started work on writing the tool, its not quite ready yet, but we're

getting close.

default_notes_templates/external/attacks.md

@@ -0,0 +1,66 @@
+# directory bruteforcing
+- [ ] url
+- [ ] continue as needed
+
+---
+
+# Login Attacks
+
+## URL or host:port
+
+- [ ] stuffed
+- [ ] sprayed
+- [ ] bureforced
+- [ ] default
+
+## continue as needed
+
+---
+
+# Main password spray
+
+- [ ] useraspass
+- [ ] Seasonyear!
+- [ ] Service123!
+- [ ] admin
+- [ ] Admin
+- [ ] Admin123!
+- [ ] admin123
+- [ ] admin1
+- [ ] 1234567
+- [ ] Seasonyear
+- [ ] seasonyear!
+- [ ] seasonyear
+- [ ] COMPANYYEAR!
+- [ ] COMPANYYEAR
+- [ ] November2024!
+- [ ] September2024!
+- [ ] October2024!
+- [ ] COMPANYfoundingyear!
+- [ ] COMPANYfoundingyear
+- [ ] COMPANYstreetnumber!
+- [ ] COMPANYstreetnumber
+- [ ] Password
+- [ ] P@ssw0rd
+- [ ] Password1!
+- [ ] Password123!
+- [ ] Passwordyear!
+- [ ] P@55w0rd
+- [ ] Service
+- [ ] Service!
+- [ ] Serviceyear!
+
+---
+
+# service 1 
+ 
+## host      
+
+ports: 
+
+(notes)
+
+## continue as neded
+
+---
+

default_notes_templates/external/findings.md

@@ -0,0 +1,17 @@
+# finding 1
+
+## affected hosts
+
+- host1
+(continue as needed)
+
+---
+
+# finding 2
+
+## affected hosts
+
+- host1
+(coninute as needed 
+
+

default_notes_templates/external/general.md

@@ -0,0 +1,27 @@
+# scope
+
+(paste scope from workbook)
+
+# PPC
+
+Planning call notes:
+- methodolgy
+- whole month testing window
+- start with a vuln scan in nessus pro
+- pentesting execution standard framework
+- info gathering
+- recon
+- exlpoitation
+- reporting 
+- primary objective
+    - reasonable and expected protections are in place
+    - see if we can get access to the internal network
+        - if we do get inside 
+            - reach out to the contact and see what they'd want us to know
+- questions to ask
+- custom objectives
+    - 
+- testing main website
+- password attacks
+    - password sprays 3-12 hours
+    - lock out policy - 

default_notes_templates/external/host_notes.md

@@ -0,0 +1,8 @@
+# host 1
+
+| port | service | link to attack notes |
+| ---- | ------- | -------------------- |
+
+---
+
+(continue as needed)

default_notes_templates/internal/attacks.md

@@ -0,0 +1,94 @@
+Got Persistence via (schtasks, bat schtasks, startup folder)
+(screenshot)
+
+---
+
+(link important info in initialenum.md here)
+
+---
+
+# powerup.ps1/sharpup.exe notes.
+
+(screenshot)
+
+---
+
+# kerberoast notes
+
+- [ ] worked via rubeus
+- [ ] worked via encrypted rubeus
+- [ ] worked via netexec
+
+
+(screenshot)
+
+---
+
+# password spray notes
+
+worked via (exeasm nefariousspray | inline nefarious spray | powershell tool | other tool)
+
+- [ ] useraspass
+- [ ] Seasonyear!
+- [ ] Service123!
+- [ ] admin
+- [ ] Admin
+- [ ] Admin123!
+- [ ] admin123
+- [ ] admin1
+- [ ] 1234567
+- [ ] Seasonyear
+- [ ] seasonyear!
+- [ ] seasonyear
+- [ ] COMPANYYEAR!
+- [ ] COMPANYYEAR
+- [ ] November2024!
+- [ ] September2024!
+- [ ] October2024!
+- [ ] COMPANYfoundingyear!
+- [ ] COMPANYfoundingyear
+- [ ] COMPANYstreetnumber!
+- [ ] COMPANYstreetnumber
+- [ ] Password
+- [ ] P@ssw0rd
+- [ ] Password1!
+- [ ] Password123!
+- [ ] Passwordyear!
+- [ ] P@55w0rd
+- [ ] Service
+- [ ] Service!
+- [ ] Serviceyear!
+
+---
+
+# bloodhound notes
+
+- [ ] worked via exeasm sharphound
+- [ ] worked via inline sharphound
+- [ ] worked via encrypted sharphound
+- [ ] worked via rusthound
+
+(notes about intial lateral movement paths)
+
+(screenshot)
+
+---
+
+# portscan notes
+
+- [ ] gathered via cobalt strike portscan
+- [ ] host enumeration via cmd
+- [ ] gathered via powershell
+- [ ] gathered via nmap
+- [ ] gathered via other tool (specify here)
+
+(screenshot)
+
+SSH count: 
+FTP count:
+RDP count:
+MSSQL count:
+mysql count:
+(continue as needed)
+
+---

