin
+- [ ] Admin
+- [ ] Admin123!
+- [ ] admin123
+- [ ] admin1
+- [ ] 1234567
+- [ ] Seasonyear
+- [ ] seasonyear!
+- [ ] seasonyear
+- [ ] COMPANYYEAR!
+- [ ] COMPANYYEAR
+- [ ] November2024!
+- [ ] September2024!
+- [ ] October2024!
+- [ ] COMPANYfoundingyear!
+- [ ] COMPANYfoundingyear
+- [ ] COMPANYstreetnumber!
+- [ ] COMPANYstreetnumber
+- [ ] Password
+- [ ] P@ssw0rd
+- [ ] Password1!
+- [ ] Password123!
+- [ ] Passwordyear!
+- [ ] P@55w0rd
+- [ ] Service
+- [ ] Service!
+- [ ] Serviceyear!