Red Teaming Experiments
linkedin
github
@kondencuotas
About /?
Pinned posts
Pentesting Cheatsheets
Powershell Payload Delivery via DNS using Invoke-PowerCloud
Masquerading Processes in Userland via _PEB
Active Directory / Kerberos Abuse
offensive security
T1055: Process Injection
Phishing with MS Office
Password Spraying Outlook Web Access: Remote Shell
Dump GAL from OWA
T1003: Credential Dumping
T1134: Primary Access Token Manipulation
AV Bypass with Metasploit Templates and Custom Binaries
Evading Windows Defender with 1 Byte Change
Using MSBuild to Execute Shellcode in C#
Cobalt Strike 101
Red Team Infrastructure
HTTP Forwarders / Relays
SMTP Forwarders / Relays
Automating Red Team Infrastructure with Terraform
File Smuggling with HTML and JavaScript
Commandline Obfusaction
T1027: Obfuscated Powershell Invocations
SSH Tunnelling / Port Forwarding
T1117: regsvr32
Application Whitelisting Bypass with WMIC and XSL
T1187: Forced Authentication
T1099: Timestomping
T1196: Control Panel Item
T1170: MSHTA
T1191: CMSTP
T1118: InstallUtil
T1053: Schtask
T1214: Credentials in Registry
T1028: WinRM for Lateral Movement
T1047: WMI for Lateral Movement
T1035: Service Execution
T1216: pubprn.vbs Signed Script Code Execution
T1138: Application Shimming
T1015: Sticky Keys
T1131: Authentication Packages
T1136: Create Account
T1197: BITS Jobs
T1122: COM Hijacking
T1038: DLL Hijacking
T1158: Hidden Files
T1128: NetSh Helper DLL
T1013: AddMonitor()
T1108: WebShells
T1051: Shared Webroot
T1198: SIP & Trust Provider Hijacking
T1180: Screensaver Hijack
T1209: Hijacking Time Providers
T1084: Abusing Windows Managent Instrumentation
T1076: RDP Hijacking for Lateral Movement with tscon
T1140: Encode/Decode Data with Certutil
Downloading Files with Certutil
T1183: Image File Execution Options Injection
T1202: Forfiles Indirect Command Execution
T1130: Installing Root Certificate
T1096: Alternate Data Streams
T1045: Packed Binaries
T1174: Password Filter
T1010: Application Window Discovery
T1087: Account Discovery & Enumeration
T1175: Lateral Movement via DCOM
Powershell Empire 101
Powershell Constrained Language Mode ByPass
Powershell Without Powershell.exe
Detecting Sysmon on the Victim Host
Unloading Sysmon Driver
WMI + MSI Lateral Movement
WMI + NewScheduledTaskAction Lateral Movement
WMI + PowerShell Desired State Configuration Lateral Movement
Empire Shells with NetNLTMv2 Relaying
Simple TCP Relaying with NetCat
Lateral Movement via SMB Relaying
Parsing PE File Headers with C++
Phishing with GoPhish and DigitalOcean
Windows NamedPipes 101 + Privilege Escalation
Spiderfoot 101 with Kali using Docker
Memory Forensics
Exploring Injected Threads
Process Environment Block
Dump Virtual Box Memory
CTFs / Walkthroughs
Reversing Password Checking Routine
Red Team Infrastructure
Here are the articles in this section:
HTTP Forwarders / Relays
Concealing attacking hosts through with redirectors/traffic forwarders using iptables or socat
SMTP Forwarders / Relays
SMTP Redirector + Stripping Email Headers
Automating Red Team Infrastructure with Terraform
offensive security - Previous
Cobalt Strike 101
Next
HTTP Forwarders / Relays
Last updated
3 months ago
