Gathering information Stage port scanning Nmap Network exploration tool and security/ port scanner nmap [Scan Type] [Options] {target specification} HOST DISCOVERY: -sL: List Scan – simply list targets to scan -sn/-sP: Ping Scan – disable port scan -Pn: Treat all hosts as online — skip host discovery SCAN TECHNIQUES: -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans -sU: UDP … Read more
through a red teaming assessment you may face some of the restrictions due to policy enforcement / EDR / app whitelisting ..etc., so in this article, I am going to cover most of the techniques that may be useful to bypass environment restrictions abusing writable paths on some of the windows ten builds there are … Read more
Intro Gophish is a powerful, easy-to-use, open-source phishing toolkit meant to help pentesters and businesses conduct real-world phishing simulations. This user guide introduces Gophish and shows how to use the software, building a complete campaign from start to finish. the usage of gophish and very neat installation procedures inspired by note post on ired.team blog … Read more
Intro XLM (macro 4.0 ) is considered an excellent technique for red team operations since XLM is challenging to analyze and makes it hard for anti-virus solutions to detect it. In contrast, most of anti-virus engines will detect VBA. It seems natural to bypass primary anti-virus, but it is challenging to beat enterprise solutions that … Read more
Recon Elevation of Privileges General Kerberoast – For kerberos to work, times have to be within 5 minutes between attacker and victim. Juicy Potato Exploit https://github.com/ohpe/juicy-potato/releases Pick one CLSID from here according to your system https://github.com/ohpe/juicy-potato/tree/master/CLSID Required tokens SeAssignPrimaryTokenPrivilege SeImpersonatePrivilege Stored Credential Impersonating Tokens with meterpreter Lateral Movement PsExec, SmbExec, WMIExec, RDP, PTH in general. … Read more
Red Teaming/Adversary Simulation Toolkit [√] please join our telegram channel Telegram Channel Reconnaissance Active Intelligence Gathering EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible. https://github.com/ChrisTruncer/EyeWitness AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. https://github.com/jordanpotti/AWSBucketDump AQUATONE is a set … Read more
Windows Kernel Exploits system info -> look up missing kb’s systeminfo | findstr /B /C:”OS Name” /C:”OS * Version” sherlock -> Find-AllVulns PowerShell 0xsp Mongoose Common Kernel Exploits [MS16-014](https://www.exploit-db.com/exploits/40039) – applies to: Windows 7 SP1 x86 [MS16-016](https://www.exploit-db.com/exploits/39432) – ‘WebDAV’ applies to Windows 7 SP1 x86 (Build 7601) [MS16-032](https://www.exploit-db.com/exploits/39719) – applies to: Windows 7 x86/x64, Windows … Read more