Hacking Articles

Raj Chandel's Blog

Red Teaming

ADCS ESC10 – Weak Certificate Mapping

ADCS ESC9 – No Security Extension

A Detailed Guide on Certipy

ADCS ESC8 – NTLM Relay to AD CS HTTP Endpoints

ADCS ESC7 – Vulnerable Certificate Authority Access Control

ADCS ESC6: EDITF_ATTRIBUTESUBJECTALTNAME2

ADCS ESC5: Vulnerable PKI Object Access Control

ADCS ESC4: Vulnerable Certificate Template Access Control

ADCS ESC3: Enrollment Agent Template

AD Certificate Exploitation: ESC2

AD Certificate Exploitation: ESC1

Sapphire Ticket Attack: Abusing Kerberos Trust

Credential Dumping: GMSA

Shadow Credentials Attack

Abusing AD Weak Permission Pre2K Compatibility

AD Recon: Kerberos Username Bruteforce

Credential Dumping: AD User Comment

Diamond Ticket Attack: Abusing kerberos Trust

Abusing AD-DACL: AddSelf

Active Directory Pentesting Using Netexec Tool: A Complete Guide

Abusing AD-DACL: WriteOwner

Abusing AD-DACL: WriteDacl

Abusing AD-DACL: GenericWrite

Abusing AD-DACL: AllExtendedRights

Abusing AD-DACL: ForceChangePassword

Abusing AD-DACL : Generic ALL Permissions

MSSQL for Pentester: NetExec

A Detailed Guide on Pwncat

Credential Dumping – Active Directory Reversible Encryption

A Detailed Guide on Chisel

A Detailed Guide on Evil-Winrm

A Detailed Guide on Kerbrute

Windows Privilege Escalation: Server Operator Group

MimiKatz for Pentester: Kerberos

Caldera: Red Team Emulation (Part 1)

Domain Escalation: Unconstrained Delegation

Domain Persistence: Silver Ticket Attack

A Detailed Guide on Rubeus

Process Herpaderping (Mitre:T1055)

A Detailed Guide on HTML Smuggling

Process Doppelganging (Mitre:T1055.013)

Defense Evasion: Process Hollowing (T1055.012)

A Detailed Guide on AMSI Bypass

Windows Persistence: COM Hijacking (MITRE: T1546.015)

Lateral Movement: Remote Services (Mitre:T1021)

Lateral Movement: WebClient Workstation Takeover

Parent PID Spoofing (Mitre:T1134)

Indirect Command Execution: Defense Evasion (T1202)

Domain Escalation: Resource Based Constrained Delegation

Windows Persistence: Shortcut Modification (T1547)

Domain Escalation: PetitPotam NTLM Relay to ADCS Endpoints

Domain Persistence: Computer Accounts

Domain Persistence: Golden Certificate Attack

Process Ghosting Attack

Socat for Pentester

Covenant for Pentester: Basics

NTLM Downgrade Attack: Internal Monologue

Active Directory Enumeration: RPCClient

Active Directory Enumeration: BloodHound

Active Directory Enumeration: PowerView

Empire for Pentester: Active Directory Enumeration

Defense Evasion: Windows Event Logging (T1562.002)

Active Directory Pentesting: Lab Setup

Domain Persistence: DSRM

PowerShell Empire for Pentester: Mimikatz Module

Port Forwarding & Tunnelling Cheatsheet

DNScat2: Application Layer C&C

AlienVault: Threat Hunting/Network Analysis

AlienVault: OSSEC (IDS) Deployment

AlienVault: End user Devices Integration-Lab Setup (Part 2)

SIEM Lab Setup: AlienVault

Defense Evasion with obfuscated Empire

Threat Hunting: Velociraptor for Endpoint Monitoring (Part 2)

SIEM: Windows Client Monitoring with Splunk

Data Exfiltration using Linux Binaries

Threat Hunting: Velociraptor for Endpoint Monitoring

Incident Response: Windows Account Logon and logon Events

Incident Response: Windows Account Management Event (Part 2)

Incident Response: Windows Account Management Event (Part 1)

