// the find
swisskyrepo/InternalAllTheThings
Active Directory and Internal Pentest Cheatsheets
A sprawling cheatsheet covering Active Directory attacks, internal network pentesting, cloud environments (AWS, Azure), C2 frameworks, and evasion techniques. It's the companion to swisskyrepo's PayloadsAllTheThings, focused on post-initial-access internal work rather than web vulns. Audience is pentester or red teamer who already knows the basics and needs command syntax fast.
Coverage of AD certificate services (ADCS) ESC1–ESC15 is unusually thorough — most cheatsheets stop at ESC8. The cloud sections cover Azure AD Connect attacks and DevOps CI/CD secrets enumeration, which are actually relevant to modern engagements. MkDocs with a web version means you can search it without scrolling Markdown. Active contributor base with recent pushes keeps content from going stale the way most cheatsheets do.
It's a reference, not a tutorial — if you don't already know what Kerberoasting or RBCD delegation means, the cheat sheet won't teach you. The MSSQL section covers command execution but nothing about modern SQL Server 2019+ hardening or Entra-joined SQL, so the advice has a 2018 feel in spots. No indication of which techniques are detected by default EDR configs, which is the most operationally relevant question a practitioner has. The evasion pages (AMSI bypass, EDR bypass) go stale fast and there's no versioning or date stamp to tell you if a bypass is still live or was patched.