default_notes_templates/internal/cleanup.md

@@ -0,0 +1,2 @@
+- [ ] Breach machine C-temp-fr
+- [ ] (continue to add as needed

default_notes_templates/internal/findings.md

@@ -0,0 +1,10 @@
+# normal findings
+
+
+---
+
+# data exfil
+
+## starting user name (fill this out)
+
+## other user (or domain admin) (fill this out) 

default_notes_templates/internal/general.md

@@ -0,0 +1,50 @@
+# Scope
+
+(past in scope from workbook excel sheet
+
+---
+
+# PPC
+
+
+Introductions 
+    Let them know that their primary contact will be the PM and there should be 
+
+Go over general attack strategy/procedure. 
+    We will get a beacon payload by the time the test starts 
+        The beacon payload should be executed on a domain joined windows system. 
+            If the system is not domain joined/no domain - let Seth know as this modifies the standard beacon 
+        Select a user based on a department/role that they would like tested (Marketing, Sales, HR, IT) 
+            This can be a test system with a cloned user, but then we don't get keylogging or screen grabs 
+        The beacon is created using Cobalt Strike and communicates over HTTPS 
+        Since Cobalt Strike is very well signatured, remind them that they may need to add an exclusion in antivirus and/or web filter 
+    We will look at local privilege escalation, conduct portscans, password sprays, targeted vulnerability scanning (NOT NESSUS), lateral movement opportunities, and escalating to DOMAIN ADMIN privilege.  
+    Ask if they want a focus on any particular assets. for example, an old time logging system, or remote access system. 
+
+Confirm On Prem AD vs NoAD or Azure AD
+
+- [ ] on prem
+- [ ] azure ad
+- [ ] hybrid (no on prem dcs)
+- [ ] hybrid (on prem dcs)
+
+ask about sensitive systems that scanning may crash
+- (system 1)
+- (continue as needed)
+
+ask about secondary objective
+- (object 1)
+- (continue as needed)
+
+ask about emergency contacts
+
+| name | method | contact info |
+| ---- | ------ | ------------ |
+
+
+Ask if they have any questions or concerns 
+- question to follow up on 1 
+- (continue as needed)
+
+Email any follow-up items from the call to the PM 
+

default_notes_templates/internal/todo.md

@@ -0,0 +1,11 @@
+- [ ] local priv esc checks
+- [ ] byosi easily possible?
+- [ ] file enum
+- [ ] bloodhound
+- [ ] any admin?
+- [ ] any rdp?
+- [ ] certify
+- [ ] portscan
+- [ ] sql stuff
+- [ ] passwords in AD description?
+- [ ] password spray

default_notes_templates/phishing/attacks.md

@@ -0,0 +1,5 @@
+# url
+
+## attack1 (sqli for example) 
+
+(notes and screenshots)

default_notes_templates/phishing/findings.md

@@ -0,0 +1,5 @@
+# Finding 1
+
+## url
+
+(notes + screenshots)

default_notes_templates/phishing/general.md

@@ -0,0 +1,9 @@
+# scope
+
+(paste scope from workbook)
+
+---
+
+# PPC
+
+(ppc notes) 

default_notes_templates/vishing/calls.md

@@ -0,0 +1,8 @@
+# date
+
+| name | number | notes |
+| ---- | ------ | ----- |
+
+---
+
+(continue as needed)

