Red Teaming

Credential Dumping: DCSync Attack

Abusing Microsoft Outlook 365 to Capture NTLM

Comprehensive Guide on Password Spraying Attack

Lateral Movement: Pass the Cache

Lateral Movement: Over Pass the Hash

Lateral Movement: Pass the Hash Attack

AS-REP Roasting

Deep Dive into Kerberoasting Attack

Domain Controller Backdoor: Skeleton Key

Kerberos Brute Force Attack

Domain Persistence: Golden Ticket Attack

Lateral Moment on Active Directory: CrackMapExec

Impacket Guide: SMB/MSRPC

Lateral Movement: WMI

Data Exfiltration using DNSSteal

RDP Session Hijacking with tscon

Credential Dumping: Clipboard

Credential Dumping: Local Security Authority (LSA|LSASS.EXE)

Credential Dumping: Phishing Windows Credentials

Credential Dumping: NTDS.dit

Credential Dumping: Applications

Credential Dumping: SAM

Credential Dumping: Security Support Provider (SSP)

Credential Dumping: WDigest

Credential Dumping: Windows Credential Manager

Credential Dumping: Group Policy Preferences (GPP)

Credential Dumping: Wireless

Windows Persistence using Netsh

Windows Persistence using Bits Job

Windows Persistence using WinLogon

Bypass Detection for Meterpreter Shell (Impersonate_SSL)

Persistence: Accessibility Features

Persistence: RID Hijacking

Command & Control: PoshC2

A Deep Drive on Proactive Threat Hunting

Threat Hunting – A proactive Method to Identify Hidden Threat

Evil SSDP: Spoofing the SSDP and UPnP Devices

Windows Persistence using Application Shimming

Multiple Ways to Exploit Windows Systems using Macros

Windows for Pentester: BITSAdmin

Windows for Pentester: Certutil

Guide to Red Team Operations

Command and Control & Tunnelling via ICMP

Cloakify-Factory: A Data Exfiltration Tool Uses Text-Based Steganography

Data Exfiltration using PowerShell Empire

Get Meterpreter Session Alert over slack

Covert Channel: The Hidden Network

Command & Control: Ares

Command & Control: WebDav C2

Command & Control: WebSocket C2

Command and Control with DropboxC2

dnscat2: Command and Control over the DNS

Command & Control: Silenttrinity Post-Exploitation Agent

Command & Control Tool: Pupy

Command and Control Guide to Merlin

nps_payload: An Application Whitelisting Bypass Tool

GreatSct – An Application Whitelist Bypass Tool

Command and Control with HTTP Shell using JSRat

Koadic – COM Command & Control Framework

TrevorC2 – Command and Control

Generate Metasploit Payload with Ps1encode

Bypass Application Whitelisting using Weak Path Rule

Bypass Application Whitelisting using cmstp

Bypass Application Whitelisting using rundll32.exe (Multiple Methods)

Bypass Application Whitelisting using regsrv32.exe (Multiple Methods)

Bypass Application Whitelisting using wmic.exe (Multiple Methods)

Bypass Application Whitelisting using msbuild.exe (Multiple Methods)

Bypass Application Whitelisting using mshta.exe (Multiple Methods)

Bypass Application Whitelisting using msiexec.exe (Multiple Methods)

Windows Applocker Policy – A Beginner’s Guide

Comprehensive Guide on MSFPC

Multiple Ways to Exploiting Windows PC using PowerShell Empire

Empire GUI: Graphical Interface to the Empire Post-Exploitation Framework

OSX Exploitation with Powershell Empire

Windows Persistence with PowerShell Empire

Multiple Ways to Exploiting OSX using PowerShell Empire

Hiding IP During Pentest using PowerShell Empire (http_hop)

Hacking with Empire – PowerShell Post-Exploitation Agent