awesome-windows-red-team
A curated list of awesome Windows frameworks, libraries, software and resources for Red Teams
https://github.com/marcosvalle/awesome-windows-red-team
Last synced: 22 days ago
JSON representation
-
Books
- Windows® via C/C++ (Developer Reference) (English Edition)
- Windows Internals, Seventh Edition, Part 1
- Windows Internals, Sixth Edition, Part 1
- Windows Internals, Sixth Edition, Part 2
- How to Hack Like a PORNSTAR: A step by step process for breaking into a BANK
- The Hacker Playbook 3: Practical Guide To Penetration Testing
- Windows Internals, Seventh Edition, Part 1
- Windows Internals, Sixth Edition, Part 1
-
Courses
- Professor Messer's CompTIA SY0-501 Security+ Course
- Penetration Testing with Kali (PWK) Online Security Training Course
- Offensive Security Certified Expert
- Advanced Windows Exploitation: Live Hands-on Penetration Testing Training
- Windows API Exploitation Recipes: Processes, Tokens and Memory RW
- Powershell for Pentesters - Pentester Academy
- WMI Attacks and Defense - Pentester Academy
- Windows Red Team Lab - Pentester Academy
-
System Architecture
-
Active Directory
- ADsecurity.org
- DerbyCon4 - How to Secure and Sys Admin Windows like a Boss
- DEFCON 20: Owned in 60 Seconds: From Network Guest to Windows Domain Admin
- BH2015 - Red Vs. Blue: Modern Active Directory Attacks, Detection, And Protection
- BH2016 - Beyond the Mcse: Active Directory for the Security Professional
- BH2017 - Evading Microsoft ATA for Active Directory Domination
- DEFCON 26 - Exploiting Active Directory Administrator Insecurities
- BH2017 - An ACE Up the Sleeve: Designing Active Directory DACL Backdoors
- DerbyCon7 - Building the DeathStar getting Domain Admin with a push of a button (aka how I almost automated myself out pf a job)
- DerbyCon4 - Abusing Active Directory in Post Exploitation
-
Kerberos
- Protecting Privileged Domain Accounts: Network Authentication In-Depth
- MicroNugget: How Does Kerberos Work?
- MIT 6.858 Fall 2014 Lecture 13: Kerberos
- DerbyCon4 - Et tu Kerberos
- DerbyCon7 - Return From The Underworld The Future Of Red Team Kerberos
- BH2014 - Abusing Microsoft Kerberos: Sorry You Guys Don't Get It
- DerbyCon4 - Attacking Microsoft Kerberos Kicking the Guard Dog of Hades
- Kerberos in the Crosshairs: Golden Tickets, Silver Tickets, MITM, and More
- How Attackers Use Kerberos Silver Tickets to Exploit Systems
- Kerberos (I): How does Kerberos work? – Theory
- Basic attacks on communication protocols – replay and reflection attacks
-
Lsass SAM NTLM GPO
-
WinAPI
-
-
Lateral Movement
-
Pass the Hash
-
Pass the Ticket
-
LLMNR/NBT-NS poisoning
-
-
Privilege Escalation
-
LLMNR/NBT-NS poisoning
- Level Up! Practical Windows Privilege Escalation - Andrew Smith
- Windows Privilege Escalation Presentation
- DEF CON 22 - Kallenberg and Kovah - Extreme Privilege Escalation On Windows 8/UEFI Systems
- DEF CON 25 - Morten Schenk - Taking Windows 10 Kernel Exploitation to the next level
- DerbyCon7 - Not a Security Boundary Bypassing User Account Control
- Windows Kernel Exploits
-
Token Impersonation
-
-
Defense Evasion
-
AV
-
LAPS
-
AppLocker & Application Whitelisting
-
AMSI
-
-
Exfiltration
-
PowerShell
-
AppLocker & Application Whitelisting
- DEF CON 18 - David Kennedy "ReL1K" & Josh Kelley - Powershell...omfg
- DEF CON 22 - Investigating PowerShell Attacks
- DerbyCon2016 - 106 PowerShell Secrets and Tactics Ben0xA
- BH2017 - Revoke-Obfuscation: PowerShell Obfuscation Detection (And Evasion) Using Science
- Daniel Bohannon – Invoke-Obfuscation: PowerShell obFUsk8tion
-
-
Phishing
-
Tools
-
HTA
-
Adversary Emulation
-
Categories
Sub Categories