mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-22 10:53:03 +00:00
10 KiB
10 KiB
Post Exploitation Resources
Lateral movement
- Eventvwr File-less UAC Bypass CNA
- Lateral movement using excel application and dcom
- WSH Injection: A Case Study
- Fileless UAC Bypass using sdclt
- Bypassing AMSI via COM Server Hijacking
- Window 10 Device Guard Bypass
- My First Go with BloodHound
- OPSEC Considerations for beacon commands
- Agentless Post Exploitation
- Windows Access Tokens and Alternate credentials
- PSAmsi - An offensive PowerShell module for interacting with the Anti-Malware Scan Interface in Windows 10
- Lay of the Land with BloodHound
- Bringing the hashes home with reGeorg & Empire
- Intercepting passwords with Empire and winning
- Outlook Home Page – Another Ruler Vector
- Outlook Forms and Shells
- Windows Privilege Escalation Checklist
- A Guide to Configuring Throwback
- Abusing DNSAdmins privilege for escalation in Active Directory
- Using SQL Server for attacking a Forest Trust
- Extending BloodHound for Red Teamers
- Pass hash pass ticket no pain
- process doppelganging
- App Locker ByPass List
- Windows 7 UAC whitelist
- Malicious Application Compatibility Shims,
- Junfeng Zhang from WinSxS dev team blog,
- Beyond good ol' Run key, series of articles,
- KernelMode.Info UACMe thread,
- Command Injection/Elevation - Environment Variables Revisited,
- "Fileless" UAC Bypass Using eventvwr.exe and Registry Hijacking,
- Bypassing UAC on Windows 10 using Disk Cleanup,
- Using IARPUninstallStringLauncher COM interface to bypass UAC,
- Bypassing UAC using App Paths,
- "Fileless" UAC Bypass using sdclt.exe,
- UAC Bypass or story about three escalations,
- Exploiting Environment Variables in Scheduled Tasks for UAC Bypass,
- First entry: Welcome and fileless UAC bypass,
- Reading Your Way Around UAC in 3 parts: Part 1. Part 2. Part 3.
- Research on CMSTP.exe,
- hiding registry keys with psreflect
- a guide to attacking domain trusts
Command and Control
- How to Build a C2 Infrastructure with Digital Ocean – Part 1
- Infrastructure for Ongoing Red Team Operations
- Automated Red Team Infrastructure Deployment with Terraform - Part 1
- 6 RED TEAM INFRASTRUCTURE TIPS
- Red Teaming for Pacific Rim CCDC 2017
- How I Prepared to Red Team at PRCCDC 2015
- Red Teaming for Pacific Rim CCDC 2016
- Randomized Malleable C2 Profiles Made Easy
- Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite - Jeff Dimmock
- High-reputation Redirectors and Domain Fronting
- TOR Fronting – Utilising Hidden Services for Privacy
- Domain Fronting Via Cloudfront Alternate Domains
- The PlugBot: Hardware Botnet Research Project
- Attack Infrastructure Log Aggregation and Monitoring
- Finding Frontable Domain
- Apache2Mod Rewrite Setup
- Empre Domain Fronting
- Domain Hunter
- Migrating Your infrastructure
- Redirecting Cobalt Strike DNS Beacons
- Finding Domain frontable Azure domains - thoth / Fionnbharr (@a_profligate)
- Red Team Insights on HTTPS Domain Fronting Google Hosts Using Cobalt Strike
- Escape and Evasion Egressing Restricted Networks - Tom Steele and Chris Patten
- Command and Control Using Active Directory
- C2 with twitter
- C2 with DNS
- ICMP C2
- C2 with Dropbox
- C2 with https
- C2 with webdav
- C2 with gmail
- “Tasking” Office 365 for Cobalt Strike C2
- Simple domain fronting PoC with GAE C2 server
- Using WebDAV features as a covert channel
- Introducing Merlin — A cross-platform post-exploitation HTTP/2 Command & Control Tool
- InternetExplorer.Application for C2
- C2 WebSocket
- C2 WMI
- C2 Website
- C2 Image
- C2 Javascript
- C2 WebInterface
- Safe Red Team Infrastructure