RedTeam-Articles
some interesting articles about redteam
- A Beginner’s Guide to Windows Shellcode Execution Techniques
- 反转shellcode绕过AV
- Lab Building Guide: Virtual Active Directory
- https://rcoil.me/
- 腾讯蓝军-红蓝对抗之Windows内网渗透
- 腾讯蓝军-红蓝对抗之Linux内网渗透
- https://www.harmj0y.net/blog/redteaming/operational-guidance-for-offensive-user-dpapi-abuse/
- https://www.thehacker.recipes/
- PayloadsAllTheThings
- https://www.hub.trimarcsecurity.com/post/securing-active-directory-performing-an-active-directory-security-review
- 不一样的渗透测试
- 渗透测试典型案例
- 微软不认的“0day”之域内本地提权-烂番茄(Rotten Tomato) --
待复现复现成功 - https://wald0.com/?p=179 GPO工作原理以及利用方式
- web.config利用
- https://www.anquanke.com/subject/id/193604 windows协议基础原理,讲的非常好
- https://www.mdsec.co.uk/2020/11/a-fresh-outlook-on-mail-based-persistence/ 通过outlook进行权限维持
- https://xz.aliyun.com/t/7534 mssql数据库利用
- https://jb05s.github.io/Attacking-Windows-Lateral-Movement-with-Impacket/ impacket横向原理
- Tactics, Techniques and Procedures (TTPs) Utilized by FireEye’s Red Team Tools
- alternative-ways-to-pass-the-hash-pth
- cve-2020-17049-kerberos-bronze-bit-attack
- MSSQL GetShell方法
- 红队视角看 Sunburst 后门中的 TTPs
- hunting-com-objects
- 抓取HASH的10001种方法
- Use msxsl to bypass AppLocker
- AMSI_bypass
- Netwrix Account Lockout Examiner 4.1 Disclosure Vulnerability
- VSTO: The Payload Installer That Probably Defeats Your Application Whitelisting Rules
- stealth-outlook-persistence VSTO权限维持
- Part I: The Fundamentals of Windows Named Pipes
- ebookBypassingAVsByCsharpProgramming
- windows 计划任务隐藏新姿势分享
- A tale of EDR bypass methods
- Relay-attacks-via-Cobalt-Strike-beacons 理解下链路和流量走向
- Netwrix Account Lockout Examiner 4.1 Disclosure Vulnerability
- New LSASS Dumping Method via SilentProcessExit (undetected by many EDRs! Uses Windows WerFault.exe to dump from crashed programs automatically by forcing LSASS to crash and using WerFault to dump it
- The Lone Sharepoint pentest sharepoint
- 红蓝对抗中的云原生漏洞挖掘及利用实录
- Windows & Active Directory Exploitation Cheat Sheet and Command Reference
- The most common on premises vulnerabilities & misconfigurations _ S3cur3Th1sSh1t
- MSSQL 数据库攻击实战指北—防守方攻略
- Do You Really Know About LSA Protection (RunAsPPL)?
- Silver and Golden Tickets for Pentesters
- ADExplorer on Engagements
- Exporting ADFS certificates revisited: Tactics, Techniques and Procedures - 待读
- Remote Potato – From Domain User to Enterprise Admin
- dumping-plaintext-rdp-credentials-from-svchost-exe
- domain trusts series
- a guide to attacking domain trusts
- Active Directory forest trusts part 1 - How does SID filtering work?
- Active Directory forest trusts part 2 - Trust transitivity and finding a trust bypass --- to read
- CVE-2021-36934 win10 affected and need shadowcopy
- windows-command-line-obfuscation
- fantastic-windows-logon-types-and-where-to-find-credentials-in-them
- an-introduction-to-manual-active-directory-querying-with-dsquery-and-ldapsearch dsquery and ldapsearch
- AZURE AD INTRODUCTION FOR RED TEAMERS
- Kerberoast with OpSec
- The Kerberos Key List Attack: The return of the Read Only Domain Controllers
- Reliable Username Enumeration: A step-by-step guide
- Password spraying and MFA bypasses in the modern security landscape
- Red Team Techniques for Evading, Bypassing, and Disabling MS Advanced Threat Protection and Advanced Threat Analytics
- Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923)
- red-team-blog-cve-2022-28219
- diving into pre-created computer accounts
- Groovy Template Engine Exploitation – Notes from a real case scenario
- Practical guide for Golden SAML
- Undermining Microsoft Teams Security by Mining Tokens
- I WANNA GO FAST, REALLY FAST, LIKE (KERBEROS) FAST
- The Attackers Guide to Azure AD Conditional Access
- o365blog.com Good place to learn AAD
- Skidaddle Skideldi - I just pwnd your PKI About ADCS ,to read
- Decrypt “encrypted stub data” in Wireshark
- A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
- Azure Active Directory – Security Overview
- One shell to HANDLE them all
- Abusing Windows’ tokens to compromise Active Directory without touching LSASS
- Zoho Password Manager Pro Post EXP
- Untangling Azure Active Directory Principals & Access Permissions
- Untangling Azure Active Directory Permissions II: Privileged Access
- A DIVE INTO MICROSOFT DEFENDER FOR IDENTITY - [PDF HERE]
- 06 - BruCON 0x0E - 0wn-premises: Bypassing Microsoft Defender for Identity - Nikhil Mittal
- Passwordless Persistence and Privilege Escalation in Azure
- Digging into Azure AD Certificate-Based Authentication