Red Teaming Experiments
Red Teaming Experiments
linkedin
github
@spotheplanet
patreon
What is ired.team?
Pinned
Pentesting Cheatsheets
Active Directory & Kerberos Abuse
offensive security
Red Team Infrastructure
Initial Access
Code Execution
Code & Process Injection
Defense Evasion
Enumeration and Discovery
Privilege Escalation
Credential Access & Dumping
Lateral Movement
Persistence
DLL Proxying for Persistence
T1053: Schtask
T1035: Service Execution
T1015: Sticky Keys
T1136: Create Account
T1013: AddMonitor()
T1128: NetSh Helper DLL
T1084: Abusing Windows Managent Instrumentation
Windows Logon Helper
Hijacking Default File Extension
Persisting in svchost.exe with a Service DLL
Modifying .lnk Shortcuts
T1180: Screensaver Hijack
T1138: Application Shimming
T1197: BITS Jobs
T1122: COM Hijacking
T1198: SIP & Trust Provider Hijacking
T1209: Hijacking Time Providers
T1130: Installing Root Certificate
Powershell Profile Persistence
RID Hijacking
Word Library Add-Ins
Office Templates
Exfiltration
reversing, forensics & misc
Windows / OS Internals
Cloud
Neo4j
Dump Virtual Box Memory
AES Encryption Using Crypto++ .lib in Visual Studio C++
Reversing Password Checking Routine
Persistence
Here are the articles in this section:
DLL Proxying for Persistence
T1053: Schtask
Code execution, privilege escalation, lateral movement and persitence.
T1035: Service Execution
Code Execution, Privilege Escalation
T1015: Sticky Keys
Sticky keys backdoor.
T1136: Create Account
Persistence
T1013: AddMonitor()
Persistence, Privilege Escalation
T1128: NetSh Helper DLL
Persistence, code execution using netsh helper arbitrary libraries.
T1084: Abusing Windows Managent Instrumentation
Persistence, Privilege Escalation
Windows Logon Helper
Hijacking Default File Extension
Persisting in svchost.exe with a Service DLL
Modifying .lnk Shortcuts
T1180: Screensaver Hijack
Hijacking screensaver for persistence.
T1138: Application Shimming
Persistence, Privilege Escalation
T1197: BITS Jobs
File upload to the compromised system.
T1122: COM Hijacking
UAC Bypass/Defense Evasion, Persistence
T1198: SIP & Trust Provider Hijacking
Defense Evasion, Persistence, Whitelisting Bypass
T1209: Hijacking Time Providers
Persistence
T1130: Installing Root Certificate
Defense Evasion
Powershell Profile Persistence
RID Hijacking
Word Library Add-Ins
Office Templates
Previous
ShadowMove: Lateral Movement by Duplicating Existing Sockets
Next
DLL Proxying for Persistence
Last updated
2 years ago