Scribd Logo
Upload

Welcome to Scribd!

  • 52 views

    Adversary Tactics - Reference Slides

    Uploaded by

    assadasd
    The document lists numerous useful resources for red team operations, including tools for Active Directory reconnaissance and lateral movement (BloodHound, PowerView, PowerShell Empire), frameworks for delivering payloads (Cobalt Strike, ACE), and resources for further reading on topics like Active Directory security, PowerShell attacks, and lateral movement techniques. It provides links to tools, code repositories, blogs, and Slack groups relevant to adversarial simulation and red team operations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Adversary Tactics - Reference Slides

    Uploaded by

    assadasd
    52 views6 pages
    The document lists numerous useful resources for red team operations, including tools for Active Directory reconnaissance and lateral movement (BloodHound, PowerView, PowerShell Empire), frameworks for delivering payloads (Cobalt Strike, ACE), and resources for further reading on topics like Active Directory security, PowerShell attacks, and lateral movement techniques. It provides links to tools, code repositories, blogs, and Slack groups relevant to adversarial simulation and red team operations.

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document lists numerous useful resources for red team operations, including tools for Active Directory reconnaissance and lateral movement (BloodHound, PowerView, PowerShell Empire), frameworks for delivering payloads (Cobalt Strike, ACE), and resources for further reading on topics like Active Directory security, PowerShell attacks, and lateral movement techniques. It provides links to tools, code repositories, blogs, and Slack groups relevant to adversarial simulation and red team operations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    52 views6 pages

    Adversary Tactics - Reference Slides

    Uploaded by

    assadasd
    The document lists numerous useful resources for red team operations, including tools for Active Directory reconnaissance and lateral movement (BloodHound, PowerView, PowerShell Empire), frameworks for delivering payloads (Cobalt Strike, ACE), and resources for further reading on topics like Active Directory security, PowerShell attacks, and lateral movement techniques. It provides links to tools, code repositories, blogs, and Slack groups relevant to adversarial simulation and red team operations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 6

    Adversary Tactics:

    Red Team Operations


    Useful Resources
    •SpecterOps Tools:
    •BloodHound https://github.com/BloodHoundAD/BloodHound
    •SharpHound (C# Ingestor) https://github.com/BloodHoundAD/SharpHound
    •PowerSploit https://github.com/PowerShellMafia/PowerSploit
    •PowerView https://github.com/PowerShellMafia/PowerSploit/tree/dev/Recon
    •PowerShell Empire https://github.com/EmpireProject/Empire
    •ACE https://github.com/Invoke-IR/ACE
    •Get-InjectedThread
    https://gist.github.com/jaredcatkinson/23905d34537ce4b5b1818c3e6405c1d2
    •Get-KerberosTicketGrantingTicket
    https://gist.github.com/jaredcatkinson/c95fd1e4e76a4b9b966861f64782f5a9
    •Cobalt Strike https://www.cobaltstrike.com/

    2
    Useful Resources (cont’d)
    • Apache mod_rewrite rules for AV vendors
    https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10
    • Scraper for ExpiredDomains.net and BlueCoat to find categorized domains
    https://github.com/t94j0/AIRMASTER
    • SSL Certificates recon tool https://crt.sh
    • Python LNK payload tool
    https://gist.github.com/HarmJ0y/ae04dd39cf851c862fff721fdd28f7db
    • Active Directory enumeration without PowerShell https://github.com/fdiskyou/hunter
    • Execute .NET assemblies through SQL Server https://github.com/sekirkity/SeeCLRly
    • Investigating PowerShell Attacks https://www.fireeye.com/content/dam/fireeye-
    www/global/en/solutions/pdfs/wp-lazanciyan-investigating-powershell-attacks.pdf

    3
    Useful Resources (cont’d)
    • Mimikatz https://github.com/gentilkiwi/mimikatz •Rattler https://github.com/sensepost/rattler
    • PowerLurk https://github.com/Sw4mpf0x/PowerLurk •sRDI https://github.com/monoxgas/sRDI
    • RemoteRecon https://github.com/xorrior/RemoteRecon •aquatone https://github.com/michenriksen/aquatone
    • Invoke-Obfuscation •Sysinternals https://live.sysinternals.com/
    https://github.com/danielbohannon/Invoke-Obfuscation •PSReflect https://github.com/mattifestation/PSReflect
    • dnSpy https://github.com/0xd4d/dnSpy •OleViewDotNet
    • Red Team Infrastructure Wiki https://github.com/tyranid/oleviewdotnet
    https://github.com/bluscreenofjeff/Red-Team- •Hexacorn’s EDR comparison matrix
    Infrastructure-Wiki http://www.hexacorn.com/blog/2016/08/07/edr-sheet-
    explained/
    • DotNetToJScript
    https://github.com/tyranid/DotNetToJScript •Hexacorn Beyond Run Key series
    http://www.hexacorn.com/blog/2017/01/28/beyond-
    • Ruler https://github.com/sensepost/ruler good-ol-run-key-all-parts/
    • Koadic https://github.com/zerosum0x0/koadic
    •Tracing WMI Activity https://msdn.microsoft.com/en-
    • UACMe https://github.com/hfiref0x/UACME us/library/aa826686(v=vs.85).aspx

    4
    Useful Resources (cont’d)
    •https://blog.harmj0y.net/ - Active Directory, red teaming
    •https://enigma0x3.net/ - Lateral movement, persistence
    •https://wald0.com/ - BloodHound, graph theory
    •https://posts.specterops.io/ - cross post for all SpecterOps blogs
    •http://www.exploit-monday.com/ - Windows internals, exploitation
    •http://subt0x10.blogspot.com/ - “Trusted Things That Execute”
    •http://adsecurity.org – Active Directory reference
    •http://www.invoke-ir.com/ - PowerShell forensics and defense

    5
    Useful Resources (cont’d)
    •BloodHound Slack https://bloodhoundhq.slack.com/
    •Invites: https://bloodhoundgang.herokuapp.com/
    •PowerShell Empire Slack https://adaptiveempire.slack.com/
    •Invites: http://adaptiveempire.herokuapp.com/

    •SpecterOps Whitepapers
    •https://specterops.io/resources/research-and-development

    You might also like