Stealth

This chapter is about staying stealthy and opsec safe. That means not getting caught by the blue team on engagements.

General

These are some key things we must avoid

  • Putting files on disk

  • RDP in to boxes

  • Trigger pop-ups on desktops

  • Changing account passwords

  • Locking out users

  • Changing group membership of accounts

  • Changing existing settings and files

  • Changing GPOs permanently

  • Messing up Kerberos tickets

  • Triggering alerts from security products like AV

  • Killing processes you don't own

  • Any sort of DOS

  • Leaving files and tools

  • Not cleaning up

Using DLLs

https://pentestlab.blog/tag/rundll32/

Obfuscating mimikatz

Any sysadmin with half a brain can now write and something to stop most common ways of executing mimikatz. Since we don't want to get caught we could obfuscate Mimikatz numerous ways.

Veil Pillage

Veil Pillage is a post exploitation tool and a part of the Veil framework intended for staying undetected through obfuscation.

https://github.com/Veil-Framework/Veil-Pillage

Last updated