Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
Awesome-Red-Teaming
List of Awesome Red Teaming Resources
https://github.com/yeyintminthuhtut/Awesome-Red-Teaming
Last synced: about 13 hours ago
JSON representation
-
[↑](#table-of-contents) Initial Access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Bash Bunny
- USB Drop Attacks: The Danger of “Lost And Found” Thumb Drives
- Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter - Defcon 24
- Cobalt Strike - Spear Phishing documentation
- Cobalt Strike Blog - What's the go-to phishing technique or exploit?
- Spear phishing with Cobalt Strike - Raphael Mudge
- EMAIL RECONNAISSANCE AND PHISHING TEMPLATE GENERATION MADE SIMPLE
- Phishing for access
- Excel macros with PowerShell
- PowerPoint and Custom Actions
- Macro-less Code Exec in MSWord
- Multi-Platform Macro Phishing Payloads
- The PlugBot: Hardware Botnet Research Project
- Luckystrike: An Evil Office Document Generator
- Macroless DOC malware that avoids detection with Yara rule
- 7 Best social Engineering attack
- Using Social Engineering Tactics For Big Data Espionage - RSA Conference Europe 2012
- USING THE DDE ATTACK WITH POWERSHELL EMPIRE
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- EMAIL RECONNAISSANCE AND PHISHING TEMPLATE GENERATION MADE SIMPLE
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- How To: Empire’s Cross Platform Office Macro
- Phishing with PowerPoint
- PHISHING WITH EMPIRE
- OWASP Presentation of Social Engineering - OWASP
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- Abusing Microsoft Word Features for Phishing: “subDoc”
- Phishing Against Protected View
- POWERSHELL EMPIRE STAGERS 1: PHISHING WITH AN OFFICE MACRO AND EVADING AVS
- The Absurdly Underestimated Dangers of CSV Injection
- Phishing between the app whitelists
- Executing Metasploit & Empire Payloads from MS Office Document Properties (part 1 of 2)
- Executing Metasploit & Empire Payloads from MS Office Document Properties (part 2 of 2)
- Social Engineer Portal
- Phishing on Twitter - POT
- Microsoft Office – NTLM Hashes via Frameset
- Defense-In-Depth write-up
- Spear Phishing 101
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- Phishing for access
- OWASP Presentation of Social Engineering - OWASP
- The Hitchhiker’s Guide To Initial Access
- Luckystrike: An Evil Office Document Generator
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- PowerPoint and Custom Actions
- 7 Best social Engineering attack
- The Hitchhiker’s Guide To Initial Access
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- EMAIL RECONNAISSANCE AND PHISHING TEMPLATE GENERATION MADE SIMPLE
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
- The Hitchhiker’s Guide To Initial Access
- OWASP Presentation of Social Engineering - OWASP
- Phishing for access
-
[↑](#table-of-contents) Execution
- WSH Injection: A Case Study
- Windows oneliners to download remote payload and execute arbitrary code
- Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts
- WSH Injection: A Case Study
- Gscript Dropper
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- Research on CMSTP.exe,
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
- WSH Injection: A Case Study
-
[↑](#table-of-contents) Persistence
- hiding registry keys with psreflect
- A View of Persistence
- hiding registry keys with psreflect
- Persistence using RunOnceEx – Hidden from Autoruns.exe
- Persistence using GlobalFlags in Image File Execution Options – Hidden from Autoruns.exe
- Putting data in Alternate data streams and how to execute it – part 2
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- WMI Persistence with Cobalt Strike
- Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence
- Leveraging INF-SCT Fetch & Execute Techniques For Bypass, Evasion, & Persistence (Part 2)
- Vshadow: Abusing the Volume Shadow Service for Evasion, Persistence, and Active Directory Database Extraction
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
- hiding registry keys with psreflect
-
[↑](#table-of-contents) Privilege Escalation
-
User Account Control Bypass
- Fileless UAC Bypass using sdclt
- Exploiting Environment Variables in Scheduled Tasks for UAC Bypass,
- Part 1.
- Part 2.
- Part 3.
