Tag Explorer

タグエクスプローラー

acl-abuse (2) active-directory (46) adcs (10) aggressor-script (2) alwaysinstallelevated (4) apache (100) as-rep-roasting (6) asrep-roasting (4) autorun (2) beacon (2) beginner (2) bloodhound (8) blue-team (6) brute-force (24) buffer-overflow (2) c2 (4) capabilities (2) career (6) certificate (1) certificate-services (1) certification (6) certipy (6) cheatsheet (10) chisel (4) cjca (2) clamav (2) cmd (2) cobalt-strike (2) cockpit (2) command-injection (4) constrained-delegation (2) cpts (2) credential-dumping (2) credential-harvesting (2) credential-hunting (1) cron (60) csrf (12) cve-2003-1418 (2) cve-2008-4250 (2) cve-2011-1249 (2) cve-2015-6967 (2) cve-2015-7611 (2) cve-2016-5195 (4) cve-2016-5734 (2) cve-2017-0143 (2) cve-2017-1000028 (2) cve-2017-16995 (2) cve-2018-15745 (2) cve-2018-19422 (2) cve-2019-12181 (2) cve-2019-7214 (2) cve-2020-10199 (2) cve-2020-7247 (2) cve-2021-29447 (2) cve-2021-3129 (2) cve-2021-4034 (2) cve-2021-43798 (2) cve-2021-43857 (2) cve-2021-44967 (2) cve-2022-23940 (2) cve-2022-26134 (2) cve-2022-3552 (2) cve-2022-35914 (4) cve-2022-44268 (2) cve-2022-4510 (2) cve-2023-26469 (2) cve-2023-27163 (4) cve-2023-32315 (2) cve-2023-34152 (2) cve-2023-37466 (2) cve-2023-6019 (2) cve-2024-27115 (2) cve-2024-27697 (2) cve-2024-32019 (2) cve-2025-24893 (2) cypher (2) dcsync (4) delegation (1) deserialization (4) devsecops (4) dictionary-attack (74) dirb (8) dll-hijacking (4) dll-injection (2) docker (4) email-attack (2) enum4linux (12) eternalblue (2) evasion (2) evil-winrm (18) extplorer (2) feroxbuster (72) ffuf (32) file-inclusion (1) file-upload (16) ftp (46) git-dump (6) gitlab (2) glpi (2) gmsa (2) gobuster (6) golden-ticket (4) gpp-decrypt (4) gtfobins (4) hackthebox (48) hash-cracking (50) hashcat (18) htb (6) html-smuggling (2) hydra (22) iis (20) imagemagick (6) impacket (13) initial-access (1) japan (1) jenkins (4) joomla (4) joomscan (4) jorani (2) kerberoasting (18) kerberos (13) kerbrute (10) kernel-exploit (20) laps (2) laravel (2) lateral-movement (6) ldap (2) ldap-enum (4) lfi (9) ligolo (2) ligolo-mp (2) ligolo-ng (2) linpeas (8) linux (162) linux-capabilities (14) llmnr-poisoning (10) log-poisoning (2) lsass (2) lxd (2) lxd-escape (2) macro (2) medusa (2) metasploit (16) mimikatz (6) misp (2) ms17-010 (2) msfvenom (10) mssql (8) mysql (50) netexec (16) nfs (2) nginx (16) nikto (18) ntds-dit (4) ntlm (2) nxc (2) offsec (2) onsen (1) opencti (2) openfire (2) oscp (165) osep (2) osint (2) overpass-the-hash (2) pass-the-hash (12) pass-the-ticket (6) password-spraying (6) path-traversal (8) pen-200 (2) pentest (241) phishing (2) phpmyadmin (12) pivoting (6) pkinit (2) post-exploitation (12) postgresql (4) potato (6) potato-attack (4) powershell (2) privilege-escalation (202) process-injection (2) proftpd (2) proving-grounds (128) psexec (4) pspy (10) rbcd (6) rce (3) rdp (20) red-team (4) redis (4) redteam (2) reflective-dll (2) registry (2) relay (2) report (2) responder (10) reverse-shell (48) rfi (2) rpc-enum (12) rubeus (2) samaccountname-spoofing (4) samba (20) searchsploit (24) secretsdump (6) seimpersonate (4) seimpersonateprivilege (2) service-misconfig (4) sgid (2) sharphound (2) siem (2) silver-ticket (2) smb (50) smb-enum (36) smtp (2) soc (4) sql-injection (10) sqli (2) sqlmap (8) ssh (136) ssrf (4) ssti (2) stix (2) sudo (88) suid (204) sysvol (10) threat-intelligence (4) token-abuse (2) tomcat (4) travel (1) tryhackme (80) tunneling (2) unquoted-service-path (4) vsftpd (22) web (152) webdav (2) webshell (10) whatweb (6) whoami (2) windows (109) winpeas (2) winrm (34) wmi (2) wordpress (36) wpscan (24) xmpp (2) xss (6) xxe (6) 旅行 (1) 日本 (1) 温泉 (1)

---

Attack Trends Overview

The following charts are generated from post front matter across 248 writeups (Linux: 158, Windows: 90). Each writeup is classified into a single primary intrusion category by priority order.