default_notes_templates/vishing/findings.md

@@ -0,0 +1,7 @@
+# enumeration findings
+
+---
+
+# Call findings
+
+

default_notes_templates/vishing/general.md

@@ -0,0 +1,60 @@
+# scope
+
+(paste scope from workbook)
+
+---
+
+# ppc
+
+have you been vished before?
+- [ ] yes
+- [ ] no
+
+
+if yes:
+	what was the purpose of that attack? 
+	- [ ] gain a foothold
+	- [ ] get protected data
+	- [ ] steal money
+
+Our vishing tests generally have four main objectives
+
+1. verbial confirmation of information
+2. run commands on the system they're on
+3. go to a specific website
+4. join a screen shareing session with us and grant remote control
+
+This simulates an attacker gaining a foothold on the network via vishing.
+
+Are these objectives what you want to test for?
+
+- [ ] yes
+- [ ] no
+
+custom objectives:
+
+- (continue as needed)
+
+Our default pretext is 3rd party IT
+
+We'll call in claiming to be employees at an IT firm that were brought in to handle some of the basic maintence tasks such as computer inventory and updates.
+
+We'll claim the inventory system had a glitch and that we're calling a few people to verify the information in our spreadsheet is correct.
+
+We'll have the target verify some basic information about their computer and verify any information we can gather via OSINT
+
+We'll then fabricate a reason to believe that our spreadsheet is incorrect and that it would require farther troubleshooting.
+
+We'll ask them to run a few commands and read us the output to confirm this
+
+We'll then offer a zoom call so they can share screen and speed up the troubleshooting process.
+
+Does this pretext sound ok to you?
+
+- [ ] yes
+- [ ] no
+
+Custom pretext:
+
+
+ 

default_notes_templates/vishing/pretext.md

@@ -0,0 +1,38 @@
+# default
+
+Hello I'm (name fill this out) from (it firm fill this out). We were brought in to help your normal IT guys with some of the menial tasks so they can focus on more import improvement projects. As part of this we're making sure our inventory management system is checking in correctly and up to date, this should only take a minute or two. Is now bad time to talk?
+
+Great I just need to confirm that my inventory report here is accurate.
+
+Are you currently running Windows 11?
+
+can you confirm your user name is (metadata username)?
+
+great and your email is (email enumeration finding)?
+
+Your primary browser is firfox?
+
+Oh thats strange it seems our report is wrong then... I don't think our program on your computer is checking in correctly... uhhh I want to make sure you're getting all the windows updates we need to be compliant.
+
+Hold the windows key on your keyboard and press the r button. in the box that opens up type cmd.exe and press enter.
+
+This will open a scary black box, but don't worry I'll walk you through what we need here, it'll be pretty easy.
+
+In that box type systemifo all one word and press enter.
+
+Scroll up through that output and find the section that talks about hotfixes, how many are installed?
+
+That doesn't seem like the right number to me, can you read me the last 3 that are listed there?
+
+yeah you're definitely not getting all of the windows updates. This is going to take a bit of troubleshooting to figure out. Would you mind hopping in a Zoom call with me and sharing your screen so I can check a few things? This should only take a couple of minutes.
+
+(open up the services manager and scroll through it, check some program files folders, and run a few commands in cmd to act like I'm troubleshooting.)
+
+Hmmm everything looks ok on this end. I'm going to do some troubleshooting on the server side and see if we can get to the bottom of this. I don't think we'll need anything else from you to fix this, but if that changes I'll let you know.  Thank you for your time. 
+
+
+---
+
+# custom 
+
+(fill out if needed)

default_notes_templates/webapp/attacks.md

@@ -0,0 +1,5 @@
+# URL
+
+## attack1 (sqli for example)
+
+(notes and screenshots)

default_notes_templates/webapp/findings.md

@@ -0,0 +1,5 @@
+# finding 1
+## URL
+
+(notes + screenshot)
+

default_notes_templates/webapp/general.md

@@ -0,0 +1,9 @@
+# scope
+
+(paste scope from workbook)
+
+---
+
+# PPC 
+
+(PPC notes)