- UAC Bypass or story about three escalations,
- Using IARPUninstallStringLauncher COM interface to bypass UAC,
- Fileless UAC Bypass using sdclt
- Windows 7 UAC whitelist
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- First entry: Welcome and fileless UAC bypass,
- Bypassing UAC using App Paths,
- "Fileless" UAC Bypass using sdclt.exe,
- "Fileless" UAC Bypass Using eventvwr.exe and Registry Hijacking,
- Bypassing UAC on Windows 10 using Disk Cleanup,
- Fileless UAC Bypass using sdclt
- Eventvwr File-less UAC Bypass CNA
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
- Fileless UAC Bypass using sdclt
-
Escalation
-
-
[↑](#table-of-contents) Defense Evasion
-
Escalation
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- Hiding your process from sysinternals
- code signing certificate cloning attacks and defenses
- userland api monitoring and code injection detection
- In memory evasion
- Bypassing AMSI via COM Server Hijacking
- process doppelganging
- Week of Evading Microsoft ATA - Announcement and Day 1 to Day 5
- Putting data in Alternate data streams and how to execute it
- AppLocker – Case study – How insecure is it really? – Part 1
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- VEIL-EVASION AES ENCRYPTED HTTPKEY REQUEST: SAND-BOX EVASION
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- Bypassing AMSI via COM Server Hijacking
- code signing certificate cloning attacks and defenses
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypass Application Whitelisting Script Protections - Regsvr32.exe & COM Scriptlets (.sct files)
- Bypassing Application Whitelisting using MSBuild.exe - Device Guard Example and Mitigations
- Empire without powershell
- Powershell without Powershell to bypass app whitelist
- Bypassing AMSI via COM Server Hijacking
- AppLocker – Case study – How insecure is it really? – Part 2
- Harden Windows with AppLocker – based on Case study part 2
- Harden Windows with AppLocker – based on Case study part 2
- Office 365 Safe links bypass
- Windows Defender Attack Surface Reduction Rules bypass
- Bypassing Device guard UMCI using CHM – CVE-2017-8625
- Bypassing Application Whitelisting with BGInfo
- Cloning and Hosting Evil Captive Portals using a Wifi PineApple
- https://bohops.com/2018/01/23/loading-alternate-data-stream-ads-dll-cpl-binaries-to-bypass-applocker/
- Executing Commands and Bypassing AppLocker with PowerShell Diagnostic Scripts
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
- code signing certificate cloning attacks and defenses
- Bypassing AMSI via COM Server Hijacking
- mavinject.exe Functionality Deconstructed
-
-
[↑](#table-of-contents) Lateral Movement
-
Escalation
- a guide to attacking domain trusts
- Lay of the Land with BloodHound
- OPSEC Considerations for beacon commands
- Kerberos Party Tricks: Weaponizing Kerberos Protocol Flaws
- Lateral movement using excel application and dcom
- The Most Dangerous User Right You (Probably) Have Never Heard Of
- Agentless Post Exploitation
- A Guide to Attacking Domain Trusts
- Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy
- Targeted Kerberoasting
- Kerberoasting Without Mimikatz
- Abusing GPO Permissions
- Abusing Active Directory Permissions with PowerView
- Roasting AS-REPs
- Getting the goods with CrackMapExec: Part 1
- a guide to attacking domain trusts
- Outlook Forms and Shells
- My First Go with BloodHound
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- Lay of the Land with BloodHound
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- A Citrix Story
- Jumping Network Segregation with RDP
- Abusing DNSAdmins privilege for escalation in Active Directory
- Using SQL Server for attacking a Forest Trust
- Extending BloodHound for Red Teamers
- Getting the goods with CrackMapExec: Part 2
- DiskShadow: The Return of VSS Evasion, Persistence, and Active Directory Database Extraction
- Abusing Exported Functions and Exposed DCOM Interfaces for Pass-Thru Command Execution and Lateral Movement
- a guide to attacking domain trusts
- Outlook Home Page – Another Ruler Vector
- Abusing the COM Registry Structure: CLSID, LocalServer32, & InprocServer32
- LethalHTA - A new lateral movement technique using DCOM and HTA
- Abusing DCOM For Yet Another Lateral Movement Technique