攻撃トレンド概観

以下のチャートは 248 件の Writeup（Linux: 158、Windows: 90）のフロントマターから自動生成しています。各 Writeup は優先順位に基づき主たる初期侵入カテゴリ 1 つに分類しています。

1. Initial Intrusion Path (All)

1. 初期侵入経路（全体）

pie showData title Initial intrusion vectors — all writeups
  "Known CVE Exploit" : 70
  "AD / Kerberos Attack" : 28
  "SQL Injection" : 10
  "File Upload / Webshell" : 12
  "LFI / Path Traversal" : 4
  "Code / Template / Cmd Injection" : 2
  "CMS Exploit (WP / Joomla)" : 34
  "Brute-force / Default Creds" : 22
  "Service Misconfiguration" : 34
  "Other" : 32

Classification priority (first match wins): AD/Kerberos → Known CVE → SQLi → File Upload → LFI → Code Injection → CMS → Brute-force → Misconfig → Other. This reflects the most distinctive vulnerability used to achieve initial foothold, not every technique applied.

分類優先度（最初にマッチしたものを採用）: AD/Kerberos → 既知 CVE → SQLi → ファイルアップロード → LFI → コードインジェクション → CMS → ブルートフォース → 設定不備 → その他。初期足場確立に用いた最も特徴的な脆弱性を採用しており、適用された全テクニックを網羅するものではありません。

2. Initial Intrusion Path — Linux (158 writeups)

2. 初期侵入経路 — Linux（158 件）

pie showData title Linux initial intrusion vectors
  "Known CVE Exploit" : 58
  "SQL Injection" : 8
  "File Upload / Webshell" : 8
  "LFI / Path Traversal" : 4
  "Code / Template / Cmd Injection" : 2
  "CMS Exploit (WP / Joomla)" : 24
  "Brute-force / Default Creds" : 18
  "Service Misconfiguration" : 10
  "Other" : 26

3. Initial Intrusion Path — Windows (90 writeups)

3. 初期侵入経路 — Windows（90 件）

pie showData title Windows initial intrusion vectors
  "Known CVE Exploit" : 12
  "AD / Kerberos Attack" : 28
  "SQL Injection" : 2
  "File Upload / Webshell" : 4
  "LFI / Path Traversal" : 0
  "Code / Template / Cmd Injection" : 0
  "CMS Exploit (WP / Joomla)" : 10
  "Brute-force / Default Creds" : 4
  "Service Misconfiguration" : 24
  "Other" : 6

4. Privilege Escalation — Linux (158 writeups)

4. 権限昇格 — Linux（158 件）

pie showData title Linux privilege escalation primitives
  "SUID / SGID (GTFOBins)" : 70
  "sudo policy abuse" : 26
  "Linux capabilities" : 0
  "Cron / systemd timer" : 46
  "Kernel exploit (Dirty Pipe/Cow)" : 14
  "Credential / SSH key reuse" : 0
  "PATH / library / writable file" : 0
  "Other / Generic" : 2

Linux priority (first match wins): Kernel → capabilities → cron/systemd → PATH/library/writable file → credential / SSH key reuse → sudo → SUID → other.

Linux 優先度（最初にマッチしたものを採用）: カーネル → capabilities → cron/systemd → PATH/ライブラリ/書き込み可ファイル → 認証情報 / SSH 鍵流用 → sudo → SUID → その他。

5. Privilege Escalation — Windows (90 writeups)

5. 権限昇格 — Windows（90 件）

pie showData title Windows privilege escalation primitives
  "AD ACL / Kerberos / ADCS / Delegation" : 30
  "Token impersonation (Potato)" : 6
  "Service / AlwaysInstallElevated" : 4
  "DLL hijacking / sideloading" : 0
  "UAC bypass" : 0
  "Kernel / PrintNightmare / Zerologon" : 2
  "Credential dumping (LSASS/SAM/NTDS)" : 14
  "Other / Generic" : 34

Windows priority (first match wins): AD ACL/Kerberos/ADCS → Credential dumping (LSASS/SAM/NTDS) → Token impersonation → Service/MSI abuse → DLL hijack → UAC bypass → Kernel exploit → other.

Windows 優先度（最初にマッチしたものを採用）: AD ACL / Kerberos / ADCS → 認証情報ダンプ（LSASS/SAM/NTDS）→ トークン偽装 → サービス / MSI 悪用 → DLL ハイジャック → UAC バイパス → カーネル exploit → その他。

6. Technique Signal Snapshot

| Technique Signal | Posts | | :— | —: | | cve-* (any CVE) | 72 | | suid | 200 | | sudo | 86 | | web | 152 | | file-upload | 14 | | sql-injection / sqli | 10 | | kerberoasting | 12 | | rce | 0 | | Total Writeups | 248 | | Linux Writeups | 158 | | Windows Writeups | 90 |

6. テクニックシグナル一覧

| テクニックシグナル | 記事数 | | :— | —: | | cve-*（任意 CVE） | 72 | | suid | 200 | | sudo | 86 | | web | 152 | | file-upload | 14 | | sql-injection / sqli | 10 | | kerberoasting | 12 | | rce | 0 | | Writeup 総数 | 248 | | Linux Writeup | 158 | | Windows Writeup | 90 |