Red Teaming

MSSQL for Pentester: NetExec

A Detailed Guide on Pwncat

Credential Dumping – Active Directory Reversible Encryption

A Detailed Guide on Chisel

A Detailed Guide on Evil-Winrm

A Detailed Guide on Kerbrute

Windows Privilege Escalation: Server Operator Group

MimiKatz for Pentester: Kerberos

Caldera: Red Team Emulation (Part 1)

Domain Escalation: Unconstrained Delegation

Domain Persistence: Silver Ticket Attack

A Detailed Guide on Rubeus

Process Herpaderping (Mitre:T1055)

A Detailed Guide on HTML Smuggling

Process Doppelganging (Mitre:T1055.013)

Defense Evasion: Process Hollowing (T1055.012)

A Detailed Guide on AMSI Bypass

Windows Persistence: COM Hijacking (MITRE: T1546.015)

Lateral Movement: Remote Services (Mitre:T1021)

Lateral Movement: WebClient Workstation Takeover

Parent PID Spoofing (Mitre:T1134)

Indirect Command Execution: Defense Evasion (T1202)

Domain Escalation: Resource Based Constrained Delegation

Windows Persistence: Shortcut Modification (T1547)

Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints

Domain Persistence: Computer Accounts

Domain Persistence: Golden Certificate Attack

Process Ghosting Attack

Socat for Pentester

Covenant for Pentester: Basics

NTLM Downgrade Attack: Internal Monologue

Active Directory Enumeration: RPCClient

Active Directory Enumeration: BloodHound

Active Directory Enumeration: PowerView

Empire for Pentester: Active Directory Enumeration

Defense Evasion: Windows Event Logging (T1562.002)

Active Directory Pentesting: Lab Setup

Domain Persistence: DSRM

PowerShell Empire for Pentester: Mimikatz Module

Port Forwarding & Tunnelling Cheatsheet

DNScat2: Application Layer C&C

AlienVault: Threat Hunting/Network Analysis

AlienVault: OSSEC (IDS) Deployment

AlienVault: End user Devices Integration-Lab Setup (Part 2)

SIEM Lab Setup: AlienVault

Defense Evasion with obfuscated Empire

Threat Hunting: Velociraptor for Endpoint Monitoring (Part 2)

SIEM: Windows Client Monitoring with Splunk

Data Exfiltration using Linux Binaries

Threat Hunting: Velociraptor for Endpoint Monitoring

Incident Response: Windows Account Logon and logon Events

Incident Response: Windows Account Management Event (Part 2)

Incident Response: Windows Account Management Event (Part 1)

Incident Response- Linux Cheatsheet

Incident Response: Windows Cheatsheet

Defense Evasion: Alternate Data Streams

SIEM: Log Monitoring Lab Setup with Splunk

Threat Intelligence: MISP Lab Setup

Threat Hunting: Log Monitoring Lab Setup with ELK

Defense Evasion: Hide Artifacts

Remote Code Execution Using Impacket

Abusing Kerberos Using Impacket

Kerberoasting and Pass the Ticket Attack Using Linux

WinRM Penetration Testing

Evil-Winrm: Winrm Pentesting Framework

Domain Persistence: DC Shadow Attack

Domain Persistence AdminSDHolder

Abusing Microsoft Outlook 365 to Capture NTLM

Comprehensive Guide on Password Spraying Attack

Lateral Movement: Pass the Ticket Attack

Lateral Movement: Pass the Cache

Lateral Movement: Over Pass the Hash

Lateral Movement: Pass the Hash Attack

Lateral Movement on Active Directory: CrackMapExec

Lateral Movement: WMI

AS-REP Roasting

Deep Dive into Kerberoasting Attack

Domain Controller Backdoor: Skeleton Key

Kerberos Brute Force Attack

Domain Persistence: Golden Ticket Attack

Impacket Guide: SMB/MSRPC

Data Exfiltration using DNSSteal

RDP Session Hijacking with tscon

Credential Dumping: Windows Autologon Password

Credential Dumping: Fake Services

Credential Dumping: Domain Cache Credential

Credential Dumping: LAPS

Credential Dumping: DCSync Attack

Credential Dumping: Clipboard

Credential Dumping: Local Security Authority (LSA|LSASS.EXE)

Credential Dumping: Phishing Windows Credentials

Credential Dumping: NTDS.dit

Credential Dumping: Applications

Credential Dumping: SAM

Credential Dumping: Security Support Provider (SSP)

Credential Dumping: WDigest

Credential Dumping: Windows Credential Manager

Credential Dumping: Group Policy Preferences (GPP)

Credential Dumping: Wireless

Windows Persistence: Port Monitors

Windows Persistence using Netsh

Windows Persistence using Bits Job

Windows Persistence using WinLogon

Windows Persistence: Accessibility Features

Windows Persistence: RID Hijacking

Windows Persistence using Application Shimming

Bypass Detection for Meterpreter Shell (Impersonate_SSL)

Command & Control: PoshC2

A Deep Drive on Proactive Threat Hunting

Threat Hunting – A proactive Method to Identify Hidden Threat

Evil SSDP: Spoofing the SSDP and UPnP Devices

Multiple Ways to Exploit Windows Systems using Macros

Windows for Pentester: BITSAdmin

Windows for Pentester: Certutil

Guide to Red Team Operations

Command and Control & Tunnelling via ICMP

Cloakify-Factory: A Data Exfiltration Tool Uses Text-Based Steganography

Data Exfiltration using PowerShell Empire

Get Meterpreter Session Alert over slack

Covert Channel: The Hidden Network

Command & Control: Ares

Command & Control: WebDav C2

Command & Control: WebSocket C2

Command and Control with DropboxC2

Command & Control: Silenttrinity Post-Exploitation Agent

Command & Control Tool: Pupy

Command and Control Guide to Merlin

nps_payload: An Application Whitelisting Bypass Tool

GreatSct – An Application Whitelist Bypass Tool

Command and Control with HTTP Shell using JSRat

Koadic – COM Command & Control Framework

TrevorC2 – Command and Control

Generate Metasploit Payload with Ps1encode

Bypass Application Whitelisting using Weak Path Rule

Windows Exploitation: cmstp

Windows Exploitation: rundll32.exe

Windows Exploitation: regsvr32

Windows Exploitation: wmic

Windows Exploitation: msbuild

Windows Exploitation: mshta

Windows Exploitation: msiexec.exe

Windows Applocker Policy – A Beginner’s Guide

Comprehensive Guide on MSFPC

Multiple Ways to Exploiting Windows PC using PowerShell Empire

Empire GUI: Graphical Interface to the Empire Post-Exploitation Framework

OSX Exploitation with Powershell Empire

Windows Persistence with PowerShell Empire

Multiple Ways to Exploiting OSX using PowerShell Empire

Hiding IP During Pentest using PowerShell Empire (http_hop)

Hacking with Empire – PowerShell Post-Exploitation Agent