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
- a guide to attacking domain trusts
-
-
[↑](#table-of-contents) Exfiltration
-
[↑](#table-of-contents) Command and Control
-
Domain Fronting
- SSL Domain Fronting 101
- Escape and Evasion Egressing Restricted Networks - Tom Steele and Chris Patten
- Google Groups: Blog post on finding 2000+ Azure domains using Censys
- SSL Domain Fronting 101
- How I Identified 93k Domain-Frontable CloudFront Domains
- Validated CloudFront SSL Domains
- CloudFront Hijacking
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- Empre Domain Fronting
- TOR Fronting – Utilising Hidden Services for Privacy
- Simple domain fronting PoC with GAE C2 server
- Domain Fronting Via Cloudfront Alternate Domains
- Finding Domain frontable Azure domains - thoth / Fionnbharr (@a_profligate)
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
- SSL Domain Fronting 101
-
Connection Proxy
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Cobalt Strike HTTP C2 Redirectors with Apache mod_rewrite
- High-reputation Redirectors and Domain Fronting
- Cloud-based Redirectors for Distributed Hacking
- Combatting Incident Responders with Apache mod_rewrite
- Operating System Based Redirection with Apache mod_rewrite
- Invalid URI Redirection with Apache mod_rewrite
- RTOps: Automating Redirector Deployment With Ansible
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Strengthen Your Phishing with Apache mod_rewrite and Mobile User Redirection
- mod_rewrite rule to evade vendor sandboxes
- Expire Phishing Links with Apache RewriteMap
- Serving random payloads with NGINX
- Mod_Rewrite Automatic Setup
- Hybrid Cobalt Strike Redirectors
- RTOps: Automating Redirector Deployment With Ansible
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
- Redirecting Cobalt Strike DNS Beacons
-
Web Services
- External C2 (Third-Party Command and Control)
- C2 with Dropbox
- C2 with gmail
- A stealthy Python based Windows backdoor that uses Github as a C&C server
- Cobalt Strike over external C2 – beacon home in the most obscure ways
- Red Team Insights on HTTPS Domain Fronting Google Hosts Using Cobalt Strike
- C2 with twitter
- Office 365 for Cobalt Strike C2
- External C2 framework for Cobalt Strike
- Exploring Cobalt Strike's ExternalC2 framework
- A stealthy Python based Windows backdoor that uses Github as a C&C server
-
Infrastructure
- Attack Infrastructure Log Aggregation and Monitoring
- Automated Red Team Infrastructure Deployment with Terraform - Part 1
- How to Build a C2 Infrastructure with Digital Ocean – Part 1
- Infrastructure for Ongoing Red Team Operations
- Attack Infrastructure Log Aggregation and Monitoring
- Randomized Malleable C2 Profiles Made Easy
- Migrating Your infrastructure
- ICMP C2
- Safe Red Team Infrastructure
- A Vision for Distributed Red Team Operations
- Securing your Empire C2 with Apache mod_rewrite
- Automating Gophish Releases With Ansible and Docker
- How to Write Malleable C2 Profiles for Cobalt Strike
- Malleable Command and Control
- Automated Red Team Infrastructure Deployment with Terraform - Part 1
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- EGRESSING BLUECOAT WITH COBALTSTIKE & LET'S ENCRYPT
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Automated Red Team Infrastructure Deployment with Terraform - Part 2
- Red Team Infrastructure - AWS Encrypted EBS
- Attack Infrastructure Log Aggregation and Monitoring
- Using WebDAV features as a covert channel
- Command and Control Using Active Directory
- Designing Effective Covert Red Team Attack Infrastructure
- Serving Random Payloads with Apache mod_rewrite
- Mail Servers Made Easy
- How to Make Communication Profiles for Empire
- A Brave New World: Malleable C2
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
- Attack Infrastructure Log Aggregation and Monitoring
-
Application Layer Protocol
-
-
Awesome Red Teaming
-
[↑](#table-of-contents) Credential Access
-
Escalation
- Windows Access Tokens and Alternate credentials
- Bringing the hashes home with reGeorg & Empire
- Intercepting passwords with Empire and winning
- Local Administrator Password Solution (LAPS) Part 1
- Local Administrator Password Solution (LAPS) Part 2
- USING A SCF FILE TO GATHER HASHES
