started work on writing the tool, its not quite ready yet, but we're

getting close.

default_notes_templates/internal/attacks.md

@@ -0,0 +1,94 @@
+Got Persistence via (schtasks, bat schtasks, startup folder)
+(screenshot)
+
+---
+
+(link important info in initialenum.md here)
+
+---
+
+# powerup.ps1/sharpup.exe notes.
+
+(screenshot)
+
+---
+
+# kerberoast notes
+
+- [ ] worked via rubeus
+- [ ] worked via encrypted rubeus
+- [ ] worked via netexec
+
+
+(screenshot)
+
+---
+
+# password spray notes
+
+worked via (exeasm nefariousspray | inline nefarious spray | powershell tool | other tool)
+
+- [ ] useraspass
+- [ ] Seasonyear!
+- [ ] Service123!
+- [ ] admin
+- [ ] Admin
+- [ ] Admin123!
+- [ ] admin123
+- [ ] admin1
+- [ ] 1234567
+- [ ] Seasonyear
+- [ ] seasonyear!
+- [ ] seasonyear
+- [ ] COMPANYYEAR!
+- [ ] COMPANYYEAR
+- [ ] November2024!
+- [ ] September2024!
+- [ ] October2024!
+- [ ] COMPANYfoundingyear!
+- [ ] COMPANYfoundingyear
+- [ ] COMPANYstreetnumber!
+- [ ] COMPANYstreetnumber
+- [ ] Password
+- [ ] P@ssw0rd
+- [ ] Password1!
+- [ ] Password123!
+- [ ] Passwordyear!
+- [ ] P@55w0rd
+- [ ] Service
+- [ ] Service!
+- [ ] Serviceyear!
+
+---
+
+# bloodhound notes
+
+- [ ] worked via exeasm sharphound
+- [ ] worked via inline sharphound
+- [ ] worked via encrypted sharphound
+- [ ] worked via rusthound
+
+(notes about intial lateral movement paths)
+
+(screenshot)
+
+---
+
+# portscan notes
+
+- [ ] gathered via cobalt strike portscan
+- [ ] host enumeration via cmd
+- [ ] gathered via powershell
+- [ ] gathered via nmap
+- [ ] gathered via other tool (specify here)
+
+(screenshot)
+
+SSH count: 
+FTP count:
+RDP count:
+MSSQL count:
+mysql count:
+(continue as needed)
+
+---

default_notes_templates/internal/cleanup.md

@@ -0,0 +1,2 @@
+- [ ] Breach machine C-temp-fr
+- [ ] (continue to add as needed

default_notes_templates/internal/findings.md

@@ -0,0 +1,10 @@
+# normal findings
+
+
+---
+
+# data exfil
+
+## starting user name (fill this out)
+
+## other user (or domain admin) (fill this out) 

default_notes_templates/internal/general.md

@@ -0,0 +1,50 @@
+# Scope
+
+(past in scope from workbook excel sheet
+
+---
+
+# PPC
+
+
+Introductions 
+    Let them know that their primary contact will be the PM and there should be 
+
+Go over general attack strategy/procedure. 
+    We will get a beacon payload by the time the test starts 
+        The beacon payload should be executed on a domain joined windows system. 
+            If the system is not domain joined/no domain - let Seth know as this modifies the standard beacon 
+        Select a user based on a department/role that they would like tested (Marketing, Sales, HR, IT) 
+            This can be a test system with a cloned user, but then we don't get keylogging or screen grabs 
+        The beacon is created using Cobalt Strike and communicates over HTTPS 
+        Since Cobalt Strike is very well signatured, remind them that they may need to add an exclusion in antivirus and/or web filter 
+    We will look at local privilege escalation, conduct portscans, password sprays, targeted vulnerability scanning (NOT NESSUS), lateral movement opportunities, and escalating to DOMAIN ADMIN privilege.  
+    Ask if they want a focus on any particular assets. for example, an old time logging system, or remote access system. 
+
+Confirm On Prem AD vs NoAD or Azure AD
+
+- [ ] on prem
+- [ ] azure ad
+- [ ] hybrid (no on prem dcs)
+- [ ] hybrid (on prem dcs)
+
+ask about sensitive systems that scanning may crash
+- (system 1)
+- (continue as needed)
+
+ask about secondary objective
+- (object 1)
+- (continue as needed)
+
+ask about emergency contacts
+
+| name | method | contact info |
+| ---- | ------ | ------------ |
+
+
+Ask if they have any questions or concerns 
+- question to follow up on 1 
+- (continue as needed)
+
+Email any follow-up items from the call to the PM 
+

default_notes_templates/internal/todo.md

@@ -0,0 +1,11 @@
+- [ ] local priv esc checks
+- [ ] byosi easily possible?
+- [ ] file enum
+- [ ] bloodhound
+- [ ] any admin?
+- [ ] any rdp?
+- [ ] certify
+- [ ] portscan
+- [ ] sql stuff
+- [ ] passwords in AD description?
+- [ ] password spray