Red Team playbook - ties2/Red-Team GitHub Wiki

2 Before the Snap - Red Team Recon

Monitoring an Environment

Regular Nmap Diffing

Web Screenshots

Cloud Scanning

Network/Service Search Engines

Manually Parsing SSL Certificates

Subdomain Discovery

Github

Cloud

Emails

Additional Open Source Resources

3 The Throw - Web Application Exploitation

Bug Bounty Programs:

Web Attacks Introduction - Cyber Space Kittens

The Red Team Web Application Attacks

Chat Support Systems Lab

Cyber Space Kittens: Chat Support Systems

Setting Up Your Web Application Hacking Machine Analyzing a Web Application

Web Discovery

Cross-Site Scripting XSS

Blind XSS

DOM Based XSS

Advanced XSS in NodeJS

XSS to Compromise

NoSQL Injections

Deserialization Attacks

Template Engine Attacks - Template Injections

JavaScript and Remote Code Execution Server Side Request Forgery (SSRF)

XML eXternal Entities (XXE)

Advanced XXE - Out Of Band (XXE-OOB)

4 The Drive - Compromising the Network

Finding Credentials from Outside the Network

Advanced Lab Moving Through the Network Setting Up the Environment - Lab Network On the Network with No Credentials Responder Better Responder (MultiRelay.py) PowerShell Responder User Enumeration Without Credentials Scanning the Network with CrackMapExec (CME) After Compromising Your Initial Host Privilege Escalation Privilege Escalation Lab Pulling Clear Text Credentials from Memory Getting Passwords from the Windows Credential Store and Browsers Getting Local Creds and Information from OSX Living Off of the Land in a Windows Domain Environment Service Principal Names Querying Active Directory Bloodhound/Sharphound Moving Laterally - Migrating Processes Moving Laterally Off Your Initial Host Lateral Movement with DCOM Pass-the-Hash Gaining Credentials from Service Accounts Dumping the Domain Controller Hashes Lateral Movement via RDP over the VPS Pivoting in Linux Privilege Escalation Linux Lateral Movement Lab Attacking the CSK Secure Network Conclusion 5 The Screen - Social Engineering Building Your Social Engineering (SE) Campaigns Doppelganger Domains How to Clone Authentication Pages Credentials with 2FA Phishing Microsoft Word/Excel Macro Files Non-Macro Office Files - DDE Hidden Encrypted Payloads Exploiting Internal Jenkins with Social Engineering Conclusion 6 The Onside Kick - Physical Attacks Card Reader Cloners Physical Tools to Bypass Access Points LAN Turtle (lanturtle.com)

Packet Squirrel Bash Bunny Breaking into Cyber Space Kittens QuickCreds BunnyTap WiFi Conclusion 7 The Quarterback Sneak - Evading AV and Network Detection Writing Code for Red Team Campaigns The Basics Building a Keylogger Setting up your environment Compiling from Source Sample Framework Obfuscation THP Custom Droppers Shellcode vs DLLs Running the Server Client Configuring the Client and Server Adding New Handlers Further Exercises Recompiling Metasploit/Meterpreter to Bypass AV and Network Detection How to Build Metasploit/Meterpreter on Windows: Creating a Modified Stage 0 Payload: SharpShooter Application Whitelisting Bypass Code Caves PowerShell Obfuscation PowerShell Without PowerShell: HideMyPS Conclusion 8 Special Teams - Cracking, Exploits, and Tricks Automation Automating Metasploit with RC scripts Automating Empire Automating Cobalt Strike The Future of Automation Password Cracking Gotta Crack Em All - Quickly Cracking as Many as You Can Cracking the CyberSpaceKittens NTLM hashes: Creative Campaigns Disabling PS Logging Windows Download File from Internet Command Line Getting System from Local Admin Retrieving NTLM Hashes without Touching LSASS Building Training Labs and Monitor with Defensive Tools Conclusion 9 Two-Minute Drill - From Zero to Hero 10 Post Game Analysis - Reporting