- Remote Hash Extraction On Demand Via Host Security Descriptor Modification
- Offensive Encrypted Data Storage
- Practical guide to NTLM Relaying
- Dump Clear-Text Passwords for All Admins in the Domain Using Mimikatz DCSync
- Dumping Domain Password Hashes
-
-
[↑](#table-of-contents) Discovery
-
Escalation
- Red Team Operating in a Modern Environment
- Aggressor PowerView
- Aggressor PowerView
- Red Team Operating in a Modern Environment
- The PowerView PowerUsage Series #4 – Finding cross-trust ACEs
- Introducing BloodHound
- A Red Teamer’s Guide to GPOs and OUs
- Automated Derivative Administrator Search
- A Pentester’s Guide to Group Scoping
- Local Group Enumeration
- The PowerView PowerUsage Series #1 - Mass User Profile Enumeration
- The PowerView PowerUsage Series #2 – Mapping Computer Shortnames With the Global Catalog
- Scanning for Active Directory Privileges & Privileged Accounts
- Microsoft LAPS Security & Active Directory LAPS Configuration Recon
- Trust Direction: An Enabler for Active Directory Enumeration and Trust Exploitation
- SPN Discovery
-
-
[↑](#table-of-contents) Embedded and Peripheral Devices Hacking
-
Infrastructure
- Gettting in with the Proxmark3 & ProxBrute
- Practical Guide to RFID Badge copying
- Contents of a Physical Pentester Backpack
- RFID Hacking with The Proxmark 3
- Swiss Army Knife for RFID
- Exploring NFC Attack Surface
- Outsmarting smartcards
- Reverse engineering HID iClass Master keys
- Android Open Pwn Project (AOPP)
-
-
[↑](#table-of-contents) Misc
-
Infrastructure
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- Cobalt Strike Tips for 2016 ccde red teams
- Models for Red Team Operations
- Raphael Mudge - Dirty Red Team tricks
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- Responsible Red Teams
- Red Teaming for Pacific Rim CCDC 2017
- How I Prepared to Red Team at PRCCDC 2015
- Red Teaming for Pacific Rim CCDC 2016
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- Part-1 - 2](https://payatu.com/redteaming-zero-one-part-2)
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
- introducing the adversary resilience methodology part 1
- introducing the adversary resilience methodology part 2
-
-
[↑](#table-of-contents) RedTeam Gadgets
-
Infrastructure
- LAN Turtle
- Bash Bunny
- Key Croc
- Packet Squirrel
- WiFi Pineapple
- Wifi-Deauth Monster
- Crazy PA
- Signal Owl
- Keysy
- keysweeper
- Magspoof
- Magspoof
- HackRF One Bundle
- RTL-SDR
- Ubertooth
- LAN Tap Pro
- Shark Jack
- Alpha Long range Wireless USB
- BLE Key
- Proxmark3
- Zigbee Sniffer
- Attify IoT Exploit kit
- YARD stick one Bundle
- Key Grabber
- Magspoof
- Poison tap
- USB Rubber Ducky
- Screen Crab
- O.MG Cable
- Magspoof
-
-
[↑](#table-of-contents) Ebooks
-
Infrastructure
- Next Generation Red Teaming
- Targeted Cyber Attack
- Advanced Penetration Testing: Hacking the World's Most Secure Networks
- Social Engineers' Playbook Practical Pretexting
- The Hacker Playbook 3: Practical Guide To Penetration Testing
- How to Hack Like a PORNSTAR: A step by step process for breaking into a BANK
-
-
[↑](#table-of-contents) Training ( Free )
-
[↑](#table-of-contents) Certification
-
Infrastructure
- CREST Certified Simulated Attack Specialist
- CREST Certified Simulated Attack Manager
- SEC564: Red Team Operations and Threat Emulation
- Certified Red Team Professional
- ELearn Security Penetration Testing eXtreme
- Certified Red Teaming Expert
- PentesterAcademy Certified Enterprise Security Specialist (PACES)
-
-
[↑](#table-of-contents) Collection
Categories
[↑](#table-of-contents) Command and Control
219
[↑](#table-of-contents) Initial Access
185
[↑](#table-of-contents) Defense Evasion
172
[↑](#table-of-contents) Misc
86
[↑](#table-of-contents) Lateral Movement
79
[↑](#table-of-contents) Privilege Escalation
74
[↑](#table-of-contents) Execution
63
[↑](#table-of-contents) Persistence
54
[↑](#table-of-contents) RedTeam Gadgets
30
[↑](#table-of-contents) Discovery
16
[↑](#table-of-contents) Credential Access
11
[↑](#table-of-contents) Embedded and Peripheral Devices Hacking
9
[↑](#table-of-contents) Certification
7
[↑](#table-of-contents) Ebooks
6
[↑](#table-of-contents) Training ( Free )
5
[↑](#table-of-contents) Exfiltration
4
[↑](#table-of-contents) Collection
2
Awesome Red Teaming
1