Incident Response- Linux Cheatsheet

Incident Response: Windows Cheatsheet

Defense Evasion: Alternate Data Streams

SIEM: Log Monitoring Lab Setup with Splunk

Threat Intelligence: MISP Lab Setup

Threat Hunting: Log Monitoring Lab Setup with ELK

Defense Evasion: Hide Artifacts

Remote Code Execution Using Impacket

Abusing Kerberos Using Impacket

Kerberoasting and Pass the Ticket Attack Using Linux

WinRM Penetration Testing

Evil-Winrm: Winrm Pentesting Framework

Domain Persistence: DC Shadow Attack

Domain Persistence AdminSDHolder

Abusing Microsoft Outlook 365 to Capture NTLM

Comprehensive Guide on Password Spraying Attack

Lateral Movement: Pass the Ticket Attack

Lateral Movement: Pass the Cache

Lateral Movement: Over Pass the Hash

Lateral Movement: Pass the Hash Attack

Lateral Movement on Active Directory: CrackMapExec

Lateral Movement: WMI

AS-REP Roasting

Deep Dive into Kerberoasting Attack

Domain Controller Backdoor: Skeleton Key

Kerberos Brute Force Attack

Domain Persistence: Golden Ticket Attack

Impacket Guide: SMB/MSRPC

Data Exfiltration using DNSSteal

RDP Session Hijacking with tscon

Credential Dumping: Windows Autologon Password

Credential Dumping: Fake Services

Credential Dumping: Domain Cache Credential

Credential Dumping: LAPS

Credential Dumping: DCSync Attack

Credential Dumping: Clipboard

Credential Dumping: Local Security Authority (LSA|LSASS.EXE)

Credential Dumping: Phishing Windows Credentials

Credential Dumping: NTDS.dit

Credential Dumping: Applications

Credential Dumping: SAM

Credential Dumping: Security Support Provider (SSP)

Credential Dumping: WDigest

Credential Dumping: Windows Credential Manager

Credential Dumping: Group Policy Preferences (GPP)

Credential Dumping: Wireless

Windows Persistence: Port Monitors

Windows Persistence using Netsh

Windows Persistence using Bits Job

Windows Persistence using WinLogon

Windows Persistence: Accessibility Features

Windows Persistence: RID Hijacking

Windows Persistence using Application Shimming

Bypass Detection for Meterpreter Shell (Impersonate_SSL)

Command & Control: PoshC2

A Deep Drive on Proactive Threat Hunting

Threat Hunting – A proactive Method to Identify Hidden Threat

Evil SSDP: Spoofing the SSDP and UPnP Devices

Multiple Ways to Exploit Windows Systems using Macros

Windows for Pentester: BITSAdmin

Windows for Pentester: Certutil

Guide to Red Team Operations

Command and Control & Tunnelling via ICMP

Cloakify-Factory: A Data Exfiltration Tool Uses Text-Based Steganography

Data Exfiltration using PowerShell Empire

Get Meterpreter Session Alert over slack

Covert Channel: The Hidden Network

Command & Control: Ares

Command & Control: WebDav C2

Command & Control: WebSocket C2

Command and Control with DropboxC2

Command & Control: Silenttrinity Post-Exploitation Agent

Command & Control Tool: Pupy

Command and Control Guide to Merlin

nps_payload: An Application Whitelisting Bypass Tool

GreatSct – An Application Whitelist Bypass Tool

Command and Control with HTTP Shell using JSRat

Koadic – COM Command & Control Framework

TrevorC2 – Command and Control

Generate Metasploit Payload with Ps1encode

Bypass Application Whitelisting using Weak Path Rule

Windows Exploitation: cmstp

Windows Exploitation: rundll32.exe

Windows Exploitation: regsvr32

Windows Exploitation: wmic

Windows Exploitation: msbuild

Windows Exploitation: mshta

Windows Exploitation: msiexec.exe

Windows Applocker Policy – A Beginner’s Guide

Comprehensive Guide on MSFPC

Multiple Ways to Exploiting Windows PC using PowerShell Empire

Empire GUI: Graphical Interface to the Empire Post-Exploitation Framework

OSX Exploitation with Powershell Empire

Windows Persistence with PowerShell Empire

Multiple Ways to Exploiting OSX using PowerShell Empire

Hiding IP During Pentest using PowerShell Empire (http_hop)

Hacking with Empire – PowerShell Post-Exploitation Agent

3 thoughts on “Red Teaming”

ab says:

April 8, 2021 at 4:32 am

Hi.

Can you write how to use Sqlmap for login in DVWA?
I know admin:password, but how get that with sqlmap?

Thanks.

Reply
1. safefox says:
  
  September 14, 2021 at 2:29 am
  
  Use the SQL exercise to get the password hash using sqlmap
  
  Reply
Sahil More says:

June 16, 2024 at 7:13 pm

Can you please make categories in even red team category like active directory, enmurataion,tool sub category so it will be easy to access

Reply

Leave a Reply Cancel reply