Red Team Topics

Module 1: Introduction

1.1 Definition

• Adversary Emulation

• ETW

• WAC (windows API call)

• Terminology of the red team

• Familiarity with threat intelligence

• Formation of the red team and its duties

1.2 BAS(bridge attack simulation)

1.3 MITRE review framework

• Windows API call

---

Module 2: BAS

---

• Create access

  • Check CVE of 2022

  • Client-side attack

  • New social engineering techniques

• Execution of malicious codes

  • using Trust Dev Tools
  • using WMI
  • Using COM-Dcom

• Increase access level

  • Privilege Escalation by kernel vulnerability
  • Privilege Escalation by user token
  • Privilege Escalation by service token
  • Privilege Escalation by sudo cash

• Bypass antivirus

  • code injection in the current process
  • code injection in another process
  • code injection by APC
  • code injection by Fibers
  • inline obfuscation in cashes

• Access to sensitive information

  • Execution of kerberoasting attack
  • Execution of Dcsync attack
  • Execution of Silver Ticket attack
  • Execution of Golden Ticket attack
  • Execution of Roost ASREP attack
  • Execution of NLL MNR attack

• make access permanent

  • NTP Hijack
  • WMI-Sub Scription
  • Logon-helper
  • Shimming

• Lateral movement

  • access to other systems (WinRS and WinRM)
  • access to other systems (WMI)
  • access to other systems by Dcom
  • Pass the Hash
  • Tunnel and Socks

• Active directory attack

---

Types of Attacks

Red Team playbook

Red Team learning‐part 1